Storefront 🏪 · Set up the infrastructure that runs without you. Supabase, Resend, Stripe webhooks, edge functions, sequences. Build only the pieces that match your situation. The remaining lessons in this module are your map.

Note: the actual pages and forms people meet (sales pages, /start/ pages, sign-up forms) get built next week in Module 6. This week is the plumbing they'll connect to.

Studio ✨ · Push your root system to GitHub, wire your connectors (Notion, Gmail, Calendar, Drive), and set up your first cloud routine. Your daily work, automated, no database. The Storefront-only lessons later in this module are skippable for you.

Flow 1: Someone downloads your free guide

Form on your site → edge function writes them to Supabase → Resend sends the guide → a database trigger enrolls them in your welcome sequence → the hourly cron picks up the next email and sends it.

Flow 2: Someone signs up for your event

Form → edge function → Supabase insert → Resend sends confirmation → trigger enrolls them in your event nurture sequence.

Flow 3: Someone buys your course

Stripe handles payment → pings your edge function webhook → that creates a Supabase auth user, writes to course_purchases, asks Resend to send a welcome with magic password link, and creates an email_tracking row. All in under a second.

Flow 4: Your sequences run on their own

There are two ways to schedule emails that go out over days or weeks. You will use both, depending on the sequence.

Rule of thumb: if the sequence is short and fixed, Pattern A. If it lives on for months and might change, Pattern B. Your free Root System course is Pattern A. Your monthly newsletter cadence is Pattern B.

The non-negotiable: Action, Receipt, Detection

Every automation you build has three layers, and you ship all three or you ship none. Skip any one and you'll find out something is broken when a customer tells you.

When you design any new automation, the FIRST question is "what's the receipt, and what query catches the failure?", not "what's the code that runs?" That's the difference between an automation that runs the business and one you have to babysit.

The pattern

Your website never talks to your database directly. It always goes through an edge function. Edge functions are where your secrets live, where webhooks land, and where scheduled work happens. Supabase is the engine. Resend is the voice. Stripe is the till. Read the rest of the lessons to set them up one at a time.

The fork in the road

There are two fundamentally different ways to put a website online. The course teaches one of them. If you are already using the other, the rest of this module will not apply to you.

🚨 Everything you upload is public

A web host's entire job is handing your files to anyone who asks for the URL. Every page arrives in the visitor's browser as full, readable code. Right-click any website and choose View Page Source to see this for yourself; your bank's site ships readable code too. This is how the whole web works, and it is safe by itself.

It only goes wrong if a page carries something that should never travel: an API key, a password, a client's email address. The rule that keeps you safe through this entire module: pages carry presentation, servers carry secrets and personal data. The Supabase lesson, two lessons from here, shows where the real locks live.

You can use these, but...

If you are on one of these platforms (Squarespace, WordPress, Wix) and want to stay, that is a real choice. But you will not be able to create and deploy your website from your root system directly. Your site lives inside the platform's editor, not as files Claude can edit. The rest of the system still works for you (Supabase backend, CRM, email sequences, dashboard), you just skip the website lessons.

1. Send-time email rendering pipeline

Email clients (Gmail, Outlook, Apple Mail) are stuck in 2010. They strip web fonts. They strip CSS in style blocks. They reject flexbox and grid. Your platform's editor renders modern visuals on screen, then at send time runs an invisible pipeline that inlines every style on the element itself, replaces your brand font with a fallback stack (Karla becomes Arial when Karla is not loaded), converts your layout to old-school HTML tables, caps width at 600 pixels, and hosts every image on the platform's CDN. Without that pipeline, your email arrives broken: ugly fallbacks, busted layout, missing images.

2. Deliverability infrastructure

SPF, DKIM, DMARC records on your sending domain. Bounce handling. Suppression lists so unsubscribed users do not get re-added by accident. List-Unsubscribe header (the one Gmail uses to show "unsubscribe" at the top of the message). Sender IP reputation. Spam testing before send. None of this is glamorous. All of it is what gets your email out of spam.

3. Compliance plumbing

GDPR consent log. Double opt-in flow when you switch it on. Hard bounce removal. Unsubscribe audit trail. Privacy policy linkage. If you operate from the EU or sell to EU residents, this is the plumbing that keeps your email on the right side of consent rules (the Privacy & GDPR module has the legal background).

Substack

What it is: writing, publishing, and discovery platform with a built-in social network. Now handles newsletters, podcasts, video, and live streams from one editor. Discovery comes from the Substack Network.

You get: multiple post formats in one editor (article, podcast, video, live stream, static page), native podcast hosting with auto-RSS to Apple Podcasts and Spotify (plus AI text-to-speech narration of written posts in six voices), native video hosting plus live streaming with auto-distribution to YouTube and LinkedIn, the Substack Network for discovery (cross-publication recommendations, Notes feed, category leaderboards, semantic search), reader referrals with milestone rewards, paid subscriptions with trials, gifting, and group plans, post-level access control (free, free-subs only, paid, founding), drip campaigns triggered by subscriber lifecycle events (new free sub, new paid, founding upgrade, churn), targeted ad-hoc emails to subscriber segments, custom CSS for emails, A/B headline testing, public web pages for every issue (indexed for SEO), comments on each post.

You lose: brand control (the URL says substack.com, the design is mostly Substack's), tag-based subscriber model (no proper tags, just lifecycle states), tag-driven conditional automations, robust API (limited and mostly read-only), engagement data ownership (you can export the list, but reads and clicks live with Substack).

Best for: writers and multi-format creators (newsletter plus podcast plus video) whose primary growth lever is the Substack network, or who want public web pages indexed for SEO.

Beehiiv

What it is: newsletter platform with podcast hosting, web builder, and built-in monetisation, all in one. Built by ex-Morning Brew people. Strongest of the consumer-grade tools for direct ad revenue.

You get: the Beehiiv Ad Network (real advertisers paying you per send. Standout feature vs every other platform on this page), Boosts (paid recommendations between newsletters), podcast hosting and distribution alongside your newsletter, web builder for branded archive pages on your own domain, paid subscriptions, referral programs, recommendations network, polls embedded in emails, conditional automations that branch on poll answers and reader behaviour (someone clicks "yes" on a poll, they go down path A; "no" goes down path B), segments that update dynamically based on actions, RSS-to-send, multiple newsletters per account, robust API for sending and reading subscribers, real analytics (open by issue, click, growth), survey forms.

You lose: the Substack social ecosystem (different network, different reader culture), Kit's deep tag-based subscriber model, Flodesk's custom-font upload.

Best for: growth-focused creators monetising via ads or sponsorships, running a podcast alongside a newsletter, using polls and behaviour to personalise each reader's next email.

Kit (formerly ConvertKit)

What it is: the long-time creator email platform. Strongest visual automation engine of the consumer-grade tools.

You get: Visual Automations (drag-and-drop conditional logic, the flagship and most flexible if-this-then-that of any platform here), tag-based subscriber model (one subscriber, many tags, very flexible), Sequences for drip campaigns, Broadcasts for one-offs, native Commerce (sell digital products directly with Kit handling the checkout and delivery), apps marketplace with creator integrations (Transistor.fm for podcasts, SavvyCal for booking, Broadcast Boost), landing pages and forms with custom fields, Liquid templating in emails for real personalisation, robust API, free migration service from any other platform if you are on a paid plan, consistently strong deliverability.

You lose: visual polish (the editor is functional, not Flodesk-beautiful), public web archive (minimal), network-driven discovery (none built-in, you bring your own audience), native podcast hosting (Transistor app integration only).

Best for: businesses where the email IS the product (courses, coaching, info products, digital downloads) and where automation depth and tag-based personalisation matter more than visual design.

Mailchimp

What it is: legacy general-purpose marketing platform owned by Intuit since 2021. Has expanded beyond email into a full marketing suite (websites, ads, CRM).

You get: Marketing Automation Flows (Customer Journey Builder), Behavioral Targeting, Generative AI for body copy and subject lines, Send Time Optimization (AI predicts the best send time per recipient), Dynamic Content (personalise content blocks per recipient), Predictive Demographics, full Website Builder and Landing Pages, A/B Testing, Marketing CRM, Tags and Customer Profiles, Smart Recommendations, Retargeting Ads (run paid ads from inside Mailchimp), Transactional Emails, Webhooks, Surveys, Content Studio, deep integrations with Canva, Salesforce, Shopify, Instagram, Google Analytics.

You lose: pricing scales aggressively as your list grows, the brand has aged into "small business" rather than "creator" territory, deliverability can be inconsistent on the free tier, no native podcast hosting.

Best for: small businesses with an existing Mailchimp setup, e-commerce stores wanting integrated retargeting, teams that want one tool for email plus landing pages plus ads plus CRM.

Flodesk

What it is: design-first email platform. Patented layout system, custom font upload, beautiful templates. Pricing scales by subscriber count.

You get: custom fonts uploaded directly into the editor (rare among email tools, where your brand font actually shows where supported), brand color palette baked in, patented layout system for in-email graphics with no third-party design tool needed, countdown timers that match your brand, polls embedded in emails, Link Actions (segment subscribers and trigger automations when they click any link), workflows with visual builder, abandoned cart automation, Forms and Landing Pages and Sales Pages, audience segmentation, email analytics and reporting, plays well with Squarespace, Showit, Shopify.

You lose: automation depth versus Kit (workflows are nice but shallower than Kit's visual builder), tag complexity (simpler model than Kit), custom HTML import (limited), API (basic), Substack/Beehiiv-style network discovery (none).

Best for: brand-led businesses (designers, photographers, wedding industry, lifestyle, course creators with a strong visual brand) where the email's design IS part of the product.

Build with your own system (Resend + Supabase)

What it is: not a newsletter platform. A transactional email API plus your own database. The next lesson sets it up.

You get: total control (every email is your code, every subscriber is your row), real-time triggers (user did X, send email Y) with full conditional logic, multi-step sequences with branching that depends on database state, costs scale with usage rather than list size (Resend covers 3,000 emails per month free, then $20 per month for 50,000), data lives where you live (your Supabase project), a full consent log built in and EU hosting available, no platform lock-in.

You take on: the send-time rendering pipeline (you write email-safe HTML, see below), deliverability infrastructure (SPF, DKIM, DMARC for your sending domain), suppression management (your bounces, your unsubscribes, your job), HMAC-signed unsubscribe tokens, bounce webhooks, click and open tracking, list management UI (Resend has none, you read your own database).

Best for: people who already run on Supabase, who have transactional emails to send (purchase confirmations, lead-magnet sequences, automated onboarding), and who want their CRM and email database to be the same row.

Hybrid (most common, recommended for most)

Keep your newsletter platform for broadcasts: newsletters, announcements, content. Build with Resend for transactional: purchase emails, lead-magnet sequences, post-event reminders.

Why this is usually right: broadcasts benefit from the platform's send-time pipeline, design tools, audience growth features, list-management UI, and deliverability reputation. Transactional benefits from being native to your system, triggered by real events, recorded in your own database. Most professional setups look exactly like this.

Replace selectively

Move one specific use case from your platform to your own system. Most common: lead-magnet sequences, post-purchase onboarding, multi-touch nurtures triggered by behavior.

Reasons to replace selectively: the sequence needs to react to data only your system knows (course progress, app usage, dashboard activity), the sequence needs to update CRM data as it sends (mark someone "engaged" when they reply), or the trigger fires from a Stripe webhook or app event your platform cannot see.

Replace fully

Move everything, including broadcasts.

Reasons to consider: you are very EU-GDPR strict and want full data residency control, your "newsletter" is small and intimate (under 300 people) and you want zero platform overhead, or you genuinely hate the platform you are on and the editor is the daily drain. If you go this route, you take on the whole rendering pipeline. The next section names what to consider.

Pattern 1: Analyze your platform performance

Export your subscriber list and your last 10 issues' performance from your platform (every platform supports CSV export). Drop the CSVs into your root system. Ask Claude:

"Read the CSVs in heart/content-hub/newsletter-exports/. Tell me my open rate trend over the last 10 issues, my best-performing subject lines, the type of content that gets the most clicks, and the segments of subscribers I should send more or less to."

Pattern 2: Write the body in your voice, format inside your platform

Open your platform's editor. Before you type a word, ask Claude:

"I want to write a newsletter about [topic]. The angle is [angle]. Read my voice guide and my recent issues, then draft a 350-word body in my voice with a real hook, two concrete examples, and one specific ask at the end."

Claude drafts. You paste into the platform's editor (the platform's send-time pipeline handles the rendering). You tweak the formatting in the platform's UI where the design lives.

Pattern 3: Generate the visual asset, not the layout

You want a custom image at the top of your issue. The platform's stock images are bland. You generate a brand-aligned image with Claude (the /ai-image skill, or another image tool you trust), save the file, upload through your platform's image picker. Use the platform for layout. Use Claude for the asset.

Pattern 4: Generate the sequence outline, build inside the platform

You want a 5-email welcome sequence inside Kit. Ask Claude:

"I want to write a 5-email welcome sequence for [audience]. Each email is short, in my voice, no marketing speak. Email 1 sends immediately, then days 2, 4, 7, 14. Draft the sequence with subject line plus body for each."

Claude drafts the copy. You rebuild it as blocks inside Kit's editor (so Kit's pipeline handles the rendering). Slow but bulletproof.

An email is HTML that fetches everything else over the public internet.

Your recipient's email client downloads your HTML, then makes separate requests for every image. If a URL in your email points to your laptop, your local repo, your private Drive, or anything behind a login, the recipient sees a broken image. The image must be reachable by anyone on the internet typing the URL into a browser.

What does NOT work

• Local file paths like /Users/you/Desktop/photo.jpg
• Relative paths like ./images/photo.jpg
• Repo files that have not been deployed
• Private Google Drive, Dropbox, iCloud links (they require login)
• Base64-encoded images embedded in the HTML (Outlook strips them)
• SVG files (inconsistent client support, especially Outlook). Convert to PNG.

Stack examples that render everywhere

For warm serif headlines (book/magazine feel):
font-family: Charter, Georgia, Times, 'Times New Roman', serif;
Charter ships on every Apple device. Georgia is on every device made in the last 25 years. You always get a real serif.

For modern sans-serif body (clean, friendly):
font-family: 'Karla', Arial, Helvetica, sans-serif;
Karla shows where it happens to load (some Apple Mail), Arial fallback elsewhere. Both clean.

For UI labels, footers, eyebrows:
font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif;
System sans, looks the same everywhere.

Read first: Pick your data residency before you sign up

Resend stores email data in the region you pick when you create the account. The default is US. If you operate from the EU, sell to EU residents, or want your email data held in the EU, switch to the EU region during signup.

Why it matters: changing region after the fact is a hassle. You cannot migrate an existing account between regions. The fix is to create a new account in the right region, re-verify your domain, regenerate API keys, update every Supabase secret, and migrate your suppression list. Hours of work that costs you nothing if you pick right on day one.

Match your residency to where Supabase lives. If your Supabase project is in EU Frankfurt, your Resend account should also be EU. Same logic for US: keep them in the same region so your transactional flow does not cross jurisdictions.

What those DNS records actually do

Resend will give you three TXT records to paste into your DNS. Each answers one question Gmail and Outlook ask about every email arriving in their pipes.

SPF

"Is this server allowed to send mail for this domain?" The record lists who is approved. Resend, Google, anyone else sending as you. Anyone else is a stranger using your name.

DKIM

"Was this email tampered with on the way?" Resend signs every message with a private key. The receiving server checks the matching public key in your DNS. One character changed, the signature breaks.

DMARC

"What should I do if SPF or DKIM fails, and where do I send the report?" Three levels: p=none (watch), p=quarantine (spam folder), p=reject (bounce).

The mental model: SPF and DKIM are the locks. DMARC is the rule for what to do when a lock fails, plus the camera that tells you who tried.