Built the core Compose Skill in a NestJS AI service for generating personalized influencer outreach at scale. Designed a configurable generation system where brands can specify parameters such as tone (e.g., friendly, formal, sales-oriented), campaign objective (brand awareness, conversions, retention), and targeting constraints. Architected a multi-model pipeline where Claude performs structured intent extraction from natural language briefs and OpenAI generates final outreach messages. Incorporated creator-specific context including recent content, audience behavior, and communication style to adapt email tone and structure to match the creator’s 'voice', including localization of language where applicable. Evolved the system from JSON-based prompt injection to a RAG-based architecture using a vector database for persistent storage and retrieval of creator and campaign context, improving relevance and reducing redundant context passing. Orchestrated execution via Databricks and implemented retry logic, schema recovery for malformed outputs, and variable resolution for incomplete inputs.

Why this approach: Multi-model approach chosen because instruction parsing and creative writing are fundamentally different tasks. Claude excelled at structured extraction, OpenAI at natural-sounding copy. Databricks provided ML orchestration. Retry logic with graceful degradation because outreach emails are high-stakes (broken email harms the brand's reputation); added RAG to improve scalability reducing prompt overhead and data provider API usage

Impact: Enabled fully personalized, context-aware outreach generation from a single brand prompt, reducing campaign setup from hours of manual work to an automated, conversational workflow

Worked closely with recurring third-party security audits and penetration testing cycles, addressing findings across services and strengthening platform security based on industry-standard SaaS vulnerability patterns. Implemented and maintained organization-scoped authorization across internal APIs to enforce strict data isolation during SOC 2 Type II and GDPR compliance reviews

Impact: Maintained SOC 2 Type II and GDPR compliance while reducing security risks in a large-scale multi-tenant SaaS platform serving thousands of brands.

Designed and built a credit-based usage system allowing customers to exceed subscription tier limits while maintaining strict usage control. Centralized credit tracking across multiple services using a caching layer for fast balance checks, with recalculation triggered only on credit-consuming actions to reduce load. Integrated payment flows for purchasing additional credits and ensured consistency between billing and usage. Handled concurrency challenges by introducing safeguards against race conditions (e.g., double-spending credits) through atomic updates and validation checks. Implemented role- and organization-scoped access control to ensure credits were consumed only by authorized users within the correct account boundaries.

Impact: As the sole developer, delivered a monetization feature adopted by ~10% of customers, increasing revenue while reducing churn by allowing flexible usage without forcing upgrades to higher tiers

Inherited and became the sole developer responsible for a complex Creator Discovery system built as a monorepo on top of the main customer-facing platform. It included a dedicated external app for outsourced contributors and an admin interface with a three-level approval workflow before data reached customers. The system passed data through network services for enrichment and a separate service for normalization and structuring. A key challenge was handling untrusted external input that flowed deep into core systems—addressed by introducing validation, normalization, and verification layers at ingestion, along with idempotent processing to prevent bad or duplicate data propagation. Improved creator deduplication across CRM, campaign, and historical datasets using fuzzy matching to handle inconsistent inputs. Also resolved race conditions and broken states in multi-stage approval workflows (external → internal → internal → admin → customer) by making state transitions deterministic and strengthening data integrity across services

Impact: Increased reliability and data quality of the manual discovery pipeline, ensuring delivery of unique, validated creators while reducing duplication, inconsistencies, and manual review overhead

Designed and implemented a real-time compliance rules engine that determines whether a user can execute a transaction based on their KYC-derived regulatory profile (e.g., accreditation status, risk tolerance, investment experience, jurisdiction). Modeled each user as a structured compliance object and evaluated it against configurable rules defining trading constraints such as per-transaction limits, daily volume caps, and jurisdiction-specific restrictions. Integrated the engine into all trading flows (buy, sell, deposit, withdraw) via a centralized pre-execution enforcement layer that runs before any order is processed. For performance, introduced caching of user compliance profiles and pre-aggregated usage counters (e.g., daily spend), with targeted cache invalidation triggered only by state changes that affect limits. Built the system to be fully configuration-driven so compliance rules could be updated without code deployments, and added full audit logging of profile snapshots, rule versions, and decision outcomes for regulatory traceability

Impact: Eliminated a manual monthly compliance reporting process that recalculated trading activity in batch, reducing hours of operational work and easing heavy database load by moving to real-time compliance checks done directly at transaction time instead of periodic full recalculations

Re-architected how the platform handles which assets users can trade and what they can do with them (buy, sell, deposit, withdraw, stake) across different jurisdictions and user risk profiles. Previously, this logic was scattered across multiple services, middleware, and provider integrations with hardcoded rules, which made asset updates slow and easy to break. Introduced a centralized asset registry backed by a bitmask-based permission model, where each asset stores its allowed operations as bits (e.g., buy/sell/withdraw). This made permission checks fast and consistent across the system using simple bitwise operations, while still allowing flexible combinations of capabilities per asset. Extended the model to support jurisdiction restrictions and user risk constraints, so certain users (e.g., low-risk profiles) could be automatically restricted from high-volatility assets. Another key requirement was provider coverage: an asset could only be enabled if at least two custody or liquidity providers supported it, which we enforced in the same system. The hardest part was the migration — untangling and replacing duplicated logic spread across multiple services without breaking existing trading flows. The new architecture became the single source of truth for asset capabilities, so both engineering and operations could safely update listings through configuration instead of code changes.

Why this approach: Bitmask approach chosen for performance (single integer comparison per check) and expressiveness (any combination of operations representable). Centralized in DB so non-engineers could manage listings. The alternative was a config file approach, but that still required deployments and couldn't be audited by compliance teams directly.

Impact: Reduced new asset listing time from 2–3 days of code changes across multiple services to a database configuration change that takes minutes. Operations team could manage listings without engineering involvement. This was the single largest refactoring effort during my time at Netcoins.

Built a complete online enrollment system from scratch in weeks when COVID-19 made paper-based international enrollment impossible. Laravel + MySQL application with AWS S3 document upload. Students fill forms, upload documents, select courses and groups. Staff verify data rather than re-enter it. Integrated with the main Hanson App and synced to external systems (Schoology) via Python scripts.

Why this approach: Built as a separate application that integrated with the main system rather than bolting onto it, because speed of delivery mattered more than architectural purity during a pandemic. We started accepting students with a beta version because the alternative was not accepting them at all.

Impact: 1,400+ international students enrolled through the platform. $20M+ CAD in accepted students that year, a record for the institution. Replaced a process where agents went back and forth via email/phone, received paper PDFs, and manually retyped everything into multiple systems. I was sometimes debugging browser issues at 11pm with students calling from India.

Built the central web application (Laravel + Vue) that served as the operational backbone for the entire college. Announcements, schedules, attendance tracking, grades, document requests. Admin panels for student services, academic department (scheduling), enrollment department (pipeline and status tracking), and VP-level overview dashboards.

Impact: Replaced disconnected manual processes across 4+ departments with a single system. Gave leadership real-time visibility into enrollment pipeline, attendance, and operations for the first time.

Built Android (Java) and iOS (Swift) mobile applications for students from scratch. Features: announcements, class schedules, document requests, event ticket booking, attendance marking. Content managed through the main Hanson App admin panel.

Impact: Students accessed college services from their phones instead of visiting offices or checking email. Reduced foot traffic to student services and improved communication reach.

Built an Android kiosk application installed in student services offices for semester registration. Students enter student ID, verify identity via email code, and select their next semester group. Multi-language support with contextual hints designed for international students so they could complete registration without asking a representative.

Impact: Reduced student services department workload by approximately 50% during registration periods. International students could self-serve in their preferred language instead of queuing for a representative.

Mentored 5 cohorts of approximately 15 students each (75 total) on capstone projects. Scoped feasible 3-month projects, helped teams split work, ran progress syncs, and ensured delivery before semester end.

Impact: All cohorts delivered working projects on time. Students gained practical experience in project scoping, teamwork, and delivery under deadline.