Published on

EasySignupForm: A Secure, Multi-Tenant Medicare Enrollment Platform

Authors
  • avatar
    Name
    Winston Brown
    Twitter

EasySignupForm: A Secure, Multi-Tenant Medicare Enrollment Platform

EasySignupForm (ESUF) is a full-stack project I built to help Medicare beneficiaries complete complex enrollment flows with confidence, while giving insurance agencies a scalable, white-labeled experience. It combines a polished React frontend with a FastAPI backend, supports multi-tenant branding, and keeps privacy at the center of every workflow.

This project is a clear snapshot of how I build production-grade systems: user-centered workflows, strict security boundaries, and infrastructure that scales cleanly across tenants.

Demo

Here is a short walkthrough video:

EasySignupForm demo video

What It Does

EasySignupForm guides users through a multi-step Medicare enrollment process, from document scanning to plan selection and final submission. The platform is designed to reduce friction for seniors while giving agencies reliable workflows, analytics, and branding controls.

Highlights

  • Multi-tenant agent branding with tenant-aware theming and custom UI assets.
  • Workflow orchestration using an XState v5 state machine to manage step access, validation, and progression.
  • Secure session handling for enrollment links and cross-device handoff (desktop to mobile) without exposing sensitive session data.
  • Chrome extension integration that supports automated form fill and progress sync.
  • HIPAA-aware architecture with encryption in transit, memory-only session tokens, and tight access boundaries.

Architecture Snapshot

The system is split into two primary services:

  • Frontend (EasySignupForm): React + TypeScript UI, XState workflow engine, Zustand state, tenant branding, and form validation.
  • Backend (FormHelper): FastAPI service handling authentication, session orchestration, branding APIs, analytics endpoints, and AI-powered document processing.

This separation keeps user experience fast and focused while the backend remains modular, secure, and deployable across different GoHighLevel app types.

Technical Decisions That Matter

  • Multi-tenant theming: Tenant branding is fetched per agent and applied as a theme layer, allowing full white-label experiences with minimal front-end branching.
  • State-machine workflow: A centralized workflow machine replaces scattered hooks, preventing invalid step access and reducing logic drift across pages.
  • Cross-device scanning: QR code transfer uses short-lived, single-use codes and Server-Sent Events (SSE) for real-time progress updates.
  • Performance: Redis caching cuts branding lookups from ~170ms to ~62ms, improving perceived speed for every session.

OCR Pipeline (YOLOv8n -> Capture -> Groq)

For card-based steps (insurance + Medicare), I use a browser-side YOLOv8n TensorFlow.js model to gate when scans are allowed.

  • The camera loop runs detection every 3rd frame and smooths alignment over a 5-frame window.
  • The user gets real-time hints (move left, move closer, etc.) based on bounding-box center/area thresholds.
  • When alignment is stable, the scanner state machine triggers countdown -> capture -> upload -> OCR parse.
  • Captured images are posted to /ocr with a document-specific prompt; the backend converts each image to base64 and sends a multimodal request to Groq.
  • OCR responses are parsed into typed form data, then users verify/edit before continuing.
EasySignupForm OCR Pipeline

LLM Safety Posture (OWASP-Aligned)

The assistant layer is intentionally constrained and domain-scoped, with defense-in-depth checks before generation:

  • Input-level filters for obvious off-topic requests and medical-advice requests.
  • Page-relevance checks so responses stay anchored to the user’s current enrollment step.
  • Strict system instructions that explicitly prohibit diagnosis/treatment advice and unrelated topics.
  • Scoped RAG retrieval tied to the current enrollment session/user context.
  • Human handoff path for consultation requests instead of forcing automation.
FormHelper LLM Guardrails Flow

In OWASP LLM terms, this directly addresses key risk classes like prompt-injection style scope drift, unsafe medical output, and over-broad data use. It is not exhaustive, but it is practical and production-oriented.

Canary + Monitoring

I designed the assistant with a monitoring-first mindset (query classification, blocked-query tracking, false-positive review). The next hardening layer is canary-style detection and alerting for guardrail bypass attempts, paired with periodic review of blocked/redirected traffic patterns.

Tech Stack

  • Frontend: React, TypeScript, XState v5, Zustand, Mantine UI
  • Backend: FastAPI, SQLModel, PostgreSQL, Redis, Auth0, Supabase
  • Infra + Security: OAuth2, JWT, SSE, HIPAA-focused data handling

Why I Built It

Enrollment flows can be overwhelming for seniors, and agencies need a system that can scale across hundreds of branded experiences without compromising security. EasySignupForm is my answer to that problem: build a calm, guided interface for the user, and a robust, extensible backend for the agency.

If you want to discuss the project or the engineering behind it, I am happy to share more.

Discuss on TwitterView on GitHub