Digital advertising is built on a broken premise: advertisers pay for impressions and clicks, but neither proves a human paid attention.

Bots inflate the numbers. A meaningful share of every ad budget is spent on traffic that was never a real person.

"View" is a fuzzy word. A half-second autoplay in a muted background tab counts the same as a fully-watched ad.

Brands have no way to verify engagement. There's no checkpoint that says "this person actually saw this and processed it."

Thrilla is an attempt to fix that with a simple idea: don't charge for the view — charge only when the viewer proves they were paying attention.

For viewers. You scroll through a TikTok-style vertical feed of short video ads. Each video is locked and non-skippable. When it ends, a quick interactive quiz about the content appears. Answer correctly and real money lands in your wallet. Skip or get it wrong, and nothing happens — neither you nor the advertiser is charged.

For advertisers. Upload a video, set a budget, write a quiz, hit publish. You're charged only when a verified view completes. Bots and passive viewers can't drain your budget. Each verified view splits a small platform fee between the viewer and Thrilla.

Cash out. Viewers connect their bank and withdraw their balance. Advertisers top up their account through a secure checkout flow.

Mobile-first vertical swipe feed with smooth physics and network-adaptive video preloading

Locked, non-skippable video playback via streaming CDN

Quiz challenge that unlocks the reward when answered correctly

Daily cap to prevent reward farming

Wallet balance, earnings history with daily charts, and one-click withdrawals

Likes, view tracking, and milestone reward emails

Two verification paths at onboarding: registered business or influencer/creator — each with document uploads and admin review

Campaign creation wizard: video upload, custom thumbnail, quiz builder, social links, budget, and audience targeting

Auto-pause when the budget runs dry, auto-complete when the view cap is hit — no manual babysitting

Secure deposits, full transaction history, downloadable invoice receipts

Analytics dashboard showing campaign performance and revenue trends

User management with role-aware filtering and pagination

Advertiser verification review queue (approve / reject / revoke)

Support ticketing system with assignment and status tracking

Editable platform-wide configuration (pricing, rewards, fees)

Audit notifications for fraud alerts and config changes

Next.js (App Router) + React — TypeScript end-to-end

Tailwind CSS + shadcn/ui component library

TanStack React Query for client-side async data

React Hook Form + Zod for validated, type-safe forms

Gesture-based swipe feed

HLS video playback with quality capping for mobile performance

Recharts for analytics dashboards

Supabase (Postgres + Auth + Storage) with row-level security on every table and role-based access policies

Atomic database functions for money settlement and feed serving — ensuring consistency across all financial operations

Server-side route protection with role-aware middleware

Three-tier role-based access control

Stripe Checkout + Webhooks for advertiser deposits

Stripe Connect for viewer payouts

Cloudflare Stream for HLS delivery

Resumable uploads from the browser directly to the streaming CDN

Templated, preference-aware notification system across auth, viewer, advertiser, and admin flows — sorted into priority tiers so transactional mail always sends and optional notifications respect user preferences

Vercel for hosting and analytics

TypeScript strict mode throughout

Three pieces of this build that I'm especially proud of:

Every time a viewer answers a quiz correctly, a chain of operations needs to happen: mark the view verified, credit the viewer's wallet, record the platform fee, decrement the campaign's remaining budget, and auto-pause or auto-complete the campaign if it has just run out. All of this runs inside a single atomic database transaction. Either everything happens, or nothing does. Concurrency controls prevent race conditions on the same budget, and uniqueness constraints ensure a user cannot be paid twice for the same video — even if the application layer has a bug.

Visitors get a fingerprint-based anonymous session the moment they land — before signup. That lets the system rate-limit, detect duplicates, and track fraud signals from the very first video they watch. The pipeline scores each session across multiple device and network signals. High-risk sessions are blocked outright. When a guest eventually signs up, their session history and any flags transfer to their new account.

The video feed isn't a simple "give me active campaigns" query. It filters to active campaigns, flags each video with whether the current viewer has already verified it, and sorts verified videos to the bottom rather than hiding them. That way an engaged user never sees an empty feed, but the app knows to skip the quiz overlay on videos they've already earned from — they can keep watching, just not double-earn.

Getting the money flow right. Early versions double-counted spend because the advertiser's balance was debited at both publish time and on each verified view. I redesigned the model so the advertiser is debited once at publish (budget locked into the campaign), and verified views only decrement that campaign's remaining budget. Every settlement is now one atomic transaction with no silent failure modes.

Anonymous users inside a secure database. Letting non-logged-in viewers watch and verify videos while keeping strict row-level security on every table required careful architecture. The result: guests can use the product fully, but the database never relaxes its access rules.

Mobile feed performance. Vertical swipe physics that don't feel janky required hand-tuning preload windows by network quality, debouncing buffering states so brief network blips don't flash a spinner, and capping video quality so older phones don't thermally throttle mid-ad.

Email without becoming a spam machine. Dozens of notification types across multiple user roles, sorted into priority tiers, with per-category preference toggles. Every send is async so a failed email can never block a successful payment or campaign action.

The product is live but still growing. Pieces in progress:

Swipe and tap verification challenges — quiz is shipped; additional challenge types are designed and waiting on UI work.

Weekly digest emails for advertisers and viewers.

Expanded analytics dashboards — the data layer exists, but the visualization surface is intentionally minimal right now.

Notification audit trail for deduplication and full logging.

Owning Thrilla end-to-end meant designing the data model, building the frontend, wiring up payments both ways, shipping a TikTok-style mobile feed, designing a fraud pipeline, and operating it all in production. Going from "no spec, just an idea" to a working money-handling product taught me that the boring parts — transactional boundaries, access control, idempotency, and preference-aware messaging — are what makes a product trustworthy. Happy to walk through any layer in detail.