Loading
Aztec Landscapes
Business Operating System

Aztec B.O.S

One system to manage your entire workforce, from recruitment to allocation to compliance.

What This System Does

  • Replaces your spreadsheets: all operative data in one searchable database
  • Automates recruitment: Sophie AI qualifies candidates 24/7 via WhatsApp
  • Manages compliance: blocks anyone without valid CSCS/RTW automatically
  • Streamlines allocation: match skills to sites, send offers via WhatsApp
  • Tracks everything: arrivals, NCRs (Non-Conformance Reports), performance, documents
24/7
Recruitment
100%
Compliance
£120k
Annual Saving
<12
Months ROI
Prepared by Cold Lava February 2026

The Problems We're Solving

Spreadsheet chaos: operative data scattered across files

Compliance risk: expired CSCS cards slip through

Manual recruitment: hours spent on unqualified applicants

No visibility: who's working where, when?

Slow allocation: phone tag to fill urgent gaps

Database poaching: staff leave and take contacts

Operating Model / 002

Your Operating Model

Central labour control with one key principle: Reallocation First

01

Central Labour Control

All labour allocation flows through a single point (Liam). Site Managers, PMs and Directors request through him via WhatsApp.

02

Reallocation First

Before external recruitment: 1) Reallocate finishing workers 2) Search internal database 3) Only then raise adverts.

03

Skills & Rate Governance

Every allocation checks skill requirements against qualifications. Rate matrices enforced automatically.

04

Compliance by Default

No operative works without valid RTW, Photo ID, and in-date CSCS. System blocks non-compliant allocations.

Trade Categories (Preloaded)

Blue Collar

Skilled LandscapersCSCS Green
General LabourersCSCS Green
GroundworkersCSCS Green
Pavers / Kerb LayersCSCS Green
Plant OperatorsCPCS/NPORS
Drainage OperativesCSCS Green
CarpentersCSCS Blue
BricklayersCSCS Blue
Stone MasonsCSCS Blue
Steel FixersCSCS Blue

White Collar

Site ManagersCV + Quals
Project ManagersCV + Quals
EngineersCV + Quals
SupervisorsCV + Quals
Design ManagersCV + Quals
Document ControllersCV + Quals
Quantity SurveyorsCV + Quals
H&S OfficersCV + Quals

White collar: CVs searchable, full compliance docs collected when role offered.

Live Architecture / 003

System Architecture

Four ways in, one central brain, secure storage.

Technical Detail: API Endpoints

/api/operatives

Manage workers

/api/allocations

Assign to sites

/api/ncrs

Log issues

/api/webhooks

Receive messages

/api/documents

Store files

App Integration Flow

Watch how data flows between the apps in real-time scenarios.

WHO USES IT Liam Dashboard Web Application Site Manager WhatsApp Bot Sophie AI WhatsApp Agent Operative WhatsApp THE BRAIN Central Processing People Assignments Issues Messages Documents WHERE DATA LIVES Supabase London Data Centre PostgreSQL File Storage Auth External Services Third-Party APIs WhatsApp OpenAI Gov.uk
Recruitment

Applicant applies → Sophie qualifies → Liam reviews

Allocation

Liam sends shift offer → Operative accepts

Deployment

Operative assigned → Arrives at site

Site Control

Site Manager manages arrivals + performance

Issues

NCRs and problems → Escalate to Liam

Technology / 004

Technology Stack

Every technology chosen for reliability, security, and long-term support. Here's what we're using and why.

DEVELOPMENT GitHub Version Control Next.js Framework HOSTING Vercel Global Edge Network • CDN • SSL Zero-Downtime Deployments WHERE DATA LIVES Supabase PostgreSQL + Storage • London Database File Storage Auth External Services Third-Party APIs WhatsApp OpenAI Gov.uk

Technology Details

Supabase Supabase

What it is: A managed database service built on PostgreSQL, the same database technology used by Instagram, Spotify, and Netflix.

Why we chose it:

  • UK data centre (London). Your data stays in the UK
  • Built-in authentication and security
  • Row-level security for multi-tenant isolation
  • Real-time subscriptions for live updates
  • 99.9% uptime guarantee
Database Auth Storage

Vercel Vercel

What it is: A cloud hosting platform that runs your web application. Think of it as the "building" where your software lives.

Why we chose it:

  • Global edge network. Fast for users anywhere in the UK
  • Automatic scaling. Handles 10 users or 10,000 users
  • Zero-downtime deployments. Updates without interruption
  • Built-in SSL certificates. Secure by default
  • Used by McDonald's, Twitch, and The Washington Post
Hosting CDN

Next.js Next.js

What it is: The framework that builds the actual web application: the screens, buttons, and interactions Liam will use daily.

Why we chose it:

  • Industry standard. Used by Nike, Hulu, TikTok
  • Fast page loads. Content appears instantly
  • Built by Vercel. Perfect integration
  • Huge developer ecosystem. Easy to maintain
  • Server and client in one codebase. Simpler, faster
Framework React

GitHub GitHub

What it is: Where all the code is stored and versioned. Like a filing cabinet that tracks every change ever made.

Why we chose it:

  • Industry standard. Used by 100 million developers
  • Complete history. See every change, who made it, when
  • Owned by Microsoft. Not going anywhere
  • Automatic backups. Code is never lost
  • Collaboration tools. Multiple developers can work safely
Code Storage Version Control

WhatsApp WhatsApp Business API

What it is: The official way for businesses to send and receive WhatsApp messages programmatically.

Why we chose it:

  • Everyone already has WhatsApp. No app to download
  • Official Meta API. Reliable, compliant, supported
  • End-to-end encryption. Messages are secure
  • Delivery receipts. Know when messages are read
  • ~£0.03 per message. Much cheaper than SMS
Messaging Official API

OpenAI OpenAI (Sophie AI)

What it is: The AI technology powering Sophie, your recruitment assistant who qualifies candidates 24/7.

Why we chose it:

  • GPT-4. The most capable AI model available
  • Natural conversations. Candidates won't know it's AI
  • Understands context. Handles follow-up questions
  • ~£0.30 per applicant. Compare to £500+ agency fee
  • Works 24/7. Never sleeps, never takes holidays
AI GPT-4

No Vendor Lock-In

All technologies use open standards. If you ever want to move providers, your data and code come with you. You own everything.

Data Flow / 005

Labour Request Flow

Watch a labour request flow through the system.

⚡ Reallocation First: The Core Principle

Before any external recruitment, the system follows this priority:

1
Reallocate
Workers finishing current jobs
2
Internal Search
Available pool matches
3
External Recruit
Only if pool exhausted

Why this matters: Agencies make money on placement fees. This system prioritises your existing workers first, cutting external recruitment costs by maximising internal utilisation.

Request
Site need
Reallocate
Check jobs
Search
Labour pool
Match
Skills + location
Offer
WhatsApp
Confirm
Accept
Allocate
Complete ✓

Sophie AI Qualification

Greeting
Job details
GATE 1
RTW?
Right to Work
GATE 2
18+?
Age check
CSCS
Card check
Details
Personal info
Docs
Upload
Qualified
→ Liam
Database / 006

Database Schema

10 core tables with full referential integrity.

operatives
🔑 id UUID
first_name, last_name
trade_category_id
day_rate, status
avg_rating
allocations
🔑 id UUID
operative_id
site_id
start_date, end_date
status
documents
🔑 id UUID
operative_id
document_type
expiry_date
is_verified
ncrs
🔑 id UUID
operative_id
incident_type
severity
sites
🔑 id UUID
name, address
postcode, lat, lng
comms_log
🔑 id UUID
operative_id
channel, direction
message_body

What Gets Stored

Operatives: Names, phone numbers, day rates, skills, certifications, ratings

Documents: CSCS cards, RTW proof, photo IDs, with expiry dates

Sites: All your work locations with addresses and postcodes

Allocations: Who's working where, when, and for how long

NCRs: Non-compliance reports with severity levels

Communications: Full log of every WhatsApp message sent/received

Technical Detail

operatives.sql 
CREATE TABLE operatives (
  id UUID PRIMARY KEY,
  first_name VARCHAR(100) NOT NULL,
  phone VARCHAR(20) UNIQUE,
  day_rate DECIMAL(8,2),
  rtw_verified BOOLEAN DEFAULT false,
  cscs_expiry DATE,
  avg_rating DECIMAL(3,2),
  status VARCHAR(50)
);
WhatsApp / 007

WhatsApp Integration

Arrival Check

iPhone 15

NCR Report

Samsung Galaxy S24

Shift Offer

iPhone 16 Pro

Sophie AI Recruitment

Sophie qualifies candidates 24/7 via WhatsApp. Here's what the conversations look like:

✓ Qualified Applicant

iPhone 15

✗ Unqualified Applicant

Samsung Galaxy S24
Compliance / 008

Compliance Engine

Pre-Start Checks

Before any operative can be allocated to a site, the system automatically checks:

  • Right to Work: must be verified ✓
  • CSCS Card: must not be expired ✓
  • Status: must not be blocked ✓

If any check fails → Allocation blocked automatically

Document Alerts

DocumentAlert DaysAction
Right to Work30, 14, 7, 0Blocks
CSCS Card60, 30, 14, 0Blocks
CPCS/NPORS30, 14, 7Warns

Zero Exceptions

No overrides. System enforces at database level.

UK Working Time Regulations

The system enforces UK labour law automatically on every shift assignment:

48-Hour Week

System tracks weekly hours across all sites. Warns at 44hrs, blocks at 48hrs (unless opt-out on file).

11-Hour Rest

Minimum 11 hours between shifts enforced. System won't allow back-to-back assignments that violate rest periods.

Break Entitlement

6+ hour shifts require 20min break. System calculates and records break compliance automatically.

Plant & Equipment Certification

Workers can only be assigned to equipment they're certified for:

CPCS NPORS LANTRA CS30-CS42 (Chainsaw) First Aid

System matches job requirements to operative certifications. No cert = no assignment to that equipment.

Performance & Rating System

Every operative has a performance score that influences future allocation priority:

⭐ 1-5 Star Rating

Site managers rate operatives via WhatsApp at end of assignment:

⭐⭐⭐⭐⭐
  • Collected automatically via WhatsApp
  • Average score displayed on profile
  • Higher rated = priority in allocation

🚫 Re-employability Flags

System tracks workers who shouldn't be rehired:

ActiveAvailable for work
CautionRequires approval
Do Not RehireBlocked permanently

Smart Allocation Priority

When filling a labour request, the system automatically ranks candidates by:

1. Average Rating 2. Recent Work History 3. Skills Match 4. Location/Travel Time

Best performers get offered work first. Poor performers drop to bottom of queue.

Technical Detail

canStart.ts 
function canStart(operative) {
  const blockers = [];
  
  if (!operative.rtwVerified)
    blockers.push('Right to Work');
  if (operative.cscsExpiry < today)
    blockers.push('CSCS Expired');
  if (operative.status === 'blocked')
    blockers.push('Blocked');
  if (weeklyHours(operative) >= 48)
    blockers.push('Working Time Limit');
  
  return blockers.length === 0;
}
Security / 009

Security & Data Protection

Data Protection

  • Stored in the UK. London data centre, your data never leaves the country
  • Fully encrypted. Data is scrambled when stored and when transmitted
  • GDPR compliant. Workers can request their data or ask for deletion
  • Cannot be downloaded. No bulk export of the operative database

Access Controls

  • Login required. Email and password to access the system
  • Role-based access. Directors see everything, Site Managers see their sites
  • Two-factor available. Extra security layer if wanted
  • Full audit trail. Every action logged (who did what, when)

Data Isolation

Each user only sees their own organisation's data. The database enforces this automatically, making it impossible to access another company's operatives.

No Bulk Downloads

Per BOS Bible: Controls in place to ensure the operative database cannot be bulk exported. Your data stays in the system.

Technical Detail: Row-Level Security

rls_policy.sql 
-- Users only see their organization's data
CREATE POLICY "org_isolation"
ON operatives FOR SELECT
USING (
  organization_id = (
    SELECT organization_id
    FROM users
    WHERE id = auth.uid()
  )
);
Timeline / 010

Implementation Timeline

Phase 1

Discovery & Foundation

Requirements, database, auth setup.

2 Weeks
Phase 2

Core Build

Operatives, sites, allocations, compliance.

6 Weeks
Phase 3

Communications

WhatsApp, Sophie AI, NCR flow.

3 Weeks
Phase 4

Polish & Deploy

Testing, training, go-live.

3 Weeks

Deliverables

Phase 1

✓ Database live
✓ Auth working
✓ Dashboard shell

Phase 2

✓ Operative management
✓ Document tracking
✓ Allocations

Phase 3

✓ WhatsApp connected
✓ Sophie live
✓ NCR via WhatsApp

Phase 4

✓ UAT complete
✓ Training done
✓ Go-live

Protection / 011

Your Project is Protected

Cold Lava maintains comprehensive insurance coverage and built-in safeguards to protect your investment at every stage.

Professional Indemnity

Protection against claims arising from professional advice, design decisions, or work that doesn't meet the agreed specification.

Design Errors Breach of Duty Negligence

Cyber Insurance

Comprehensive coverage for digital threats including data breaches, ransomware attacks, and system compromises during development.

Data Breach Incident Response Recovery Costs

Legal Expenses

Coverage for legal costs arising from contract disputes, IP matters, or regulatory inquiries related to the project delivery.

Contract Disputes IP Protection Compliance

Key Person Insurance

Life and critical illness cover for key team members. If the unexpected happens, your project remains funded and protected.

Life Cover Critical Illness Project Continuity
Architecture Sign-Off / 012

Architecture Approval

Review the technical architecture. Confirm this matches your operational requirements.