TheraSite

TheraSite

A privacy-sensitive client platform and agency build.

Web agency & encrypted messaging portal for PHIPA-compliant therapist websites with end-to-end ownership of business strategy, client acquisition, and zero-knowledge encryption architecture.

At a glance

3 live clients · 3 pricing tiers · ~45 Angular components · 16 API endpoints · Zero-knowledge encryption · PHIPA compliant

TheraSite is a web agency targeting CRPO-registered psychotherapists in Ontario who need PHIPA-compliant websites. It combines marketing site development with a zero-knowledge encrypted messaging portal built on Angular 20, Cloudflare Workers with Hono, and per-tenant D1 databases. Unlike the other projects in this portfolio, TheraSite is a business venture with live clients, pricing strategy, and revenue.

By the Numbers

Live Clients

~45

Angular Components

API Endpoints

Pricing Tiers

Tables / Tenant

100K

PBKDF2 Iterations

Business Model

Market Analysis

CRPO-registered psychotherapists in Ontario are required to protect client health information under PHIPA, but major web agencies don't build compliance-aware sites for this market. Most therapists use generic Squarespace or Wix templates with no encryption, no audit trails, and no PHIPA gap analysis. TheraSite fills this gap with purpose-built, compliant websites and an encrypted messaging portal.

Compliance Audit

$249

one-time

+PHIPA gap analysis

+Detailed report

+Remediation roadmap

Starter

$59/mo

$590/yr (save $118)

+Custom marketing site

+PHIPA-compliant design

+Hosting + maintenance

Professional

$99/mo

$990/yr (save $198)

+Everything in Starter

+Encrypted messaging portal

+Zero-knowledge encryption

Client Portfolio

Yuliana Therapy

10 pages, 11 blogs

yuliana-therapy.ca

Live

EJ Construction 613

Single-page

ejconstruction613.ca

Live

Anavo Capital

9-page Next.js site

anavocapital.ca

Live

System Architecture

C4 Container Diagram

Therapists

Admin portal & messaging

Public Visitors

Marketing sites & contact forms

HTTPS

TheraSite System

Angular SPA

Angular 20 + Standalone + Signals

~45 components

MarketingPortalAdminContactsMessagesAuth

JSON / REST

Cloudflare Workers

Hono router + edge runtime

16 endpoints

Auth (3)Messages (4)Contacts (3)Portal (3)Admin (2)Email (1)

SQL (D1 binding)

Cloudflare D1

Platform DB + per-tenant databases · 7 tables each

External Services

Turnstile

JS SDK

Bot protection

Email Workers

CF Email

Inbound routing

Cloudflare DNS

API

Tenant domains

OpenPGP.js

Client-side

E2E encryption

Zero cold starts — Workers run at the edge, D1 is SQLite at the edge, built-in DDoS protection from Cloudflare

Key Decisions

T1 — Business

Targeted CRPO-registered psychotherapists in Ontario, an underserved market where major web agencies won't build PHIPA-compliant sites

Line of thinking

Why: Most web agencies treat therapists as generic small-business clients and ignore PHIPA requirements entirely. CRPO therapists have a regulatory obligation to protect client health information, but there are almost no affordable, compliance-aware web solutions in the market. Big agencies won't touch PHIPA compliance for a market this small. That's the opportunity: no competition, and therapists have a regulatory reason to pay for it.

1 / 3

Built a web agency from scratch targeting an underserved market targeting CRPO-registered psychotherapists in Ontario who need PHIPA-compliant websites. Designed three pricing tiers, acquired three live clients, and built the technical platform: Angular 20 marketing sites (~45 components), Cloudflare Workers backend (16 Hono API endpoints), multi-tenant D1 databases with per-tenant isolation, and a zero-knowledge encrypted messaging portal using PGP + AES-256-GCM + PBKDF2. The server never sees plaintext and decryption happens entirely in the browser. End-to-end ownership of both the business and the engineering.