TRAY

Shopify for campus canteens. One login, zero code, 0% commission — every canteen gets its own live menu, kitchen view, UPI payments & OTP pickup. No more lunch queues.

Comment

Inspiration

It's 12:47. I have thirteen minutes until class, and I'm seven people deep in a canteen line.

Peak lunch is a 10-to-20-minute war: twenty students shouting orders over each other, waving paper chits, fumbling for cash, all praying the kitchen heard them. I've missed the start of class more times than I can count. The professor doesn't care why you're late — I've lost attendance marks over a plate of food. On the worst days I left half my lunch on the tray and sprinted back anyway. A samosa is not worth a debarred semester.

So why, in a building full of phones, is there still zero coordination between hundreds of hungry students and a kitchen ten feet away?

I didn't read about this in a market report — I lived it, three times a week, in that line. And when I talked to the people behind the counter, I found their version was worse. They have exactly two options: stay on cash and paper and drown at every rush, or hand 15–30% of every order to Swiggy and Zomato — a commission a small campus canteen simply doesn't have the margin to pay.

The fix isn't one more delivery app stacked on the same broken economics. It's giving every campus canteen its own system — instantly, no code, no agency, no commission. That became TRAY.

What it does

TRAY is Shopify for campus canteens. One deployment runs every canteen on campus, and a non-technical owner logs in once to instantly get their own running system — no developers, no agency, no code:

  • An isolated Admin Console — menu, pricing, live orders, revenue analytics, staff controls, audit logs.
  • An isolated Kitchen View — live ticket queue, prep timers, OTP handover.
  • Their own domain, if they want it.

Every canteen the college adds shows up with its own live menu inside one unified Student App — but each canteen's kitchen and admin data is strictly isolated by Postgres Row-Level Security.

Four roles, cleanly separated: Student, Kitchen staff, Canteen Admin, Campus Admin.

The student flow: choose a canteen → browse live menus with prep times → pay by single-use UPI QR → track live (Placed → Preparing → Ready in ~300ms) → collect with a 4-digit OTP. No chit. No cash. No shouting.

0% commission. Payments settle directly to each canteen's bank via Razorpay. Where an aggregator takes 15–30 of every 100 rupees, TRAY takes zero.

How we built it

  • Next.js 15 (App Router) + TypeScript (strict) + Tailwind v4, on Vercel Edge/CDN
  • Supabase: Postgres with Row-Level Security for tenant isolation, Auth on per-tenant scoped routes, Realtime over WebSocket (~300ms) with polling fallback
  • Razorpay UPI with HMAC-SHA256 webhook signature verification and an atomic safe_capture_payment() Postgres function with idempotency ledger and dead-letter queue
  • Upstash QStash for async jobs, Sentry for monitoring, strict CSP + HSTS
  • 27 SQL migrations. 191 commits. Shipped live at trayy.vercel.app.

Challenges we ran into

  • Making tenant isolation provable, not probable — isolation lives in Postgres RLS where failure mode is "zero rows," never a leaked one
  • Payment race conditions: row locks + atomic capture + idempotency ledger + dead-letter queue solved double-selling and duplicate webhooks
  • Sub-300ms realtime across three portals without hammering Postgres — Supabase Realtime push + polling fallback + exponential backoff
  • Hiding all complexity behind a no-code, self-serve experience

Accomplishments that we're proud of

  • A non-technical canteen owner stands up their entire operation themselves: one login → isolated Admin + Kitchen + their own domain. No manual needed.
  • 0% commission, direct settlement — TRAY never touches the funds
  • Provable tenant isolation via RLS. Sub-300ms realtime. A 4-digit OTP that retires the paper token for good.
  • Shipped for real as a student: 191 commits, 27 migrations, CSP/HSTS, Sentry — live at trayy.vercel.app

What we learned

  • WHERE you enforce a guarantee matters more than how loudly you promise it — multi-tenancy belongs in Postgres RLS
  • Respect concurrency: atomic SELECT FOR UPDATE, idempotency, dead-letter queue — design as if the network already betrayed you
  • Realtime fan-out is a different animal than request-response
  • Building for non-technical users deletes your assumptions — if they need a manual, you failed
  • The real innovation isn't a screen — it's the business model: 0% commission + direct settlement + no-code multi-tenancy

What's next for TRAY

  • Ingredient-level stock, auto-86 for sold-out items, daily waste reports
  • Pre-order + scheduled pickup, campus wallet, loyalty, meal-plan subscriptions
  • Master Control Centre: cross-canteen analytics for college administration
  • Beyond campus: office cafeterias, food courts, hostel messes — same multi-tenant engine
  • Mobile-first PWA with deeper accessibility

Built With

Share this project:

Updates