All Posts

How I Replaced Spreadsheet Chaos with a Custom Order Management System

When off-the-shelf tools don't fit your workflow, sometimes the answer is building exactly what you need. Here's how I turned a spreadsheet mess into a production-grade order management system.

case-studynext.jspostgresqldockersecurity

There's a moment in every small business where the spreadsheet stops working.

Not literally — it still opens, still calculates, still saves. But the process around it has grown so complicated that the spreadsheet is now the bottleneck. You're spending more time managing the tool than doing the actual work.

For Beam Creative, that moment came when the same order showed up in two different spreadsheets with two different prices, and a customer got quoted the wrong amount. That's when we decided to build BCOrderHaus.

Why Not Off-the-Shelf?

The first question people ask is: "Why not just use Monday.com / Airtable / Notion / [insert SaaS]?" Fair question. Here's the honest answer:

Custom products businesses have custom workflows. An order for 500 laser-engraved pens isn't like an e-commerce order for a t-shirt. It needs artwork approval, pricing based on quantity tiers and material choices, production scheduling, quality checks, and customer communication at multiple stages. No generic project management tool handles that flow natively.

We tried. The tools either required so many workarounds that they were harder than the spreadsheet, or they imposed workflows that didn't match how the business actually operates.

What We Built

BCOrderHaus is a full-stack web application with two faces:

The internal system is where staff manage orders, customers, quotes, artwork, and production status. It runs on the local network in a Docker container.

The customer portal is a public-facing app where customers can review quotes, approve pricing, and check order status. It runs on a hardened VPS with automatic HTTPS.

Both apps share a PostgreSQL database but have completely different interfaces and security models. Staff see everything; customers see only their own orders.

The Security Audit That Changed Everything

After the initial build, we ran a thorough security review. We found 25 vulnerabilities — some critical. Input validation gaps, session management issues, missing rate limiting, overly permissive CORS.

Every single one was fixed. But more importantly, the process taught us to think about security as a first-class concern, not an afterthought. The production VPS now has a 10-step hardening protocol that I use on every deployment.

The Takeaway

If you're running a business on spreadsheets and feeling the pain, here's what I've learned:

  1. Off-the-shelf tools work great until they don't. If your workflow is genuinely unique, custom software might be cheaper in the long run.
  2. Start with the workflow, not the technology. We mapped out exactly how an order moves through the business before writing a line of code.
  3. Security is not optional. Even internal tools need proper authentication, input validation, and access control.
  4. Automate the deployment, not just the product. CI/CD pipelines, health checks, and automated backups aren't luxury features — they're how you sleep at night.

The system has been running in production with zero unplanned downtime. That spreadsheet is still sitting in Google Drive somewhere, but nobody's opened it in months.