Product Blueprint · 2026
PN
PostNova
Instagram Scheduling SaaS Platform

The Complete
Product Vision

A full-stack platform for scheduling Instagram content automatically — built for agencies, brands, and creators who need reliable, scalable, and fully controlled automation.

✦ Auto-Publishing 24/7 ◎ Multi-Account Management ✅ Approval Workflow ⊡ Instagram Grid Preview 🏢 Agency Workspace 📊 Analytics & Reporting 🔐 Admin-Controlled Access
3
Account Tiers
50+
Features
24/7
Auto-Publish
Posts / Month
↓ scroll to explore
01How It Works

From account creation
to published post

A step-by-step walkthrough of the entire PostNova experience — from the admin creating your account right through to Instagram publishing your content automatically while you sleep.

1
Admin Creates Your Account
🔐
All accounts on PostNova are created by a platform administrator — there is no public sign-up page anywhere on the platform. The admin assigns your account type (Client or Agency), selects your plan, sets how many Instagram accounts you can connect, and decides how long your account is active. You receive your login credentials directly from the admin.
Admin-controlled only No public sign-up Custom limits per user Expiry date enforced
2
Sign In to Your Dashboard
Log in with your email and password — no registration form, no verification email. Your personal dashboard loads instantly showing your scheduled posts, an analytics overview, upcoming content, recent activity, and your notification centre. First-time users are guided through a quick 4-step interactive onboarding tour.
Secure JWT session Instant dashboard 4-step onboarding tour Dark / light theme
3
Connect Instagram Accounts
Connect your Instagram Business accounts via a Meta access token. Connection status is monitored continuously — expired tokens are flagged automatically with a one-click reconnect prompt. Your plan determines how many accounts you can connect simultaneously, and the admin can adjust this limit at any time without disrupting your existing posts.
Instagram Business only Plan-limited slots Auto expiry detection One-click reconnect
4
Build Your Media Library
Upload images (JPEG, PNG, GIF, WebP) and videos (MP4, MOV, AVI) up to 100MB each. Your media library is searchable, filterable by type, and fully reusable — the same image or video clip can be used across multiple scheduled posts without re-uploading. Tag and organise your assets for faster scheduling.
Images + Videos 100MB per file Reusable across posts Searchable + taggable
5
Schedule a Post
Select your Instagram account, pick or upload media, write your caption — the built-in counter shows your character count against Instagram's 2,200 limit. Hashtag suggestions ranked by your own engagement history appear as you type. The Best Times panel recommends optimal publishing slots based on your account's past performance. A live phone mockup shows exactly how your post will appear in followers' feeds before you commit.
Live phone preview AI hashtag suggestions Best time engine Feed · Reel · Story 2,200-char counter
6
Approval Workflow (Agency Accounts)
For sub-clients managed by an agency, every post automatically enters a Pending Approval state rather than going directly to Scheduled. The agency owner is notified instantly. They review the post in the Approval Queue and either approve it (moves straight to Scheduled), request changes (returns to the author with written feedback), or reject it. Every decision is permanently logged and both parties are notified in real-time.
Draft → Pending → Approved Written reviewer comments Instant notifications Full decision history
7
Auto-Published to Instagram
🚀
A background scheduling engine runs continuously — checking every 60 seconds for posts due to publish. When it's time, it calls Instagram, publishes your content, and saves the live permalink. You receive an instant in-app notification on success. On failure, the engine automatically retries up to 3 times at 5-minute intervals before sending a failure alert.
Auto-publishes 24/7 3 auto-retries on failure 5-minute retry spacing Full audit log per post
8
Track Performance
📊
After publishing, refresh analytics to pull likes, comments, saves, reach, and impressions directly from Instagram. View 7, 14, or 30-day engagement trend charts. See your top-performing posts ranked by engagement rate. Export all data as a CSV spreadsheet, or generate a visual Grid Preview PDF to share with clients at review sessions.
Likes · Comments · Saves Reach · Impressions CSV export PDF grid report
02Account System

Three-tier account hierarchy

PostNova operates on a completely controlled access model — no public registration exists anywhere on the platform. Every account is created by an administrator, with precise limits set per user.

👑 Platform Administrator
Admin
The master account with full platform visibility — all users, all posts, all data. The only role that can create Agency accounts and has unrestricted access to every feature.
Can do
Create agency accounts with custom limits
Create client accounts directly
Suspend, reactivate, or delete any account
Reset any user's password instantly
Change any account's plan
View all posts system-wide
Approve or reject any post
See full admin analytics dashboard
Accounts created: Unlimited
Instagram accounts: Unlimited
Posts per month: Unlimited
🏢 Agency Owner
Agency
Created by Admin only. Manages its own portfolio of clients within the limits the admin sets. Gets a dedicated workspace showing all client activity, an approval queue, and quota tracking.
Can do
Create up to 50 sub-client accounts
Set each client's Instagram limit (from shared pool)
Approve or reject clients' posts before publish
View all clients' posts in one workspace
Suspend / reactivate any client account
Monitor IG pool usage and client quotas
Cannot create other agency accounts
Cannot access the admin panel
Sub-clients: Up to 50
IG account pool: Shared 500 across all clients
Set by: Admin when creating agency
👤 Client
Client
Created by Admin or Agency. Manages content for their own Instagram accounts. Posts are routed through the approval queue if created by an agency — and go straight to Scheduled if created directly by Admin.
Can do
Connect Instagram accounts (up to their limit)
Schedule Feed posts, Reels, and Stories
Manage their own media library
View their own analytics
Save posts as drafts for later
Submit posts for agency approval
Cannot create any accounts of any kind
Cannot see other clients' data
Instagram accounts: Set by Admin/Agency
Posts: Based on plan
Account expiry: Set by Admin/Agency
Account Creation Flow
👑 Admin
→ creates →
🏢 Agency
→ assigns →
max clients: 50 · IG pool: 500
Agency can then create up to 50 sub-client accounts, distributing IG account slots from their shared pool of 500
🏢 Agency
→ creates →
👤 Client A · 5 IG
+
👤 Client B · 10 IG
+
👤 Client C…
5 + 10 + … cannot exceed the agency's pool of 500 total. Each client is fully isolated — they see only their own data.
👑 Admin
→ can also directly create →
👤 Direct Client
Posts skip approval → straight to Scheduled
Clients created directly by Admin have no approval workflow. Their posts go immediately to the scheduled queue.
Important: Public registration is completely disabled. There is no "Sign Up" button or link anywhere on the platform. Only the Admin can create accounts — giving you absolute control over who can access PostNova and what they can do within it.
03Complete Feature Set

Everything PostNova does

A full breakdown of every capability across the platform — from content creation to agency management.

📅
Smart Post Scheduler
Schedule Feed posts, Reels, and Stories with caption control, AI hashtag suggestions, and a real-time Instagram phone preview.
Live Instagram phone preview as you type
Upload or pick from media library
AI hashtag suggestions ranked by engagement
Best Times to Post recommendations
2,200-character caption counter
Bulk schedule up to 50 posts at once
Reusable caption templates
One-click post duplication
🤖
Auto-Publishing Engine
A background daemon runs continuously, publishing your content exactly on schedule — without any manual action from you.
Checks for due posts every 60 seconds
Calls Instagram automatically at publish time
3 auto-retries on failure, 5 mins apart
Full per-post audit trail
Real-time queue monitor panel
Daily cleanup of old records at 3am
Approval Workflow
For agencies — every sub-client post goes through review before it can publish. Nothing goes live without sign-off.
Save posts as drafts to work on later
Submit for approval with one click
Approve, reject, or request changes
Reviewer adds written comment on decisions
Instant in-app notifications both ways
Full approval history logged per post
Sub-clients auto-route to approval queue
Instagram Grid Preview
See your Instagram feed as followers see it — posted and upcoming posts combined in a 3-column grid view.
3-column grid just like Instagram's feed
Last 6 posted + next 9 scheduled together
Colour-coded by post status
Click any tile to edit that post
Upcoming feed order list alongside
Export full grid as a PDF report
🏢
Agency Workspace
Agency owners get a private workspace showing all client activity, quota usage, and an approval queue — all in one place.
All clients visible at a glance
Filter posts by individual client
IG account pool usage tracking
Create and manage sub-client accounts
Suspend or reactivate any client
Set per-client limits and expiry dates
📊
Analytics Dashboard
Engagement data from Instagram, displayed as trend charts and performance rankings so you always know what works.
Likes, comments, saves, reach, impressions
7 / 14 / 30-day engagement trend charts
Top posts ranked by engagement rate
Per-account performance breakdown
One-click analytics refresh from Instagram
Export all data as CSV
🗓️
Content Calendar
A full monthly calendar view of all scheduled content — with drag-and-drop rescheduling.
Full monthly grid with post indicators
Drag a post to a new day to reschedule
Click any day to open schedule modal
Colour-coded by post status
Mini calendar on dashboard for quick view
IG Account Management
Connect and monitor multiple Instagram Business accounts with built-in token health checking.
Connect via Meta access token
Auto-detects expired tokens
One-click reconnect
Follower count and post stats visible
Per-user account limits enforced
Admin Control Panel
Full platform management — users, plans, limits, publishing logs, and account lifecycle from one dashboard.
Create agency and client accounts
Set IG limits, validity, plan per account
Suspend / reactivate accounts instantly
Reset any user's password
Search and filter all accounts
View system-wide publishing audit logs
🔔
Notifications Centre
Real-time in-app alerts for every significant event across the platform.
Post published / failed alerts
Approval requested / decision alerts
Account expiry warnings (7 days before)
IG account expired / reconnect prompts
Unread badge + mark-all-read
Team Management
Invite team members with specific roles for collaborative content management within an account.
Owner / Admin / Editor roles
Invite by email address
Pending → Active → Removed states
Remove members at any time
📋
Productivity Tools
A set of time-saving tools that make recurring workflows dramatically faster.
Caption templates — save and reuse
Bulk schedule up to 50 posts at once
Duplicate any post to a new date
CSV export of all posts and analytics
Queue monitor — overdue + due-soon view
Dark / light theme with local preference save
04Approval Workflow

Nothing goes live without sign-off

For agencies managing clients, every post goes through a structured review before it's allowed to publish. Each state is tracked, notified, and permanently logged.

📝
Draft
Saved,
not submitted
Pending
Submitted
for review
👀
In Review
Approver
is reviewing
Approved
Moves to
Scheduled
🔄
Changes
Edits needed,
resubmit
📅
Scheduled
Queued to
auto-publish

How it works in practice

When a sub-client (any account belonging to an agency) schedules a post, it automatically enters Pending Approval rather than going straight to Scheduled. The agency owner is notified instantly.

The approver opens the Approval Queue, reviews the caption, image, and scheduled time, then either Approves — the post moves immediately to Scheduled and will auto-publish on time — Requests Changes — the post returns to the client with a written comment explaining what needs fixing, and the client edits and resubmits — or Rejects — the post is cancelled with a reason logged. Every decision is recorded in the post's full approval history and both parties receive instant in-app notifications.

Who can approve
Admin — can approve any post across the entire platform
Agency owner — can approve posts from their own sub-clients only
Direct clients (no parent agency) — posts skip approval, go straight to Scheduled
Sub-clients — cannot approve. Posts auto-submit to their agency's queue
Reviewer actions
Approve — post immediately enters Scheduled and publishes automatically at the set time
Request Changes — post returns to client with written feedback; client edits and resubmits
Reject — post is cancelled with a written reason; client receives notification
Quick Approve — instant approval for trusted content without opening the full review panel
05Instagram Grid Preview

Plan your feed aesthetic
before anything goes live

The Grid Preview combines your last published posts with upcoming scheduled ones in a real Instagram-style 3-column layout — so you can check visual flow and consistency before committing.

🌅
🎬
🍃
🌊
🎨
💫
🔥
📸
Posted
Scheduled
Pending
Select any account
Choose which connected Instagram account to preview. Each account shows its own feed — the last 6 published posts combined with the next 9 scheduled or pending ones.
Click any tile to edit
Clicking on any tile in the grid opens the post editor — you can change the caption, reschedule to a different time, submit for approval, or cancel the post directly from the grid view.
Export as a PDF
Generate a full Grid Preview PDF report showing the visual feed layout plus a detailed post-by-post schedule table. Ideal for client review sessions, sign-off presentations, or monthly content reports.
06Analytics

Know what's actually working

Engagement data pulled directly from Instagram and presented as trend charts and performance rankings — so you always know which content resonates most.

48.2K
Total Reach
↑ 18% this month
12.4K
Total Likes
↑ 22%
3.8K
Comments
↑ 9%
6.2%
Avg. Engagement
↑ 5%
30-Day Engagement Trend
Wk 1Wk 2Wk 3Now ↑
What's tracked
Likes per post
Comments per post
Saves per post
Reach + Impressions
Engagement rate %
Top posts ranking
Per-account breakdown
Hashtag performance
Best posting times
07Scheduling Engine

Posts publish automatically,
on time, every time

A background engine runs continuously — no manual action required, ever. Your content publishes exactly when scheduled, whether you're online or not.

Scheduled
Post saved with date + time. Engine picks it up when due.
60s Tick
Background engine scans for due posts every minute.
📡
Publishing
Calls Instagram to publish your media and caption.
Published
Permalink saved. You receive an instant notification.
🔄
Retry
Up to 3 retries, 5 mins apart. Alert sent if all fail.
Queue Monitor: A dedicated Queue Monitor page gives a real-time view of overdue posts, posts currently publishing, posts due in the next hour, and any that failed today — so nothing slips through unnoticed.
08Security

Built secure by design

Every layer of the platform has security controls built in from the ground up — not added as an afterthought.

🔐
Password Security
Passwords hashed with PBKDF2-SHA256 — never stored in plaintext. Industry-standard adaptive cost factor makes brute force attacks computationally infeasible.
🎫
Secure Sessions
Session tokens are set as HttpOnly + SameSite cookies — completely inaccessible to JavaScript, preventing XSS-based token theft. 7-day session lifetime.
🚦
Rate Limiting
Login endpoints are rate-limited to block brute force credential attacks. Consistent rate limits applied across all actions throughout the platform.
🔒
Complete Data Isolation
Every single database query filters by user ID. Users can only ever access their own data — full isolation enforced at the database layer, not just the application layer.
📁
Safe File Uploads
All filenames are sanitised before saving. A strict MIME type whitelist is enforced server-side. 100MB size cap applied before any file touches the server.
👑
Role Enforcement
Admin, Agency, Client, and Approval routes each independently verify the user's role and account type on every single request. No privilege escalation is possible.
Account Expiry
Accounts with an expiry date are automatically blocked the moment they expire — even if their session token is technically still valid. A warning banner appears 7 days before expiry.
🔑
Secret Management
All credentials, signing keys, and configuration values are loaded from environment variables at runtime — never hardcoded in the source code or committed to version control.
🛡
SQL Injection Prevention
Every database query uses parameterised statements with placeholders. No string concatenation in SQL ever. Foreign key constraints enforced at database level.
09System Architecture

How everything connects

A visual map of how the frontend, backend, database, scheduler, and all account types interact — from a client logging in to a post auto-publishing on Instagram.

USERS FRONTEND BACKEND DATA EXTERNAL 👑 Admin Platform master Creates all accounts 🏢 Agency Created by Admin Manages clients 👤 Client A Agency sub-client Posts need approval 👤 Client B Direct (Admin-made) No approval needed creates creates Single Page Application — index.html (Vanilla JS) Dashboard Stats · Calendar Mini chart Scheduler Post list · Filters Bulk · Templates Grid Preview Feed mockup PDF export Approval Queue Review · Approve Reject · Feedback Agency WS Clients · Posts Quota · Stats Analytics Charts · Trends Top posts Admin Panel Users · Logs Plans · Config Media · Calendar Team · Notifs Accounts · Plans 🔐 Auth Service Login / Logout JWT token generation Password hashing Account status check Expiry enforcement PBKDF2-SHA256 📅 Posts Service Create / Edit / Delete Bulk scheduling (50) Templates / Duplicate Draft routing logic Calendar / Export Sub-client → auto-pending ✅ Approval Service Submit for review Approve → Scheduled Reject / Changes req. Reviewer comments Audit trail per post Notifies both parties 🏢 Agency Service Create sub-clients Limit enforcement IG pool tracking Workspace posts Suspend / Reactivate Max 50 clients · 500 IG ⚙ Auto-Publisher Background daemon Polls every 60 seconds Publishes via IG API 3 retries on failure Logs + notifications Runs 24 / 7 always-on 🗄 SQLite Database users · posts · instagram_accounts media · analytics · post_approvals WAL mode · FK constraints · 12 tables 📁 Media Storage /public/uploads/<user_id>/ Images · Videos · 100MB cap Local disk · MIME-validated 🎫 JWT Sessions HttpOnly + SameSite cookies 7-day expiry · Role + type claims HS256 signed · Never in localStorage 🔔 Notifications Table post_published · post_failed · approval_requested approval_granted · post_rejected · account_expiry Real-time in-app · Read / unread state 📱 Instagram Graph API Media Publish · Analytics Pull · Account Info · Webhook Events API calls Publish posts Analytics pull submit approve Admin actions Agency / approval flow Client data flow DB read / write Instagram API calls Notification triggers
Post Lifecycle — Agency Sub-Client vs Direct Client
Agency Sub-Client Approval required
📝
Save as Draft
Client works on caption, picks media, sets time
📤
Submit for Approval
Status → Pending · Agency notified instantly
👀
Agency Reviews
Opens Approval Queue · Views post content
✅ Approved
→ Scheduled
🔄 Changes
→ Back to draft
❌ Rejected
→ Cancelled
🚀
Auto-Published
Engine publishes at exact scheduled time
Direct Client No approval needed
Create Post
Pick media, write caption, choose time
📅
Scheduled Immediately
Status → Scheduled · No review step
Engine Picks Up
Background daemon scans every 60 seconds
📡
Published to Instagram
Status → Posted · Permalink saved
✅ Success
You're notified
⚠ Failure
3 retries, then alert
Account Creation & Limit Enforcement Flow
👑 Admin Platform master Unlimited power creates 🏢 Agency Set by Admin: max_sub_accounts: 50 max_ig_total: 500 ⚖ LIMIT CHECK sub_clients < max_sub_accounts? ig_pool_used + new_ig ≤ max_ig_total? ✅ Both pass → Create client ❌ Either fails → 402 Error Remaining slots shown in message pass 👤 Client Created with: max_ig_accounts: X parent_id: agency.id ◎ IG Accounts Client connects up to max_ig_accounts slots Counted in agency pool Role: admin user_type: agency user_type: client Connected to Instagram Agency pool counter: Client A (5 IG) + Client B (10 IG) + … must always stay ≤ max_ig_total (500). Enforced server-side on every new client creation and IG account connection.