MVP Build - QR & SMS Integration need Mobile App Development
Contact person: MVP Build - QR & SMS Integration
Phone:Show
Email:Show
Location: Saskatoon, Canada
Budget: Recommended by industry experts
Time to start: As soon as possible
Project description:
"OVERVIEW
I’m hiring a senior full-stack developer to build a small, production-capable MVP. A visitor opens a mobile page via a single QR, opts in, and later a team member triggers an SMS alert to those specific opt-ins by scanning/entering a code (ID). There is NO integration with external POS/ERPs in MVP. The industry, wording, and workflows will be disclosed ONLY after a short mutual NDA is signed.
STEALTH CONSTRAINTS (READ BEFORE BIDDING)
• Do not ask for domain/industry details until NDA is signed.
• All code, copy, and identifiers must use neutral terms (“entry/label/code/ID”), not domain-specific names.
• No portfolio use or public posts about this project without written permission.
MVP SCOPE (FEATURES)
A) PUBLIC QR PAGE (no login)
• Mobile-first page opened from one QR per location.
• Search/select a “label” from a list (fuzzy across name/synonyms).
• “Can’t find it?” fallback (short text + optional photo).
• Phone capture with explicit consent checkbox.
• Confirmation SMS on success.
• Basic abuse protection (per-IP throttle and/or lightweight CAPTCHA).
B) TEAM PAGE (PIN-PROTECTED)
• PIN keypad → short-lived session token.
• Camera “code/ID” scan (browser BarcodeDetector) with JS fallback; manual ID entry as backup.
• Show selected label, number of subscribers waiting, last send timestamp.
• One-tap “Send alerts” with rate-limit and de-duplication.
• Write audit log (who/when/how many).
C) MINI ADMIN (OWNER LOGIN)
• CSV upload to create/edit labels (fields: code, name, synonyms, active).
• View counts per label + basic send logs (timestamp, count, sender).
• Manage team PINs (create/rotate/disable).
• Map free-text “requests” from the public page → a real label (ties old opt-ins to that label).
MESSAGING & COMPLIANCE
• SMS provider (Twilio/Vonage/etc.) with inbound webhook for STOP/HELP.
• Consent text displayed on opt-in form (compliance basics).
• STOP immediately unsubscribes and suppresses future sends to that number.
• Templates editable in admin (Signup/Notify/STOP/HELP).
DEPLOYMENT
• Live on my domain with SSL (Vercel or similar), staging + production.
• Minimal monitoring/logging (e.g., error capture + webhook failures).
• Private repo, clean READMEs, `.[login to view URL]`, seed data.
NON-FUNCTIONAL REQUIREMENTS
• Privacy-first: store minimum PII (phone only for MVP); mask numbers in dashboards.
• Role separation: Owner vs Team (PIN); team cannot export subscriber PII.
• Idempotent “send”, duplicate suppression, configurable rate-limit (default 3h per label).
• Performance: search results under ~300 ms for ~2–5k labels.
• Accessibility basics (labels, contrast), mobile-first UX.
• Error paths handled (failed SMS, invalid webhooks, expired PIN sessions).
PREFERRED STACK (OPEN TO A JUSTIFIED ALTERNATIVE)
• Frontend: React/[login to view URL] (mobile-first; PWA-ready is fine).
• Backend: [login to view URL] API routes (Node/TypeScript).
• DB/Auth: PostgreSQL (Supabase or similar) with basic row-level separation.
• SMS: Twilio (primary) with STOP/HELP webhook endpoint.
• Hosting: Vercel (app + API) + managed Postgres.
DELIVERABLES
1) Deployed MVP (staging + production) on my domain (SSL).
2) Private repo with documented source, migration scripts, seed data, `.[login to view URL]`.
3) Short test plan + passed acceptance checklist (below).
4) Minimal runbook: rotating PINs, safe re-send of failed SMS, backup/restore basics.
ACCEPTANCE TESTS (BLACK-BOX — REQUIRED)
Public flow
• Open QR page → search/select label → enter phone + check consent → confirmation SMS is received.
• “Can’t find it?” creates a request entry; once mapped to a label in admin, existing opt-ins attach to that label.
Team flow
• PIN login → scan code or enter ID → ONLY subscribers for that label receive ONE SMS.
• Rate-limit: cannot send again for the same label/location within configured window (default 3h).
• De-duplication: the same phone cannot join the same label twice; dedupe respected on send.
• Audit log row is written (timestamp, sender, label, count_sent).
Admin flow
• CSV import creates/updates labels; labels appear in public search.
• Mapping “requests → label” works and moves those subscribers under the label.
• Counts per label update correctly after alerts; phone numbers are masked in UI.
Compliance & safety
• STOP/HELP: replying STOP unsubscribes immediately; future sends are blocked.
• Abuse controls active (IP throttle/CAPTCHA); secrets not committed; HTTPS enforced.
OUT OF SCOPE (FOR MVP)
• Paid subscriptions/billing.
• Multi-org HQ analytics/impersonation.
• Email digests/advanced analytics.
• Live spreadsheet sync, recommendations, images.
TIMELINE & MILESTONES
Target 2–4 weeks with weekly demos (propose your plan).
Milestone 1 — Core (60%)
• Public opt-in + confirmation SMS.
• Team PIN login + scan/ID send.
• Rate-limit + de-duplication.
• STOP/HELP webhook handling.
Deliverable: end-to-end demo on staging; code in repo; initial docs.
Milestone 2 — Admin & Deploy (40%)
• CSV import; counts/logs; requests→label mapping.
• Abuse controls; masked numbers; README/runbook.
• Production deploy (SSL) + seed data + final acceptance tests.
BUDGET
Fixed fee for MVP. Please propose your price with a milestone split aligned to M1 (60%) / M2 (40%). Typical ranges are welcome.
HOW TO APPLY (SHORT ANSWERS)
1) 1–2 links to similar builds (camera/scan, SMS, small admin).
2) Proposed stack (and why).
3) How you’ll implement STOP/HELP, rate-limits, timezones, and error handling.
4) Fixed price + days for M1 and M2.
5) Confirm you’ll sign a one-page mutual NDA before receiving the private spec and wireframes.
LEGAL / CONFIDENTIALITY
• Work-for-hire; all IP/code transfers to me on final payment.
• No portfolio use, screenshots, or repo publicity without written permission.
• NDA required before any private materials (domain, copy, industry) are shared.
APPENDIX
Sample CSV (first import)
code,name,synonyms,active
A001,Item Alpha,"alpha, a-one",true
B002,Item Beta,"beta, b-two",true
C003,Item Gamma,"gamma, g-three",true
Env sample (.env)
APP_URL=[login to view URL]
JWT_SECRET=change_me
DATABASE_URL=postgres://user:pass@host:5432/db
SUPABASE_URL=...
SUPABASE_SERVICE_ROLE=...
SMS_PROVIDER=twilio
TWILIO_ACCOUNT_SID=...
TWILIO_AUTH_TOKEN=...
TWILIO_MESSAGING_SERVICE_SID=...
RATE_LIMIT_HOURS=3
Minimal data model (neutral terms)
• locations(id, name, slug, timezone)
• users(id, email, name, role)
• team_pins(id, location_id, pin_hash, active)
• labels(id, location_id, code UNIQUE, name, synonyms, active)
• requests(id, location_id, text, image_url, created_at, matched_label_id, status)
• optins(id, location_id, label_id, request_id, phone_e164, created_at, status['active','alerted','unsub'], UNIQUE(location_id, label_id, phone_e164))
• sends(id, location_id, label_id, sent_at, count_sent, sender_user_id)" (client-provided description)
Matched companies (4)

April Innovations

SJ Solutions & Infotech

Knowforth Tech
