CP/DEV
es
Alejandro Albornoz — Coach

2026 · Design & full-stack development

Alejandro Albornoz — Coach

Brand site and private client area for a fitness coach, with Astro and Supabase

  • Astro 6
  • Preact
  • Tailwind CSS 4
  • Supabase
  • Astro Actions
  • Zod
Accessibility
WCAG 2.2 AA · 0 issues
SEO
Lighthouse 100
Private area
Auth + strict RLS
Live demo

Context

An online personal coach for strength training, nutrition and habits needed to move from “Instagram profile” to a professional digital brand: a site that captures leads and, above all, a private area where mentoring clients access their follow-up. A sensitive domain — health — that demands careful handling of consent and data from day one.

Architecture decisions

  • Static Astro 6 + Preact islands for the public side (hero, pillars, services, FAQ, contact): prerendered HTML, fast and cheap to serve.
  • Supabase as the private-area backend: passwordless magic link auth, a PostgreSQL database with strict Row Level Security, and a trigger that auto-creates the client record on signup.
  • Two protected areas behind one auth system: automatic post-login routing — admins to the management panel, clients to their dashboard — with an admin cap enforced at the database level.
  • Forms with Astro Actions + Zod, with explicit consent given the special-category data involved.
  • A bespoke design system: black + lime palette (16.6:1 contrast, AAA), self-hosted Oswald/Inter type, scroll-reveal animations that honour prefers-reduced-motion, and View Transitions for reload-free navigation.

What I built

  • The full public site: home with value proposition, an MDX philosophy page, services with duration-based packs, results and a contact form with GDPR consent.
  • The client private area: a dashboard with subscription status, metrics and upcoming sessions.
  • The admin panel: client list and detail, subscriptions, body metrics and sessions, protected by RLS.
  • Technical SEO (Person + ProfessionalService JSON-LD, a sitemap that excludes private routes, robots) and legal pages.

Technical challenges

The most interesting one: two protected areas sharing a single auth flow. The solution routed by the role read from the database and locked the boundary with Postgres RLS policies, so security never relies on the frontend alone.

The health domain added a layer of responsibility: explicit consent in the form, a visible disclaimer, and exclusion of private routes from the sitemap and indexing.

Result

In production: Lighthouse 100 on SEO, WCAG 2.2 AA accessibility with zero violations on audited pages, and Core Web Vitals in the green. A solid base the client can grow on (payments, content) without rebuilding the architecture.

Client project. Some internal details are omitted for confidentiality.

← Selected work