Building Syndical: a complete end-to-end employee benefits management system

The origin story

Early in my career, I worked with the public sector and was also a public servant myself for a period. During that time, I noticed a recurring complaint among public servants: unions failed to deliver tangible short-term benefits. The traditional union model focused on long-term negotiations and collective bargaining, but workers needed immediate value—health services, fitness programs, training opportunities, and benefits for their families.

This disconnect between union services and worker needs became the foundation for a new business model: benefits as a service. Instead of relying solely on traditional union activities, we designed a system where unions could partner with private companies—health institutions, fitness centers, training providers, and family benefit providers—to deliver immediate, tangible value to their affiliates.

The solution was a success. We deployed it across Rio de Janeiro state, covering multiple unions and serving thousands of public servants. The system still runs today in many of these organizations.

However, scaling this model revealed technical challenges: managing partnerships, tracking referrals, processing tickets, and maintaining audit trails across multiple unions and thousands of members required a robust system. Traditional solutions were heavyweight, expensive, and difficult to customize for the specific needs of unions and organizations managing benefits.

Syndical was built to solve these problems—a lightweight, flexible system that makes it easy for unions and organizations to manage partnerships, track benefits, and deliver value to their members while maintaining full audit trails and compliance.

What Syndical does

Syndical enables the benefits as a service model by providing complete end-to-end management for the employee and partner lifecycles:

Employee lifecycle management

The system handles the entire employee journey:

• Onboarding and enrollment
• Benefit selection and changes
• Partner referral tracking (direct or via ticket)
• Status updates and notifications
• Termination and offboarding

Partner integration and referrals

Syndical supports two referral models:

• Direct referrals: Partner services accessed directly through the platform
• Ticket-based referrals: Requests routed through a ticketing system for complex workflows

This dual approach allows organizations to support both simple, automated referrals and complex, multi-step processes that require human intervention.

Audit and compliance

Every action in the system is logged with a complete audit trail, enabling:

• Compliance reporting for regulatory requirements
• Historical tracking of benefit changes
• Investigation and troubleshooting
• Data retention and archival

Multi-user and role-based access

The system supports multiple users with role-based access control, allowing organizations to:

• Define roles and permissions granularly
• Restrict access to sensitive information
• Enable self-service for employees
• Provide administrative access for HR teams

Deployment flexibility

Syndical can be deployed in two ways:

• On-premise: For organizations requiring data to remain within their infrastructure
• SaaS: For organizations wanting fast deployment without infrastructure management

The same codebase supports both deployment models, enabling organizations to choose based on their requirements without vendor lock-in.

Technology stack

Backend: PHP

PHP provides a mature, stable foundation for the backend logic. The choice was driven by:

• Wide availability of hosting options
• Ease of deployment and maintenance
• Extensive ecosystem of libraries and frameworks
• Performance sufficient for the workload
• Lower operational complexity compared to more modern alternatives

Database: MySQL

MySQL serves as the persistent storage layer:

• Reliable and battle-tested for transactional workloads
• Excellent performance for read-heavy HR systems
• Strong data integrity and ACID compliance
• Easy backup and replication
• Widely supported across hosting providers

Frontend: Bootstrap

Bootstrap provides the frontend framework:

• Responsive design out-of-the-box
• Consistent UI components
• Reduced frontend development time
• Wide browser compatibility
• Customizable themes for branding

Architecture principles

The system follows several key architectural principles:

• Lightweight: Minimal dependencies, fast page loads, low resource consumption
• Customizable: Flexible configuration system allowing organizations to adapt the system to their workflows without code changes
• Audit-ready: Comprehensive logging ensures every action can be traced and reported
• Multi-user: Role-based access control with granular permissions
• Deployment-agnostic: Same codebase works for on-premise and SaaS deployments

Key features

Benefit enrollment and management

Employees can enroll in benefits, make changes during open enrollment periods, and track their benefit selections. Administrators can configure benefit plans, eligibility rules, and enrollment windows.

Partner referral system

The referral system supports two models:

Direct referrals: When an employee requests a service that can be provided directly by a partner, the system creates a referral and notifies the partner. This works for simple, automated services.

Ticket-based referrals: For complex services requiring additional steps or approvals, the system creates a ticket that can be routed through a workflow. This enables multi-step processes, approvals, and integration with external systems.

Employee lifecycle tracking

The system tracks every stage of an employee's lifecycle:

• Onboarding (new hires, transfers)
• Active employment (status changes, role updates)
• Benefit changes (enrollment, modifications, terminations)
• Offboarding (terminations, retirements)

Audit logging and compliance

Every action in the system generates an audit log entry with:

• Timestamp
• User who performed the action
• Action type and details
• Before/after state (for modifications)
• IP address and session information

These logs enable compliance reporting, troubleshooting, and historical analysis.

Multi-tenant architecture

For SaaS deployments, the system supports multi-tenancy:

• Data isolation between organizations
• Customizable branding and configurations per tenant
• Shared infrastructure with tenant-level resource limits

For on-premise deployments, each organization runs a dedicated instance with full control over data and configuration.

Customizable workflows

Organizations can customize:

• Benefit plans and eligibility rules
• Referral workflows and routing
• Approval processes
• Notifications and communications
• Data fields and forms
• Reporting and dashboards

Design decisions

Why PHP and MySQL?

The stack choice prioritizes pragmatism over trends:

• PHP: Mature, widely deployed, easy to maintain. While not the trendiest choice, it provides excellent value for this use case.
• MySQL: Battle-tested, reliable, and performant. Perfect for transactional HR workloads.
• Bootstrap: Reduces frontend development time while ensuring responsive design.

This stack reduces operational complexity, enables easier hiring, and lowers infrastructure costs—all while delivering the functionality organizations need.

Deployment flexibility

Supporting both on-premise and SaaS deployments from the same codebase was a critical requirement. The architecture uses:

• Configuration-driven feature flags
• Environment-based settings
• Abstraction layers for deployment-specific concerns (e.g., email, storage, authentication)

This enables organizations to choose the deployment model that fits their requirements without compromising functionality.

Lightweight architecture

The system is designed to be lightweight:

• Minimal external dependencies
• Efficient database queries
• Optimized page loads
• Resource-efficient hosting requirements

This reduces infrastructure costs, improves performance, and simplifies maintenance.

Audit-first design

Audit trails are not an afterthought—they're built into the core architecture:

• Every action generates a log entry automatically
• Logs are stored in a dedicated audit table
• Retention policies can be configured per organization
• Reports can be generated from audit logs

This ensures organizations always have the data they need for compliance and reporting.

Technical challenges and solutions

Challenge 1: Multi-tenancy for SaaS

Supporting multiple organizations in a SaaS deployment requires data isolation and resource management. The solution:

• Tenant ID in every database table
• Row-level security through application logic
• Resource quotas and limits per tenant
• Tenant-specific configurations and branding

Challenge 2: Deployment model flexibility

Supporting both on-premise and SaaS from the same codebase requires careful abstraction. The solution:

• Environment-based configuration
• Feature flags for deployment-specific features
• Abstraction layers for external services (email, storage, auth)
• Unified codebase with deployment-specific configurations

Challenge 3: Audit trail performance

Maintaining comprehensive audit trails without impacting performance requires optimization. The solution:

• Asynchronous logging for non-critical audits
• Indexed audit tables for fast queries
• Archival strategies for old logs
• Selective audit logging for high-volume operations

Challenge 4: Customization without code changes

Enabling customization without requiring code changes demands a flexible configuration system. The solution:

• Database-driven configuration tables
• Dynamic form generation
• Configurable workflows
• Theme and branding customization

Results and impact

Syndical has delivered:

• Complete lifecycle management for employees, collaborators, and public servants
• Dual deployment options enabling organizations to choose based on their requirements
• Partner integration with both direct and ticket-based referral models
• Full audit trails for compliance and reporting
• Multi-user support with role-based access control
• Lightweight architecture reducing infrastructure costs and complexity
• Customizable workflows adapting to organizational needs without code changes

The system demonstrates that pragmatic technology choices—PHP, MySQL, and Bootstrap—can deliver production-grade functionality when combined with thoughtful architecture and design.

Lessons learned

1. Pragmatism over trends: PHP and MySQL delivered excellent value for this use case, reducing complexity and costs while meeting all requirements.
2. Deployment flexibility matters: Supporting both on-premise and SaaS from the same codebase was a critical differentiator that enabled organizations to choose based on their needs.
3. Audit-first design: Building audit trails into the core architecture from the start ensures compliance and reporting capabilities are always available.
4. Configuration over code: Enabling customization through configuration rather than code changes reduces maintenance burden and increases adaptability.
5. Lightweight architecture: Minimizing dependencies and optimizing for efficiency reduces infrastructure costs and operational complexity.
6. Multi-user from day one: Building role-based access control into the foundation prevents security and access management issues later.

Conclusion

Syndical demonstrates that production-grade management systems can be built with pragmatic technology choices when combined with thoughtful architecture. The system's lightweight, customizable design enables organizations to manage employee benefits efficiently while maintaining flexibility for on-premise or SaaS deployment.

The key was prioritizing pragmatism, flexibility, and functionality over following the latest technology trends—delivering a solution that organizations can deploy, customize, and maintain with minimal complexity.