Tutorials / Intermediate+

Build a Client Portal With AI (Look Like an Agency, Run Like a Freelancer)

A private space per client: project status, files, deliverables, and messages behind a login. The single biggest 'this person is professional' signal a solo operator can deploy.

DifficultyIntermediate+

TimeA weekend (auth tutorial required first)

You'll needClaude · Free Supabase account (auth + storage) · Real clients, or imminent ones

You'll buildA portal where each client logs in to see only their projects: status and milestones, shared files in both directions, an update feed, and a message thread — with your admin view across all of it.

The difference between 'freelancer' and 'firm' in a client's mind is often just surface area: agencies have portals, freelancers have email threads with attachments named final_v3_REAL.pdf. The portal is the easier half to fake — and it's not even fake: status in one place, files in one place, history in one place genuinely IS better service. This is the capstone of the auth pattern: everything here is per-user isolation, applied commercially.

Step 1 — The model: clients see slices, you see everything

Tables: clients (linked to their auth user), projects (client_id, name, status, milestone list), updates (project_id, timestamped text — your progress feed), files (project_id, name, storage path, who uploaded), messages (project_id, sender, text). The RLS theme throughout: clients read/write only rows belonging to their client_id; your account reads/writes all. Ask Claude for the schema + policies in one go, flagging that asymmetry explicitly — 'admin role sees everything, client role sees only their own' — and have it explain how it distinguishes your account (a simple is_admin flag checked in policies is the honest beginner answer).

Step 2 — Invitations, not signups

A portal with an open signup page is wrong — YOU create clients. The clean flow: you add a client in your admin view with their email; Supabase sends them an invite/magic link; first login lands them in their portal. Ask Claude to build exactly that ('admin creates the user via invitation — walk me through the dashboard settings and the code'). Side benefit: no password-creation friction for clients, and magic links mean no 'I forgot my password' emails to you, ever.

Step 3 — The client's room

Build the client-facing portal page (single HTML file, supabase-js; schema below). After login a client sees: their projects as cards with status badges and milestone progress; clicking a project opens: an UPDATES feed (my posts, newest first), a FILES section listing downloads with upload date and an upload box for sending me files (Supabase Storage — include the bucket policies so clients only touch their project's folder), and a MESSAGES thread between us. Clean, calm, branded with [my logo/colors] — clients judge the work by this room. Empty states that reassure ('No updates yet — kickoff is [date]') rather than look broken. Complete file. [schema]

Worth knowingStorage policies are the sleeper hazard: database RLS doesn't automatically protect FILES. Supabase Storage has its own policy layer — folder-per-project, access matching the project's client — and Claude must write those too. Test it: log in as client A, take a file URL from client B's project, and confirm it's denied. A portal that leaks deliverables between clients is worse than email threads.

Step 4 — Your control room

The admin page: all clients and projects in one view; post an update / change status / upload deliverables in two clicks (friction here decides whether you actually keep the portal alive); unread client messages surfaced at the top; the invite-client form. Wire the Telegram-bot pattern to ping you on client uploads and messages so the portal never needs polling. One process rule beats any feature: post every Friday update IN the portal — a portal that's quieter than your email teaches clients to ignore it.

Step 5 — The professional wrapper

portal.yourdomain.com (a subdomain is free at your registrar), your branding, and the security pass from the AI-code-safety guide — run it with extra paranoia, because this app holds other people's business files, which is Tier 3 territory by that guide's triage. Then onboard ONE real client and ask them where they got confused; their answer is your iteration list, and 'my clients use my portal' is now a sentence in your sales calls.

Where this compounds

Every pattern here came from earlier tutorials — auth, per-user data, storage, notifications — and every later idea reuses it: the booking system drops in as a portal tab; invoices from that tutorial attach per-project; a proposal-acceptance flow is one status field away. You're not building apps anymore; you're recombining proven parts, which is the actual skill this whole site has been installing.

Keep going

Need somewhere to put it live? See where to host AI-built sites. Compare tool costs on the pricing tracker (or stick to the free options), then pick your next build.