How We Architect Real-Time Geofencing at Scale: PostGIS, Push Pipelines & Sub-60-Second Alerts

Match consumer locations against active radii server-side with PostGIS ST_DWithin and geohash spatial partitioning, broadcast new events over WebSocket/SSE, and deliver alerts through FCM/APNs with an offline fallback queue — device-side geofencing hits a hard OS cap on simultaneous monitored regions and does not scale past a handful of tracked locations per user.
Commercial Expertise
Need help with Mobile Development?
Ortem deploys dedicated Enterprise Mobile Solutions squads in 72 hours.
Next Best Reads
Continue your research on Mobile Development
These links are chosen to move readers from general education into service understanding, proof, and buying-context pages.
Mobile App Development Services
See how Ortem scopes, designs, and ships iOS, Android, Flutter, and React Native products.
See service detailsFlutter Delivery Model
Understand when Flutter is the right fit for speed, consistency, and shared engineering effort.
See Flutter serviceMobile App Case Study
Review a real mobile product build with delivery scope, platform choices, and outcome signals.
Read case study
Every location-based alerts product — deals apps, delivery tracking, safety alerts, hyperlocal marketplaces — eventually runs into the same wall: device-side geofencing does not scale. Here is the architecture that replaces it, and why the replacement is not optional past a certain point.
The Trap: Device-Side Geofencing
Both major mobile platforms let an app register geofences for the OS to monitor in the background, waking the app when the device enters or exits a region. It is efficient, battery-friendly, and genuinely the right tool — for a small, fixed number of regions per user.
The problem is the cap. iOS limits an app to roughly 20 simultaneously monitored regions (CLRegion monitoring). Android's equivalent Geofencing API has a comparable ceiling. That is fine if your product tracks one home and one work location. It falls apart the moment a user can follow more than a handful of businesses, subscribe to more than a handful of alert zones, or interact with a marketplace where the number of "interesting" locations is unbounded.
If your product has any of that shape, device-side geofencing is not a viable primary mechanism — it's at best a secondary optimization layered on top of a server-side system.
Server-Side Matching with PostGIS
Move the actual matching problem to the backend. Store consumer locations (updated periodically, with consent, at whatever cadence your battery/privacy budget allows) and active deal/alert radii in PostgreSQL with the PostGIS extension. When a new event needs to check for nearby users, run a spatial query using ST_DWithin, which efficiently tests whether points fall within a given distance of each other using the database's native spatial indexing.
This shifts geofencing from "the OS wakes my app when I cross a boundary" to "the backend, which has global visibility across all users and all active radii, computes the match set the instant a new event is posted." It scales with your database, not with a per-device OS limit.
Geohash Partitioning: Don't Full-Table-Scan Every Broadcast
A naive ST_DWithin query against every registered user location on every deal broadcast works fine at small scale and degrades badly at real scale — you're paying a full-table scan cost on every single event. Geohash-based spatial partitioning fixes this: bucket users into geohash cells, and when a new event fires, only query the cells that could plausibly be in range, rather than the entire user base.
This is the difference between an architecture that works in a demo and one that survives a load test at several thousand concurrent users with continuous event traffic.
Real-Time Broadcast: WebSocket or SSE, Not Polling
Once a match set is computed, the delivery path matters as much as the matching itself. Push new events into the matching pipeline the instant they're created via WebSocket or Server-Sent Events — not on a polling interval. Polling adds latency proportional to your poll interval and wastes resources on empty checks; a push-based broadcast reacts the moment an event exists.
Push Delivery: FCM + APNs, With an Offline Fallback
The final hop — getting the alert onto the user's device — runs through the platform-native push services: Firebase Cloud Messaging for Android and web, Apple Push Notification service for iOS. Neither guarantees instant delivery under all network conditions, so build an offline fallback: queue notifications for devices that are unreachable at broadcast time, and deliver them on reconnect rather than silently dropping them.
A useful target to design and load-test against: notification delivered within 60 seconds of the triggering event, under your expected concurrent-user load. That number should come from an actual load test at a specific, confirmed concurrency target — not a guess. A ballpark range like "500 to 5,000 users" spans genuinely different infrastructure decisions (connection pooling, read replica strategy, queue partitioning) at each end; pin the number down before architecture, not after.
Multi-Location Fan-Out Without Duplicate Alerts
If a single event can apply to multiple source locations (a business with several branches posting one promotion, for example), the matching engine needs to evaluate each location's radius independently but still emit exactly one notification to a user who happens to be in range of more than one. Handle this with de-duplication at the notification-assembly stage — aggregate all matched-location results per user before dispatch, not per location.
Common Mistakes
- Relying on device-side geofencing as the primary mechanism. Fine for a handful of fixed regions, unusable past the OS-imposed cap on simultaneous monitored zones.
- Running spatial queries without geohash (or equivalent) partitioning. Works in a demo, collapses under real broadcast volume.
- Polling for new events instead of pushing them into the pipeline. Adds unnecessary latency and wastes compute on empty checks.
- Sending a duplicate notification per matched location instead of de-duplicating per user. Feels like a small bug until your top power-users — the ones following the most businesses or zones — are the ones getting spammed.
- Committing to a load-test target without pinning down a real number. "500 to 5,000 concurrent users" is not a specification; it's two very different infrastructure builds.
Building a location-based product that needs real-time matching at scale? Ortem Technologies' mobile app development practice has architected PostGIS-based geofencing engines, push notification pipelines, and load-tested real-time matching systems for consumer marketplace apps. See our related case study on a real-time geofenced deals marketplace or book an architecture review →.
About Ortem Technologies
Ortem Technologies is a premier custom software, mobile app, and AI development company. We serve enterprise and startup clients across the USA, UK, Australia, Canada, and the Middle East. Our cross-industry expertise spans fintech, healthcare, and logistics, enabling us to deliver scalable, secure, and innovative digital solutions worldwide.
Get the Ortem Tech Digest
Monthly insights on AI, mobile, and software strategy - straight to your inbox. No spam, ever.
About the Author
Editorial Team, Ortem Technologies
The Ortem Technologies editorial team brings together expertise from across our engineering, product, and strategy divisions to produce in-depth guides, comparisons, and best-practice articles for technology leaders and decision-makers.
Frequently Asked Questions
- It can be more precise, but both major mobile platforms restrict SSID access significantly (Android 10+ especially), and iOS requires always-on location permission to access it. Treat it as a feasibility spike with a tightened-radius geofence fallback, not a guaranteed primary mechanism, until you've validated it under standard app permissions on both platforms.
- Generally yes for the geofencing portion, since the OS-native region monitoring APIs are already battery-optimized — the tradeoff shifts to periodic location reporting cadence, which you control and can tune against your accuracy needs.
- PostgreSQL with the PostGIS extension handles this workload well up to substantial scale, particularly with geohash partitioning. Most products reaching for a specialized spatial database before validating PostGIS at their actual load are solving a problem they don't have yet.
- Both platforms cap simultaneous background-geofence monitoring per app at roughly 20 regions. That works for a handful of fixed locations but breaks down the moment a user follows more than a handful of businesses or alert zones — which pushes real-time location matching onto the backend as an architectural requirement, not a preference.
Stay Ahead
Get engineering insights in your inbox
Practical guides on software development, AI, and cloud. No fluff — published when it's worth your time.
Ready to Start Your Project?
Let Ortem Technologies help you build innovative software solutions for your business.
You Might Also Like
GDPR Compliant Mobile App Development: What You Actually Need to Build In

