Website · Checkout · AI · Automation

VaultFunder

VaultFunder is a simulated prop-trading evaluation firm (operated by Fintech Focused (Pty) Ltd, FSP 51042) targeting retail traders across Africa. We built the entire customer-facing platform on Next.js 16 and React 19 — marketing site, dynamic challenge catalogue, a custom checkout bridge into WooCommerce, an AI support assistant, and a JWT-secured trader dashboard. The architecture is decoupled from the third-party trading back end (FPFX) behind a thin adapter layer, so data sources can be swapped without rewriting the front end.

Industry

Fintech · Proprietary Trading

What we did

Year

2026

Live site

vaultfunder.trade

VaultFunder homepage hero with prop-trading challenge picker

The challenge

What needed solving.

01
Sell tiered trading challenges (1-step/2-step, USD and ZAR sizes) priced and stocked in WooCommerce, without exposing a clunky WordPress checkout to the user.
02
Provision and surface live MT5 account data (equity, drawdown, P&L, payouts) from an external trading provider while keeping the platform portable.
03
Maximise organic and AI-search visibility for a prop firm in a competitive, compliance-sensitive niche.
04
Handle untrusted input, payment hand-offs and admin access securely across a public site, an admin console and a trader portal.

Results

The numbers that moved.

AI search crawlers explicitly allow-listed for citation

AI chat providers with automatic failover

African markets targeted via structured data

100%

TypeScript strict, server-only secret handling

What we built

One system, end to end.

Custom website (Next.js 16 / React 19)

App Router build in strict TypeScript with server components, per-route data fetching and segmented route groups for public, admin and trader-portal surfaces. Tailwind 4 design system with Framer Motion and GSAP motion, Base UI primitives and Embla carousels.

SEO & GEO optimisation

Dynamic metadata with title templates and OpenGraph/Twitter cards, a generated XML sitemap (static routes plus blog slugs), Schema.org JSON-LD (Organization/FinancialService, WebSite SearchAction, Event markup for competitions) and a robots policy that explicitly allow-lists 18 AI crawlers (GPTBot, ClaudeBot, PerplexityBot, Google-Extended and more) for AI-Overview/Perplexity/ChatGPT citation.

Data-driven campaign & landing pages

Per-route marketing pages (platforms, payouts, synthetics, partners, how-it-works) plus a Supabase-backed blog with dynamic [slug] routes and admin-side AI post generation, all server-rendered for performance and indexability.

Bespoke checkout procedure

A custom Next.js→WooCommerce REST bridge: live product variations mapped to challenge plans, customer upsert (lookup-by-email then create), pending-order creation, and a hardened pay page that validates the WooCommerce order_key before exposing the gateway link. A secured server-to-server endpoint lets the trading CRM create orders on a trader's behalf.

AI support chat

An in-page support assistant backed by Groq (Llama 3.3 70B) with an OpenCode (glm-5) failover, driven by a detailed domain system prompt covering challenge rules, pricing, payouts and compliance — with strict guardrails (no trading advice, no prompt disclosure, account issues redirected to support).

Trader dashboard / portal

JWT-gated portal showing equity curves, drawdown, P&L calendar, objectives, account metrics, billing history, payout records, competitions, global leaderboard and an economic calendar (Forex Factory feed) — with a mock data layer for safe local development.

Security engineering

SSRF allowlisting of all outbound API hosts, timing-safe bearer comparison on the checkout bridge, per-request CSP nonce and security headers, Zod validation on every POST, Upstash Redis rate limiting (login, checkout, chat burst/daily caps), Supabase app_metadata role checks, httpOnly/secure/strict cookies and a Supabase audit log.

Inside the build