Admin Guide | Subscription Tracker

Quick Navigation

Daily Tasks Checklist
User Management
Social Discount Approval
Monitoring Earnings
Changing the Logo
Changing Admin Password
Google Analytics Setup
Google Ads / AdWords Setup
Payment Providers
Maintenance Mode
Security Best Practices
Database Backup

1 Daily Administration Checklist

Perform these tasks regularly to keep the website running smoothly:

Review the Dashboard — Check the Admin Dashboard for key metrics: new users, MRR, total revenue, and system health.
Approve/Reject Social Shares — Go to Social Shares and review any pending shares. Users need 3 approved shares to get the discount.
Check System Health — On the Dashboard, scroll down to "System Health & Monitoring" to check uptime, memory usage, database size, and suspended/expiring accounts.
Monitor Earnings — Review the "Accumulated Earnings" section to track revenue from Stripe, PayPal, Razorpay, and YooKassa.
Review Audit Log — Check the "Recent Admin Activity" at the bottom of the Dashboard for any unusual actions.
Check for Suspended Users — Go to Users and search for any flagged or suspended accounts.

Tip: Bookmark the admin dashboard and check it at the start and end of each business day.

2 User Management

From the Users page you can:

Search users by name or email using the search bar
View user details — click on any user to see their profile, subscription count, payment history, and social shares
Change a user's plan — manually upgrade/downgrade a user (e.g., for support issues or custom deals)
Suspend/Unsuspend — suspend accounts that violate terms of service. Suspended users cannot log in.
Delete a user — permanently remove a user and their data. This cannot be undone.

Warning: Deleting a user permanently removes all their data (subscriptions, notes, tasks, etc.). Only use for abandoned or test accounts.

3 Social Discount Approval

The social media discount system works as follows:

Users share Subscription Tracker on social media (Twitter, Facebook, LinkedIn, Instagram, TikTok, Reddit, or YouTube)
They submit the share URL through the app
You review each share in the Social Shares panel
Click the share URL to verify it's a real public post about Subscription Tracker
Click Approve or Reject with optional notes
Once a user has 3 approved initial shares, their plan automatically upgrades to the social discount version
Users must also share once per month to maintain the discount — these appear as "monthly" share type

What to check when reviewing:

Is the URL a real, publicly accessible social media post?
Does it mention Subscription Tracker positively?
Is it on the user's real account (not a throwaway)?
Is the post still live (not deleted after submission)?

How discounts apply: Starter plan with social discount: $5.99/mo. Pro plan with social discount: $19.99/mo.

4 Monitoring Earnings

The Admin Dashboard shows accumulated earnings from all payment providers:

Stripe — Credit/debit card payments (USD). Primary processor for Western markets.
PayPal — Global fallback payment method (USD).
Razorpay — India-specific payments (INR). Supports UPI, cards, netbanking.
YooKassa — Russia/CIS payments (RUB).

The dashboard shows:

Grand Total — all-time revenue across all providers
This Month — revenue for the current calendar month
Per Provider — breakdown with transaction counts
Per Plan — which plans generate the most revenue
Recent Transactions — last 10 completed payments

Note: For detailed financial reporting, also check each payment provider's dashboard directly:
Stripe Dashboard: dashboard.stripe.com | PayPal: paypal.com/business | Razorpay: dashboard.razorpay.com

5 Changing the Website Logo

Go to Settings
Scroll to the "Site Logo" section
Click "Choose File" and select your new logo (PNG, JPG, SVG, or WebP, max 5MB)
Click "Upload Logo"
The logo will be saved to /assets/images/ and the setting will be updated in the database
The new logo will appear across all pages that reference the site logo

Recommended: Use SVG format for best quality at all sizes. Recommended dimensions: at least 200x200px for raster images.

6 Changing the Admin Password

Go to Settings
Scroll to "Change Admin Password"
Enter your current password
Enter a new password (minimum 8 characters, must include uppercase, lowercase, and a number)
Confirm the new password
Click "Change Password"

The password is encrypted using bcrypt with 12 salt rounds before being stored in the database. The plaintext password is never stored.

Security: Change your password from the default (Admin123!) before going live. Use a strong, unique password with special characters.

7 Google Analytics (GA4) Setup

Go to Google Analytics and create a GA4 property
Go to Admin → Data Streams → Add Stream → Web
Enter your domain (e.g., aisubtracker.com)
Copy the Measurement ID (format: G-XXXXXXXXXX)
Go to Admin Settings → Analytics & Tracking
Paste the Measurement ID and click "Save All Settings"
The GA4 tracking code will automatically be injected into all pages

Google Tag Manager (optional but recommended):

Go to Google Tag Manager and create a container
Copy the Container ID (format: GTM-XXXXXXX)
Paste it in the "GTM Container ID" field in Settings
GTM allows you to manage GA4, Ads, and other tags without code changes

8 Google Ads / AdWords Setup

In your Google Ads account, go to Tools → Conversions
Create a new conversion action (e.g., "Sign Up", "Purchase")
In the tag setup, copy your Conversion ID (format: AW-XXXXXXXXX)
Also copy the Conversion Label for each specific conversion
Go to Admin Settings → Analytics & Tracking
Enter the Google Ads Conversion ID and Label
Click "Save All Settings"

Remarketing: The Google Ads tag automatically enables remarketing audiences. You can create remarketing lists in Google Ads based on page visits.

Best practice: Use Google Tag Manager to manage Ads conversion tags. Create GTM triggers for key events (registration, payment success) for accurate conversion tracking.

9 Payment Provider Configuration

Payment provider API keys are configured via environment variables (the .env file). They are not stored in the database for security.

Required environment variables:

Stripe: STRIPE_PUBLISHABLE_KEY, STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET, and price IDs for each plan
PayPal: PAYPAL_CLIENT_ID, PAYPAL_CLIENT_SECRET
Razorpay: RAZORPAY_KEY_ID, RAZORPAY_KEY_SECRET
YooKassa: YOOKASSA_SHOP_ID, YOOKASSA_SECRET_KEY

Stripe Webhook Setup:

In the Stripe Dashboard, go to Developers → Webhooks
Add endpoint: https://yourdomain.com/api/payments/stripe/webhook
Select events: checkout.session.completed, customer.subscription.deleted, invoice.payment_failed
Copy the Webhook Signing Secret to your .env file

10 Maintenance Mode

Enable maintenance mode from Settings when you need to:

Perform database migrations or backups
Deploy major updates
Fix critical bugs

When enabled, non-admin visitors will see a maintenance page. Admin users can still access all pages normally.

11 Security Best Practices

Change the default admin password before going live
Set a strong JWT_SECRET in your .env file (32+ random characters)
Use HTTPS in production (Vercel provides this automatically)
Keep dependencies updated — run npm audit regularly
Never commit .env to version control
Set FRONTEND_URL to your actual domain to restrict CORS
Review the audit log regularly for suspicious activity
Rate limiting is enabled: 200 requests per 15 minutes for API, 10 for login attempts
Helmet.js security headers are enabled (XSS protection, content type sniffing prevention, etc.)

12 Database Backup

The SQLite database is stored at server/database.sqlite. To back up:

Simply copy the database.sqlite file to a safe location
On Vercel, you can download it via vercel files pull server/database.sqlite
For automated backups, set up a cron job or CI/CD step to copy the file to cloud storage (S3, GCS, etc.)

Important: Back up the database before any major update or migration. If using Vercel serverless, note that the filesystem is ephemeral — consider migrating to a persistent database (e.g., Turso, PlanetScale) for production.

Administration Guide