Modernizing an 11-Year-Old Regulated Privacy Platform
Java 8 to 21, Spring Boot 1 to 3, on a live compliance platform that never stopped shipping
8 → 21
Java version
1.4 → 3.5
Spring Boot
4 → 2
production Java servers
8 years
embedded on the platform
Client
Privacy and consent management platform (confidential)
Industry
Ad Tech / Privacy Compliance
Engagement
Long-term senior engineering, full stack
The Situation
The platform was about eleven years old and carried it. The core was a Spring Boot 1.4 backend on Java 8, structured as a seven-module Maven monolith with an AngularJS admin UI bundled inside it. The browser-side consent library was pure JavaScript built on a Grunt and Bower toolchain.
Most of the original code came from rotating offshore consultancies, at one point nineteen contributors in a single year, with the loose authorship hygiene that comes with that.
It was also a live regulated product. Consent and privacy infrastructure has to track GDPR, the IAB TCF framework, Google Consent Mode, Global Privacy Control, and CCPA. The system could not go dark while it got modernized, and it could not fall behind on compliance features while the framework upgrades happened underneath it.
The Challenge
Everything underneath was reaching end of life at the same time, the legacy toolchains were getting hard to hire for, and an ownership change had put the platform's technical debt under due diligence scrutiny.
Framework EOL
Spring Boot 1.x and Java 8 were aging out, and the javax to jakarta namespace change meant a Spring Boot 2 to 3 migration across roughly a hundred thousand lines of backend code.
Unmaintainable toolchains
The legacy JavaScript library and the in-backend AngularJS UI were both on toolchains that were hard to hire for and hard to maintain.
Offshore handover
A large offshore-built codebase was being handed to a small in-house team, so the work had to be understood before it could be changed.
Compliance never pauses
TCF, Google Consent Mode, GPC, and CCPA requirements kept evolving. Regulatory features had to keep shipping through every migration.
What I Did
I joined in 2018, during the offshore era, and stayed eight years through the modernization, working across all three stacks. I architected the modernization and led the team delivering it, and the commit history backs it up: I was one of the two most active contributors across the era.
Backend (Java)
Successive upgrades took the platform from Java 8 to 17 to 21, and from Spring Boot 1.4 through 2.x to 3.x. That included the high-risk Spring Boot 2 to 3 migration and the javax to jakarta namespace move on the full codebase. The seven-module Maven layout was consolidated, versioned MongoDB schema migrations were introduced, and the AWS SDK and other dependencies were brought current.
Browser consent library
I helped drive the multi-year conversion of the pure-JavaScript library to TypeScript, now about 97 percent converted, and the move off Grunt and Bower onto Webpack, npm, and modern ESLint. CI moved off Travis. Through all of it the library kept gaining regulatory capability: TCF, Google Consent Mode, GPC, CCPA, and DSAR flows.
Frontend
I founded the standalone Vue 3 frontend in 2022 that replaced the legacy AngularJS UI bundled in the backend. It was built modern from day one on Vite and TypeScript with tests, and it now runs as a module-federation micro-frontend. I was the first frontend hire under the engineering director, and I interviewed and onboarded the five developers who now build on that codebase.
How It Stayed Safe
The product never stopped shipping. The framework upgrades and language migrations happened incrementally, alongside continuous delivery of consent and privacy features, on a system real customers depend on for compliance.
A large test suite backed the work: about 140 JUnit test classes on the backend, 125 Vitest specs on the frontend, plus Playwright and Cypress end-to-end coverage on the library.
Before and After
The performance gains were not abstract. Modern Java runs the same workload on half the hardware: the platform went from four production Java servers to two.
| Before | After | |
|---|---|---|
| Java | 8 | 21 |
| Spring Boot | 1.4 | 3.5 |
| Consent library | Pure JavaScript, Grunt + Bower | TypeScript (~97%), Webpack + npm |
| Lint / CI | jshint / Travis | ESLint 9 / Bamboo + Bitbucket Pipelines |
| Admin frontend | AngularJS bundled in the backend | Standalone Vue 3 + Vite micro-frontend |
| Test footprint | Thin early coverage | 140 JUnit classes, 125 Vitest specs, Playwright/Cypress E2E |
| Production Java servers | 4 | 2 |
Why This Matters If You Hire Me
This is the work I do. A regulated client hands you an old, large, someone-else's-code platform that has to be modernized while it stays live and compliant. I can architect that work and lead the team delivering it, own it across the stack, understand the existing code before changing it, and keep your client shipping the whole time.