diff --git a/.gitignore b/.gitignore
index cfc987c..c6e2c1a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -28,3 +28,6 @@ Makefile
 
 # Dont store coverage
 coverage
+
+.vercel
+.env
diff --git a/lib/WebStack.ts b/lib/WebStack.ts
index 8d7d66b..dcc3b22 100644
--- a/lib/WebStack.ts
+++ b/lib/WebStack.ts
@@ -1,7 +1,11 @@
 import * as sst from '@serverless-stack/resources'
-import { StaticSite } from '@serverless-stack/resources'
+import { VercelSecretSyncConstruct } from '@cdk-utils/vercel-secret-forwarder'
 import { MultiStackProps } from '.'
 
+/**
+ * Moved preview builds to vercel, so teh web stack just forwards the secrets to
+ * the configured preview environment now
+ */
 export class WebStack extends sst.Stack {
   constructor(scope: sst.App, id: string, props: MultiStackProps) {
     super(scope, id, props)
@@ -17,15 +21,17 @@ export class WebStack extends sst.Stack {
       NEXT_PUBLIC_API_URL: props.api?.url || '',
     }
 
-    const nextJsSite = new StaticSite(this, 'NextJSSite', {
-      path: 'src/frontend',
-      buildCommand: 'yarn build',
-      buildOutput: 'out',
-      environment,
-    })
-
-    this.addOutputs({
-      SiteUrl: nextJsSite.url,
-    })
+    const vercel = new VercelSecretSyncConstruct(
+      this,
+      'SendSecretsToVercelPreviews',
+      {
+        GitBranch: 'vercel-deploys',
+        VercelProjectName: 'saas-stack',
+        VercelProjectId: String(process.env.VERCEL_PROJECT_ID),
+        VercelProjectOrganisation: String(process.env.VERCEL_ORGANISATION_ID),
+        VercelAuthToken: String(process.env.VERCEL_API_TOKEN),
+        VercelEnvironmentVariables: environment,
+      }
+    )
   }
 }
diff --git a/package.json b/package.json
index d01033d..3eee28c 100644
--- a/package.json
+++ b/package.json
@@ -24,6 +24,7 @@
     "@aws-cdk/aws-s3": "1.111.0",
     "@aws-cdk/core": "1.111.0",
     "@aws-cdk/custom-resources": "1.111.0",
+    "@cdk-utils/vercel-secret-forwarder": "canary",
     "@serverless-stack/cli": "0.37.1",
     "@serverless-stack/resources": "0.37.1"
   }
diff --git a/src/frontend/utils/aws/cognito.ts b/src/frontend/utils/aws/cognito.ts
index 2f938e3..d304bc4 100644
--- a/src/frontend/utils/aws/cognito.ts
+++ b/src/frontend/utils/aws/cognito.ts
@@ -15,7 +15,7 @@ const cognitoClient = new CognitoIdentityClient({
 })
 
 /**
- * If idToken exists, use authenticated permissions for dynamo
+ * If idToken exists, use authenticated permissions
  *
  * @param idToken
  */
diff --git a/yarn.lock b/yarn.lock
index a91c14d..cb6f36f 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1806,6 +1806,21 @@
   resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39"
   integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==
 
+"@cdk-utils/utils@^0.0.1-alpha.68":
+  version "0.0.1-alpha.68"
+  resolved "https://registry.yarnpkg.com/@cdk-utils/utils/-/utils-0.0.1-alpha.68.tgz#f6507fb9613aa31d4da0da185a39f79e4f73e73d"
+  integrity sha512-FVRpQeIBDLyR5/8DjWtnHA89Vy95WfljtIcmN0I2AyrMc2qbZ2lLBubUGjowNQy38XJMLs+SbS2xcTnP2wtyqQ==
+  dependencies:
+    axios "0.21.1"
+
+"@cdk-utils/vercel-secret-forwarder@canary":
+  version "0.0.1-alpha.68"
+  resolved "https://registry.yarnpkg.com/@cdk-utils/vercel-secret-forwarder/-/vercel-secret-forwarder-0.0.1-alpha.68.tgz#7323bf6f9785d2b11ab3f268af74fedf9413ffca"
+  integrity sha512-MYkAWo1claUfnZwuQ9YPJGzG7sspZPiP8ObQDltxhgMj0vhw9QGwmu8h06RDJplCEZKFTiWP6Z5JaHKcYa2j4g==
+  dependencies:
+    "@cdk-utils/utils" "^0.0.1-alpha.68"
+    axios "0.21.1"
+
 "@cnakazawa/watch@^1.0.3":
   version "1.0.4"
   resolved "https://registry.yarnpkg.com/@cnakazawa/watch/-/watch-1.0.4.tgz#f864ae85004d0fcab6f50be9141c4da368d1656a"
@@ -2669,6 +2684,13 @@ aws-sdk@^2.761.0, aws-sdk@^2.848.0:
     uuid "3.3.2"
     xml2js "0.4.19"
 
+axios@0.21.1:
+  version "0.21.1"
+  resolved "https://registry.yarnpkg.com/axios/-/axios-0.21.1.tgz#22563481962f4d6bde9a76d516ef0e5d3c09b2b8"
+  integrity sha512-dKQiRHxGD9PPRIUNIWvZhPTPpl1rf/OxTYKsqKUDjBwYylTvV7SjSHJb9ratfyzM6wCdLCOYLzs73qpg5c4iGA==
+  dependencies:
+    follow-redirects "^1.10.0"
+
 babel-jest@^26.6.3:
   version "26.6.3"
   resolved "https://registry.yarnpkg.com/babel-jest/-/babel-jest-26.6.3.tgz#d87d25cb0037577a0c89f82e5755c5d293c01056"
@@ -3994,6 +4016,11 @@ flatted@^3.1.0:
   resolved "https://registry.yarnpkg.com/flatted/-/flatted-3.2.0.tgz#da07fb8808050aba6fdeac2294542e5043583f05"
   integrity sha512-XprP7lDrVT+kE2c2YlfiV+IfS9zxukiIOvNamPNsImNhXadSsQEbosItdL9bUQlCZXR13SvPk20BjWSWLA7m4A==
 
+follow-redirects@^1.10.0:
+  version "1.14.5"
+  resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.14.5.tgz#f09a5848981d3c772b5392309778523f8d85c381"
+  integrity sha512-wtphSXy7d4/OR+MvIFbCVBDzZ5520qV8XfPklSN5QtxuMUJZ+b0Wnst1e1lCDocfzuCkHqj8k0FpZqO+UIaKNA==
+
 for-in@^1.0.2:
   version "1.0.2"
   resolved "https://registry.yarnpkg.com/for-in/-/for-in-1.0.2.tgz#81068d295a8142ec0ac726c6e2200c30fb6d5e80"