Strategic proposal · May 2026

Modernising the
Gaura Pearls shop platform.

A practical, low-risk path from today's Gambio setup to a custom-built operational layer — without losing a single Google ranking, customer review, or marketplace listing along the way.

Approach Portal-first
Time to daily value ~3 months
Cowork build budget ~€0.7–1.6k
Decision today Just Stage A
Executive summary

The short version

Recommendation in one paragraph

Don't decide today whether to replace Gambio. Build a custom operational Portal first — the admin tool that fixes article loading, AI content, image processing, and multi-channel publishing — and run it against Gambio's existing REST API. That delivers most of the daily-workflow value in roughly three months at minimal risk. After living with the Portal for a quarter, you'll have evidence rather than predictions about whether Gambio's customer-facing storefront is genuinely a ceiling on the business. If yes, we already have a designed and costed migration path. If no, you save four months of work and stay on a stable foundation.

Where we are today

A working shop, surrounded by good services.

The current architecture is a stable Gambio core attached to roughly fifteen specialised SaaS products. Most of those are not "Gambio things" — they're independent services we'd keep regardless of what runs the storefront.

What's working

Mature ecosystem

Lexoffice handles accounting. Magnalister handles Otto and Amazon. Shopvote handles reviews. IT-Rechtskanzlei keeps legal texts current. PayPal, Amazon Pay, DHL are well-integrated. Every one of these stays untouched in any scenario.

Where the pain is

Manual everything

Loading new articles means hours of manual data entry. The Gaura Pearls supplier flow has no API — pure copy and paste. Publishing across channels is repetitive. Image preparation is manual. AI-assisted descriptions are nonexistent. Admin UX is dated.

The strategic question

Do we really need to replace Gambio — or does an operational portal solve the actual problem?

An honest rating

How Gambio scores, dimension by dimension

A defensible read of the platform's strengths and weaknesses for a high-AOV jewellery brand in 2026.

Storefront UX (customer)
5–6
Functional, mobile-responsive, converts at industry average. Doesn't feel "premium" — under-sells a high-emotion purchase like pearls.
Core Web Vitals / performance
4–5
PHP + Smarty templates. LCP and INP on mobile typically amber/red without aggressive tuning. Google ranks this dimension harder year by year.
Mobile experience
5–6
Responsive but retrofitted. Acceptable, not delightful. Doesn't feel "thumb-native" the way a modern shop does.
Search / filtering / merchandising
4
Keyword search is weak. Faceted filtering is rigid. No personalisation. Most serious Gambio shops bolt on Algolia or similar.
Admin UX (you and the team)
4–5
The pain you already feel. Slow, multi-step workflows for things that should be one click. The Portal exists precisely to make this score irrelevant.
Customisation
3–4
Possible via GXModules but every customisation is a small PHP project. You can change anything; you cannot change anything quickly.
German legal compliance
9
Strongest dimension by far. GoBD, Verpackungsgesetz, EU-VAT/OSS, Widerrufsbelehrung, IT-Rechtskanzlei plugin support — all native and battle-tested.
DE ecosystem / plugins
9
Magnalister, Lexoffice bridges, Trusted Shops, Shopvote, Mailbeez, every major DE payment provider, DHL. The ecosystem is a real asset.
Stability / reliability
8
Doesn't crash. Releases are predictable. German support is responsive. Boring in a good way.
Total cost of ownership
7
Licence + hosting + plugins is reasonable. Upgrade pain every 12–18 months is real but manageable.

The honest summary: Gambio is a competent commodity engine that's strong where it touches the German tax authority and weak where it touches the customer. That's a defensible position for many shops. It is not a defensible position if we want to compete on brand experience and convert luxury shoppers — which is precisely the territory pearls occupy.

Why this matters for pearls specifically

Pearls are an emotional purchase.

Average order value is high. Customers spend serious time on each product page. The storefront has to do work that a commodity shop's never does.

Eight things a pearls customer expects on a product page:

Lingering photography
Multiple angles. Video. Zoom that doesn't suck.
Education
Akoya vs. Süßwasser. AAA grading. Care guide.
Comparison tools
Length, clasp type, pearl size side-by-side.
Trust signals
Certificates, returns, expert advice button.
Professional model imagery
Pearls on a person, not just on velvet.
Gift logic
Wrapping, messaging, delivery scheduling.
Mobile parity
High-AOV jewellery is bought on the phone in the evening.
Speed
Every second on LCP costs conversions on premium goods.

Gambio's stock storefront delivers maybe four of those eight well. A custom storefront delivers all eight. That's the actual gap — and the actual upside — under discussion.

The decision frame

Three paths, side by side.

Not "build vs don't build." The choice is how far we go — and if we leave Gambio, whether we own the storefront or rent it.

Path 1 · Lowest risk

Portal only

Keep Gambio storefront
~3 person-months total
Daily-workflow pain fully solved
Storefront UX unchanged
Mobile / Core Web Vitals capped by Gambio
Zero SEO migration risk
Highly reversible
Locked into Gambio's roadmap & pricing
Total build · 5-yr platform cost~3 PM · Gambio licence + Antagus
Path 2 · Full control

Portal + custom storefront

Full replacement, built by us
~7 person-months total
Daily-workflow pain fully solved
Fully differentiated, brand-aligned UX
Best-in-class mobile / CWV
Conversion uplift: +10–25%
SEO migration risk — manageable
Free of platform & licence fees
Total build · 5-yr platform cost~7 PM · ~€20–50/mo hosting
Path 3 · Platform leverage

Portal + Shopify

Migrate storefront to Shopify
~5 person-months total
Daily-workflow pain fully solved
Premium themes, modern feel out of box
Native mobile / CWV strength (Shopify CDN)
Conversion uplift: +10–25%
SEO migration risk — URLs change, must 301
Platform lock-in (data exports, theme doesn't)
Total build · 5-yr platform cost~5 PM · ~€130–180/mo all-in

The recommendation

Commit to Path 1 now. Defer the Path 2 / Path 3 decision by three months. After running daily operations through the Portal for a quarter, we will know — with evidence, not speculation — whether Gambio's storefront is the real ceiling on the business. If it is, we choose between owning a custom build (Path 2) or leveraging Shopify's platform (Path 3) based on what the data and the team's appetite say at that point.

Signals to leave Gambio

  • Mobile conversion stays flat while desktop grows
  • The team repeatedly hits a storefront capability the theme can't gracefully express
  • Core Web Vitals keep failing despite optimisation
  • A competitor converts visibly better on storefront UX
  • We decide to push into premium positioning

Path 2 (custom) vs Path 3 (Shopify)

  • Path 3 if: predictable monthly cost beats variable effort; minimal infra ownership; speed-to-launch matters
  • Path 2 if: full pixel control matters; you'd rather pay in effort than subscription; no lock-in
  • Path 3 if: the category fits Shopify's premium theme ecosystem — and high-AOV jewellery does
  • Path 2 if: differentiation is the goal and Cowork dev capacity is reliably available
Our actual spend

Build it ourselves, then run it.

Two numbers per path: what we pay during the build, and what we pay every month after launch. Claude Cowork at the top-tier Max plan ($200/mo, x20) is our build team and our ongoing dev capacity.

Path 1 · Portal + Gambio

Keep current platform

Build (one-time, 3 months) ~€700
Monthly running, all-in ~€580
5-year total
~€35.5k
Path 2 · Portal + Custom shop

Self-hosted, owned by us

Build (one-time, 7 months) ~€1.6k
Monthly running, all-in ~€415
5-year total
~€26.5k
Path 3 · Portal + Shopify

Platform leverage

Build (one-time, 5 months) ~€1.4k
Monthly running, all-in ~€521
5-year total
~€32.7k
Monthly service breakdown

What each monthly bill is actually made of.

All amounts in EUR per month. Common services (Lexoffice, Magnalister, Shopvote, IT-Rechtskanzlei, PayJoe) are required under every path and bundled at the bottom.

Service Path 1 Path 2 Path 3
Gambio licence €50
Antagus dedicated hosting €120
Self-hosted VPS (small) €40
Shopify Grow plan €46
Lexoffice Shopify app €30
Theme apps (search, popups, etc.) €60
Sticky ERP + Easyinvoice (Gambio bridges) €45
Email marketing (Mailbeez / Brevo / Klaviyo) €30 €40 €50
Claude Max x20 (ongoing dev capacity) €185 €185 €185
Common services (Lexoffice + Magnalister + Shopvote + IT-Rechtskanzlei + PayJoe) €150 €150 €150
Monthly total, all-in ~€580 ~€415 ~€521

Path 2 is cheapest because there is no platform licence and no Shopify subscription. Path 1 is most expensive because the Gambio licence, Antagus hosting, and Gambio-specific bridge plugins compound over time. Path 3 sits between them — predictable Shopify monthly cost in exchange for less infrastructure ownership.

What Cowork doesn't replace

Cowork is the engineering capacity; it isn't the CEO. Strategic decisions, brand voice, pearl-grading expertise, customer service, legal and tax sign-off, and operations all stay on our plate. What the numbers above show is the cash cost. Our time and attention are real and required at every step — what we save is external dev billing, not effort.

Path 2 vs Path 3 · in detail

What does Shopify actually do for us?

If we go custom (Path 2) instead of Shopify (Path 3), what are we replacing — and what can't we replace? Honest itemisation.

Shopify provides Can we build it? Note
Hosting + global CDN + SSL + DDoS Yes Cloudflare in front of a small VPS gives equivalent reach. ~€20–40/mo. Not a real gap.
PCI-DSS compliance Yes Stripe/PayPal hosted checkout shields us identically. We never touch card data in either path.
One-click checkout (Shop Pay) Partial Stripe Link is closest analogue. Shop Pay's network reach across all Shopify stores is unique — we lose this. Small revenue impact for first-time-buyer mix.
Apple Pay / Google Pay Yes Native in Stripe and PayPal. ~1 day of work.
Fraud detection at scale Yes Stripe Radar is excellent and built in. Less network-trained than Shopify's, but at our volume the difference is noise.
Premium themes (100+) Yes 4–8 weeks of Cowork work for a polished custom theme. Exact brand fit. No drag-drop section editor for non-developers.
App ecosystem (10,000+ apps) Per-app Each app becomes 1–5 days of custom work. Most we'd never need. The ones we need (reviews, search, email) we'd build or use standalone.
Admin UI (orders, refunds, discounts, gift cards) Partially Portal covers article-loading. Order management, refunds, customer service, gift cards — extra work in custom. Shopify's admin is its biggest moat.
EU VAT / OSS tax engine Yes Library-driven. Lexoffice as source of truth — same in both paths.
Multi-currency / multi-language Yes Standard libraries (next-intl, i18next). Already shipping to 10+ countries today, so this is non-negotiable in either path.
Sales analytics & reports Yes GA4 + PostHog + a few internal dashboards covers it. Shopify's are convenient, not irreplaceable.
Security patches (no work from us) Trade-off In Shopify, security is invisible. In custom, we own dependency updates and patch cycles. ~1 day/quarter of Cowork-supervised maintenance.
24/7 support and SLAs No If something breaks at 2am in custom, we're the on-call rotation. Mitigation: monitoring, alerts, good logs. Acceptable at our scale, not great.
Mobile app for store owners No Shopify's iOS/Android apps are convenient. Custom = mobile-responsive admin, a fraction of the value.
Shop Pay network effects No Real but small effect for our category. Premium-pearl buyers don't shop by "I have a Shop Pay account."
The three things we genuinely lose

What custom can't fully match.

01

Shop Pay's installed base

One-tap checkout for customers who've shopped at any Shopify store. Small revenue effect for a first-time-buyer-heavy mix, but real.

02

Hands-off operations

No on-call rotation, no dependency-update cycles, no "the server fell over at 3am" risk. Part of what Shopify's monthly fee buys is peace of mind.

03

Pre-built admin for unbuilt features

Gift cards, subscriptions, B2B wholesale, loyalty programs — Shopify ships these. In custom, each one is its own project the day we need it.

The counter-point

Shopify also charges us for capabilities we'd never use: subscription billing engine, multi-store, B2B wholesale tier, point-of-sale integration, 30+ payment gateways including ones with zero DACH share. Shopify is right-sized for the "average" Shopify shop — not for our specific shape of operation. A custom build only carries what we use.

Strategic verdict

Given our profile — established multi-country shop, premium positioning, first-time-buyer-heavy mix, no subscription or wholesale needs — the gap between Path 2 and Path 3 on delivered value is smaller than the €1,500 platform-cost differential suggests. Neither is wrong. Choose on the team's appetite for ownership vs leverage, not on cash.

Stage A · The Portal

What gets built first.

A self-contained operational layer that talks to Gambio via its REST API today, and graduates to talking to a custom shop later — without changing what the team sees.

Stage A deliverable

The Portal
React + Vite · Node + Fastify · Postgres · Tailwind · Claude API · Playwright
Gambio REST API
v3 · JWT auth · publishes products, fetches orders
Magnalister cloud
multi-channel publish to Otto & Amazon
Image processing
Sharp resize · background removal · watermarks
AI & scraping
Claude descriptions · Playwright competitor scrape
The four workflows

Built in nine focused weeks.

Workflow 1 · Weeks 1–2

Supplier import & validation

Upload a Gaura Pearls export, map columns, validate (GTIN, weight, customs code, required fields). Valid rows become drafts. Invalid rows surface in a fix-it inbox. The manual copy-and-paste step disappears completely.

Workflow 2 · Weeks 3–4

AI content (DE & EN)

Generate descriptions and SEO metadata from product attributes using brand-tone templates. DE long copy, short copy, EN translations, page title, meta description, JSON-LD. Always review before publish. Every prompt and output is logged.

Workflow 3 · Weeks 5–6

Image pipeline

Drop raw photos in. Multi-size output (master, product, listing, thumbnail). Optional white-background removal. Watermark on master. Filename convention enforced. Final images pushed to Gambio's media API automatically.

Workflow 4 · Weeks 7–9

Multi-channel publish + price check

One button publishes to Gambio plus Magnalister marketplaces plus Pinterest, with per-channel overrides. Optional competitor scrape — including JavaScript-rendered sites like christ.de — surfaces a recommended price band before you set the price.

Phased plan

From here to "this is my main tool now."

Stage A — The Portal Commit now

Approximately three months. Deliverable: Portal in daily use against the existing Gambio shop.
A0
Discovery
Week 1
A1
Supplier import
Weeks 2–3
A2
AI content
Weeks 4–5
A3
Image pipeline
Weeks 6–7
A4 / A5
Channels & polish
Weeks 8–12

Stage B — New storefront Optional · decide month 3

If signals justify leaving Gambio: ~4 months for a custom build (Path 2) or ~2.5 months for a Shopify migration (Path 3).
B0
Discovery
Weeks 13–14
B1
Build storefront
Weeks 15–24
B2
Magnalister reconnect
Weeks 25–26
B3
SEO dress rehearsal
Weeks 27–28
B4 / B5
Cutover & monitor
Weeks 29+
What can — and cannot — break

Three things to know about Google, Lexoffice, and the marketplaces.

01 · SEO

Most of what we worry about cannot break.

Google Business reviews, Shopvote rating history and seal, Merchant Center product feed performance, marketplace listings on Otto and Amazon — all live on other people's servers. They are unaffected by anything we do to gaurapearls.com.

Google Business · safe Shopvote history · safe Merchant listings · safe Site ranking · protected by §6

02 · Legal & tax (DE)

Lexoffice stays the source of truth.

Invoice numbering continues gaplessly or has a clean documented break. The Gambio database is archived read-only for ten years of GoBD retention. The Steuerberater signs off the updated Verfahrensdokumentation before code is written. None of this changes between the three paths — Lexoffice (directly, or via its Shopify app) carries the legal load in every scenario.

03 · The ecosystem

All fifteen integrations stay.

Lexoffice, Magnalister, Shopvote, IT-Rechtskanzlei, PayPal, Amazon Pay, DHL, PayJoe, Easyinvoice, GTM, Merchant, Pinterest, AdCell, Google Business — every one of them is independent of Gambio. The Portal sits beside them today; the new shop, if we build it, slots in beside them tomorrow.

Third-party platforms & data trust

What it takes to connect — and who is liable when something goes wrong.

Three honest assessments: connecting to Amazon's marketplace directly, connecting to Otto's marketplace directly, and trusting Cloudflare with our customer data. Each has its own rules, its own certifications, and its own split of legal responsibility.

Marketplace API · direct connection

Amazon SP-API

Selling Partner API replaced the legacy MWS in 2021. Direct connection is allowed but heavily regulated — Amazon's policies are stricter than any other marketplace.

What's required to connect directly

  • Professional Selling Account. Individual accounts are not eligible for SP-API.
  • Developer profile registration with explicit role selection (orders, listings, finance, reports, etc.).
  • Private vs Public Developer. Private (own account only) is achievable in weeks. Public (for other sellers) requires a multi-month audit and ongoing compliance reviews.
  • OAuth 2.0 implementation with refresh-token management and proper scope handling.
  • AWS request signing on every API call.
  • Architecture review with Amazon's SP-API Solutions Architecture team if accessing any PII (customer names, addresses, etc.) — required, not optional.
  • Data Protection Policy (DPP) compliance: anti-virus disablement prevention, account lockout after 10 failed attempts, password history retention, API key rotation, encryption at rest and in transit.
  • Annual security questionnaire and right of Amazon to audit our infrastructure.
  • Rate limits per endpoint — must implement back-off and queueing.
Verdict for us: Direct integration is realistic but is a multi-month project with ongoing compliance cost. Magnalister handles all of this as the registered developer — for our scale, the ~€80/mo Magnalister fee is dramatically cheaper than building and maintaining direct SP-API access plus the annual audit overhead. Same applies to a "Path 2 custom shop" scenario — Magnalister still in the path.
Marketplace API · direct connection

Otto Market API

Otto's marketplace API exists but is materially less mature than Amazon's. German-only, fewer community libraries, less documentation, and tighter onboarding.

What's required to connect directly

  • Approved Otto-Partnerschaft (seller agreement) before API access is granted.
  • Onboarding review by Otto Market — typically a few weeks.
  • API credentials issued per seller; no public developer programme.
  • Strict catalogue mapping — Otto's category tree is more rigid than Amazon's, and listings can be rejected for incorrect attributes.
  • Order management SLA: shipments confirmed within ~1–3 days, returns processed within marketplace rules.
  • Compliance with Otto's Verkäufergrundsätze — service level metrics tracked, accounts deactivated on poor metrics.
Verdict for us: Direct integration is even less attractive than Amazon — less mature tooling, smaller community, same overhead. Magnalister bridges to Otto as well and is the standard path for DACH shops at our scale. Direct only makes sense if Otto becomes a primary channel and Magnalister's abstractions start to limit us.
Hosting & data trust

What Cloudflare provides — and what it does not.

If the new site or Portal runs on Cloudflare infrastructure (Workers, Pages, R2, KV), here is exactly what they cover.

Cloud infrastructure · GDPR Data Processor

Cloudflare protections

Cloudflare is one of the most heavily-certified cloud providers in the world. As a customer running on their platform, we benefit from their certifications and contractual data-processing commitments.

Certifications & standards Cloudflare holds

ISO 27001 ISO 27701 (Privacy) ISO 27018 (Cloud PII) SOC 2 Type II PCI-DSS Level 1 GDPR-compliant DPA available EU SCCs (Standard Contractual Clauses)

What's in their DPA (the contractual layer)

  • Cloudflare acts as Data Processor for customer personal data we route through their network.
  • EU Standard Contractual Clauses for any data transferred to non-EU jurisdictions (covering EU-US transfers in particular).
  • Breach notification: Cloudflare must notify us without undue delay of any security incident affecting our data.
  • Sub-processor liability: Cloudflare is liable to us for any breach by a sub-processor of data-protection terms in their DPA.
  • Data Localization Suite available — controls where data is stored and processed (e.g., EU-only).
  • Right to audit and request information about Cloudflare's controls.
  • Liability to data subjects and DPAs is uncapped in their DPA — Cloudflare cannot contract out of GDPR-mandated rights of natural persons.
  • Liability to us as the customer is capped per the Main Agreement (industry standard — typically a multiple of fees paid in the prior 12 months).
Verdict for us: Cloudflare's certifications are best-in-class. Their DPA is signed automatically when we accept their terms (we already have this as an account holder). For static hosting plus the Portal's traffic, the data exposure is minimal — most customer PII never touches Cloudflare; it lives in Postgres and Lexoffice. Cloudflare's protection is genuinely strong defence-in-depth.

The honest answer to "are we liable if Cloudflare loses our customer data?"

Yes, partially — and there is no way around it under GDPR. Under EU data protection law, we are the Data Controller and Cloudflare is the Data Processor. The Controller carries the primary legal duty toward our customers (the data subjects). If a Cloudflare breach exposes our customers' data:

Cloudflare must notify us within ~24–72 hours. They are contractually liable to us per their DPA, subject to the liability cap in the Main Agreement.
We must notify the data protection authority within 72 hours of becoming aware of the breach (DSGVO Art. 33).
We must notify affected customers if the breach poses a high risk to their rights (DSGVO Art. 34).
Our customers can sue us directly (DSGVO Art. 82 — right to compensation). We can then seek recourse against Cloudflare under their DPA, but limited by their liability cap.

This is not specific to Cloudflare — exactly the same legal split applies with AWS, Google Cloud, Azure, Hetzner, any other processor. The only mitigations available are: (1) choosing certified processors (Cloudflare is among the strongest), (2) signing a robust DPA and SCCs, (3) carrying cyber-insurance to cover the gap between provider-cap liability and our potential exposure, (4) minimising the data we actually route through processors (the Portal-first architecture already favours this — most PII lives in Lexoffice + our own DB, not in Cloudflare).

What this means practically for our architecture decisions: the choice of cloud provider does not change our underlying liability profile. It changes the likelihood of a breach and the strength of the contractual fallback. Both favour Cloudflare. But we cannot delegate Data Controller responsibility to anyone — that stays with us regardless.

What's needed to start

Four decisions today, five later.

The "today" list unblocks Stage A within the same week. The "later" list waits until we're approaching the month-3 evaluation.

Decide now — to start Stage A

  1. Gambio REST API tokenGenerated in Kunden → Rollen & Berechtigungen, with read/write on products, categories, media, orders.
  2. Portal hostingCloudflare Tunnel + small Hetzner box (recommended), or run on Antagus alongside Gambio.
  3. Supplier data sampleA recent Gaura Pearls export so we design the import schema against real data.
  4. Brand voice samplesThree or four existing product descriptions in your "good" voice — few-shot examples for AI content generation.

Decide later — before Stage B

  1. Path 2 or Path 3Custom build vs Shopify migration, decided on month-3 evidence.
  2. If Path 2 — stackNode.js + Next.js (recommended, code reuse with Portal) or PHP + Laravel.
  3. If Path 3 — themePick a premium Shopify theme (Prestige, Impulse, Empire) and customise in Cowork.
  4. MailbeezKeep, or swap to Brevo / Klaviyo as part of the migration.
  5. StripeAdd alongside PayPal for Apple Pay / Google Pay / Klarna, or defer.
  6. Steuerberater alignmentVerfahrensdokumentation and invoice-number strategy sign-off.