Skip to content

SaaS Launch Readiness — Comprehensive Research

Project: Forma3D.Connect
Version: 1.0
Date: March 2, 2026
Status: Research
Scope: Everything required to develop, launch, and operate a multi-tenant B2B SaaS for European 3D print-on-demand businesses
Related: market-analysis-saas.md, ROADMAP.md, multi-tenant-ux-redesign-research.md, prompt-multi-tenancy-super-admin.md

Table of Contents

  1. Big Picture
  2. Tenant Lifecycle
  3. Onboarding
  4. Pricing & Packaging
  5. Billing — Stripe Integration
  6. Invoicing
  7. Tax Compliance — EU VAT
  8. Dunning & Failed Payment Recovery
  9. Offboarding & Cancellation
  10. GDPR & Data Protection
  11. EU Data Act — Data Portability
  12. Legal Framework
  13. Security
  14. Multi-Lingual & Internationalization
  15. Email & Notifications
  16. Analytics & Metrics
  17. Customer Support & Success
  18. Operational Readiness
  19. Feature Flags & Gradual Rollout
  20. Domain Architecture Overview
  21. Implementation Priority
  22. References

1. Big Picture

Launching Forma3D.Connect as a SaaS requires work across four domains — product, business operations, legal/compliance, and infrastructure — all of which must be ready before the first paying tenant goes live.

uml diagram

What you listed vs. what you're missing

You listed Also needed (commonly forgotten)
Onboarding Email infrastructure (transactional, onboarding drip sequences)
Pricing Feature gating per tier (enforce limits server-side)
Billing (Stripe) Dunning & failed payment recovery (5–15% of charges fail)
Invoicing EU VAT compliance (reverse charge, OSS, Belgian e-invoicing mandate 2026)
Offboarding Tenant data lifecycle (suspension → grace period → deletion)
GDPR EU Data Act (data portability, max 2-month notice, 30-day migration window)
Legal Data Processing Agreement (DPA), sub-processor list, cookie consent
Multi-lingual Currency & number formatting, date formats, RTL consideration
Internationalization Tax rate localization, shipping carrier localization
Security hardening (rate limiting, abuse prevention, MFA)
Analytics & metrics (MRR, churn, feature adoption, product analytics)
Customer support (ticketing, knowledge base, SLA)
Status page & uptime monitoring
Feature flags for gradual rollout and per-tier gating
Audit trail for compliance and troubleshooting

2. Tenant Lifecycle

Every tenant passes through a defined lifecycle. Each state transition has business rules, technical actions, and communication requirements.

uml diagram

Lifecycle actions matrix

Transition Technical action Email sent Stripe action
Sign-up → Trial Create tenant, seed defaults, create Stripe customer Welcome + onboarding drip Create Customer
Trial → Active Enable billing, record payment method Subscription confirmed Create Subscription
Trial → Offboarded Disable integrations, start 30-day clock Trial expired + data export instructions
Active → Past Due Flag tenant, start dunning Payment failed (Stripe auto-email) Smart Retries begin
Past Due → Suspended Pause webhooks, set read-only Account suspended + update payment link Cancel retries
Suspended → Cancelled Schedule end-of-period termination Final notice Cancel subscription
Cancelled → Offboarded Disable access at period end Data export instructions
Offboarded → Deleted Delete tenant data (GDPR) Deletion confirmation Delete customer (optional)

3. Onboarding

Onboarding is the highest-leverage moment in the customer journey. The goal is to reach the "aha moment" — seeing the first Shopify order flow through to a SimplyPrint print job — as fast as possible.

3.1 Self-service onboarding wizard

uml diagram

3.2 Onboarding checklist (persistent)

After the wizard, show a persistent checklist on the dashboard until all items are done:

Step Status Description
Connect Shopify Required OAuth flow completed
Connect SimplyPrint Required API key validated, printers synced
Connect Sendcloud Required API key validated, methods loaded
Set up first product Recommended Map a Shopify product to print files
Process first order Recommended Full end-to-end flow verified
Invite team member Optional Add an operator or viewer

3.3 Time-to-value target

Metric Target
Sign-up to first integration connected < 5 minutes
Sign-up to first order processed < 30 minutes
Onboarding wizard completion rate > 70%
Trial-to-paid conversion rate > 15%

4. Pricing & Packaging

4.1 Tier structure

Based on the market analysis recommendation with added detail on feature gating:

uml diagram

4.2 Billing periods

Period Discount Payment Cancellation
Monthly Charged on subscription anniversary Cancel anytime, access until period end
Yearly 17% (2 months free) Charged upfront for full year Cancel anytime, access until year end, no prorated refund

4.3 Free trial

Parameter Value Rationale
Duration 14 days Industry standard; long enough to process real orders
Tier Growth Mid-tier shows full value without overwhelming
Payment required No Reduces friction; capture card at conversion
Overage allowed No Soft cap with upgrade prompt
Extensions Case-by-case, manual Customer success discretion

4.4 Overage handling

Approach Behavior
Soft cap Warning at 80% of tier limit
At limit Banner suggesting upgrade
Over limit Orders still processed for 10% grace; overage billed at €0.10/order
Hard block Never — blocking orders loses the customer's revenue

4.5 Feature gating — server-side enforcement

Feature limits must be enforced server-side, not just hidden in the UI:

interface TenantLimits {
  maxOrdersPerMonth: number;
  maxPrinters: number;
  maxUsers: number;
  maxShopifyShops: number;
  hasApiAccess: boolean;
  hasAnalytics: boolean;
  hasActivityLogs: boolean;
  hasPushNotifications: boolean;
  hasCsvExport: boolean;
  supportSlaHours: number;
}

5. Billing — Stripe Integration

5.1 Stripe object model

uml diagram

5.2 Stripe webhook events to handle

Event Action in Forma3D.Connect
customer.subscription.created Link subscription to tenant, activate tier
customer.subscription.updated Update tier, handle up/downgrade
customer.subscription.deleted Transition tenant to Cancelled state
customer.subscription.trial_will_end Send trial ending email (3 days before)
invoice.payment_succeeded Record payment, update tenant status to Active
invoice.payment_failed Transition to Past Due, trigger dunning flow
invoice.finalized Store invoice PDF URL for tenant access
customer.tax_id.created Validate VAT number via VIES
customer.tax_id.updated Re-validate VAT number
checkout.session.completed Complete subscription setup after Checkout

5.3 Stripe integration architecture

uml diagram

5.4 Implementation approach

Use Stripe Checkout for initial subscription and Stripe Customer Portal for self-service management. This minimizes custom payment UI development and ensures PCI compliance.

Component Build vs. Stripe-hosted
Pricing page Build (custom, matches brand)
Payment form Stripe Checkout (hosted, PCI compliant)
Subscription management Stripe Customer Portal (hosted)
Invoice history Build (fetch from Stripe API, display in dashboard)
Usage metering Build (track orders, report to Stripe)

6. Invoicing

6.1 Invoice requirements (EU-compliant)

Every invoice must include:

Field Source Required
Sequential invoice number Auto-generated Yes
Invoice date Stripe invoice.created Yes
Supplier name, address, VAT number Forma3D company details Yes
Customer name, address Stripe Customer Yes
Customer VAT number Stripe Customer.tax_id If B2B
Description of service "Forma3D.Connect — Growth Plan (March 2026)" Yes
Service period Subscription period (e.g., "Mar 1 – Mar 31, 2026") Yes
Net amount Stripe Invoice.subtotal Yes
VAT rate and amount Stripe Tax or manual Yes
Gross amount Stripe Invoice.total Yes
Payment terms "Due upon receipt" (auto-charged) Yes
Reverse charge notice "VAT reverse charge applies" (if B2B cross-border) If applicable

6.2 Belgian e-invoicing mandate (January 1, 2026)

Belgium mandates structured e-invoicing for B2B transactions from January 1, 2026. This means:

  • B2B invoices must be issued in Peppol BIS 3.0 format
  • Transmission via the Peppol network
  • PDF invoices are no longer sufficient for Belgian B2B customers
  • Stripe does not natively support Peppol; a Peppol Access Point integration is needed (e.g., Billit, Codabox, Digiteal)
Customer type Invoice format
Belgian B2B (VAT-registered) Peppol BIS 3.0 (structured e-invoice)
Other EU B2B PDF (Peppol optional but recommended)
B2C (if applicable) PDF

6.3 Invoice access in dashboard

Tenants should be able to:

  • View invoice history (fetched from Stripe API)
  • Download individual invoices as PDF
  • Access hosted invoice pages (Stripe-hosted)
  • Update billing information (redirect to Stripe Customer Portal)

7. Tax Compliance — EU VAT

7.1 VAT rules for B2B SaaS

uml diagram

7.2 VAT implementation requirements

Requirement Implementation
Collect customer country Registration form + Stripe address
Collect VAT number (B2B) Registration form + Stripe tax_id
Validate VAT number VIES API (real-time validation)
Apply correct VAT rate Stripe Tax (automatic) or manual rate table
Generate compliant invoices See Section 6
OSS quarterly returns Accounting integration or manual filing
Store VAT evidence Two pieces of evidence per customer (IP, billing address, bank country)

7.3 Stripe Tax

Stripe Tax automates VAT calculation and can be enabled per product/price. It handles:

  • Automatic tax rate determination based on customer location
  • Reverse charge detection for B2B EU cross-border
  • Tax reporting exports for OSS filing
  • Digital services classification

Recommendation: Use Stripe Tax from day one to avoid building a manual VAT rate table.

8. Dunning & Failed Payment Recovery

5–15% of recurring charges fail. Involuntary churn (failed payments) accounts for 20–40% of all subscription cancellations.

8.1 Recovery strategy

uml diagram

8.2 Stripe dunning configuration

Setting Value
Smart Retries Enabled (default)
Retry schedule 8 attempts over 14 days
Card updater Enabled (proactive card refresh)
Failed payment emails Stripe-hosted (branded)
Subscription past due action Mark as past_due, keep active
After all retries fail Mark as unpaid, trigger suspension

9. Offboarding & Cancellation

9.1 Cancellation policy

Billing period Cancellation behavior Refund
Monthly Access until current month ends None
Yearly Access until current year ends None — subscription fades out at term end

Rationale for no prorated refunds on yearly plans:

  • Yearly discount (17%) already represents a significant concession
  • Predictable revenue enables better planning
  • Industry standard for B2B SaaS (Shopify, HubSpot, Slack follow this model)
  • Terms of Service must clearly state this policy
  • Consider goodwill exceptions for enterprise customers (case-by-case)

9.2 Cancellation flow

uml diagram

9.3 Data after cancellation

Phase Duration Data state Access
Active cancellation Until period end Full data, read-write Full
Offboarded 30 days Full data, read-only Export only
Deleted Anonymized/purged None

10. GDPR & Data Protection

10.1 GDPR obligations for a multi-tenant SaaS

Forma3D.Connect acts as a Data Processor for tenant customer data (Shopify orders, addresses) and as a Data Controller for tenant account data (login, billing).

uml diagram

10.2 GDPR compliance checklist

Requirement Implementation Status
Data Processing Agreement (DPA) Publish on website; auto-accepted on sign-up Needed
Sub-processor list Publish list (Stripe, Shopify, SimplyPrint, Sendcloud, DigitalOcean, Sentry); notify tenants before changes Needed
Privacy Policy Covers both controller (account data) and processor (tenant customer data) roles Needed
Cookie consent Cookie banner with granular consent (analytics, functional, marketing); no cookies before consent Needed
Data Subject Access Request (DSAR) API endpoint + admin UI for tenants to export/delete their customer data Needed
Right to erasure Tenant data deletion within 30 days of request; anonymize where full deletion impossible (audit logs) Needed
Breach notification Internal incident response procedure; notify affected tenants within 72 hours; template ready Needed
Data minimization Only store data needed for the service; review all fields; delete outdated data per retention schedule Needed
Encryption AES-256 at rest, TLS 1.3 in transit Partial
Record of processing activities (ROPA) Internal document listing all processing activities, categories of data, retention periods Needed

10.3 Data retention schedule

Data category Retention period After retention
Tenant account data Duration of subscription + 30 days Delete or anonymize
Order data (Shopify) Duration of subscription + 30 days Delete
Customer PII (names, addresses) Duration of subscription + 30 days Delete
Print job records Duration of subscription + 30 days Anonymize (keep stats)
Invoices & billing records 7 years (Belgian accounting law) Archive, then delete
Audit logs 1 year Anonymize
Server logs 90 days Delete
Analytics (aggregated) Indefinite Already anonymized

11. EU Data Act — Data Portability

The EU Data Act (effective September 12, 2025) imposes obligations on SaaS providers that go beyond GDPR:

11.1 Key requirements

Requirement Detail
Data export Customers must be able to export all their data in a machine-readable format
Max notice period Cancellation requires maximum 2-month notice period
Migration window 30 calendar days post-cancellation for data migration
Switching procedures Must publish clear instructions: export formats, steps, constraints
No switching charges Cannot charge for data export or migration support
Format Standard, machine-readable format (JSON, CSV)

11.2 Data export scope

What must be exportable by a tenant:

Data Format Included
Orders JSON + CSV All fields, all history
Print jobs JSON + CSV All fields, all history
Shipments JSON + CSV All fields, tracking info
Product mappings JSON + CSV Products, SKUs, file associations
Customer data JSON + CSV Names, addresses, emails
Activity logs JSON + CSV All tenant-scoped events
Invoices PDF + JSON All billing history
Integration configs JSON Shopify shop, SimplyPrint, Sendcloud settings (not secrets)
Document Purpose When shown
Terms of Service (ToS) Governs use of the platform Sign-up (must accept)
Privacy Policy How personal data is collected, used, stored Sign-up + footer link
Data Processing Agreement (DPA) GDPR Art. 28 — processor obligations Sign-up (auto-accepted) or downloadable
Acceptable Use Policy (AUP) Prohibited uses, abuse, fair use limits Sign-up (part of ToS or linked)
Cookie Policy What cookies are used and why Cookie banner + footer link
Sub-processor List Third parties who process data Public page, notification on changes
SLA (Service Level Agreement) Uptime commitment, compensation Pro/Enterprise tiers; published

12.2 Terms of Service — key clauses

Clause Content
License grant Non-exclusive, non-transferable, revocable license to use the platform
Restrictions No reverse engineering, decompilation, or disassembly of the software
No resale Cannot resell access without written agreement (unless white-label tier)
IP ownership All intellectual property remains with Forma3D; customer retains ownership of their data
Data ownership Customer owns their data; Forma3D processes it as described in the DPA
Billing & payment Auto-renewal, payment terms, overage billing, no prorated refunds on yearly plans
Termination Either party can terminate; access continues until paid period ends
Limitation of liability Capped at 12 months of fees paid; no consequential damages
Indemnification Customer indemnifies Forma3D against claims arising from their use
Governing law Belgian law; courts of Antwerp
Changes to terms 30-day notice via email; continued use = acceptance
Force majeure Standard clause for events beyond reasonable control
Export compliance Customer responsible for compliance with export laws

12.3 Intellectual property protection

Protection Implementation
No reverse engineering clause Explicitly in ToS
Obfuscation Minified/bundled frontend code (standard build process)
API terms Rate limits, no scraping, no competitive use
Trade secrets Backend code never exposed; API-only access
Trademark Register Forma3D trademark in Benelux (BOIP)

13. Security

13.1 Authentication hardening

Requirement Implementation Priority
Strong passwords Min 12 chars, check against HaveIBeenPwned breach database P0
Password hashing Argon2id (already using bcrypt — consider upgrade) P1
Session management HttpOnly, Secure, SameSite=Strict cookies; absolute timeout (24h) P0
MFA TOTP-based MFA for admin users (optional for operators) P1
Brute-force protection Account lockout after 5 failed attempts (15-min cooldown) P0
Login notifications Email on login from new device/location P2

13.2 Rate limiting

uml diagram

13.3 Security checklist

Category Requirement Status
Transport TLS 1.3 everywhere Done (Traefik)
Headers HSTS, CSP, X-Frame-Options, X-Content-Type-Options Needed
CORS Strict origin whitelist Partial
Input validation DTO validation on all endpoints (class-validator) Done
SQL injection Parameterized queries (Prisma ORM) Done
XSS React auto-escaping + CSP Partial
CSRF SameSite cookies + CSRF token for mutations Needed
Dependency scanning Automated vulnerability scanning in CI (pnpm audit) Needed
Secrets management No hardcoded secrets; environment variables only Done
Penetration testing Annual third-party pen test Future
DDoS protection Cloudflare or DO firewall rules Needed

14. Multi-Lingual & Internationalization

14.1 Language support plan

Phase Languages Market
Phase 1 (Launch) English, Dutch Belgium, Netherlands
Phase 2 (Q3 2026) + French, German Belgium (FR), Germany, Austria, Switzerland
Phase 3 (2027) + Spanish, Italian Southern Europe expansion

14.2 What needs translation

Layer Content Approach
UI labels Buttons, menus, headings, tooltips i18n framework (react-i18next)
Email templates All transactional and marketing emails Template per locale
Error messages Validation errors, API error responses i18n keys in backend
Legal documents ToS, Privacy Policy, DPA Professional translation
Invoice text Line item descriptions, VAT notices Per-locale template
Onboarding wizard Step descriptions, help text i18n framework
Knowledge base Support articles, FAQ Per-locale content
Marketing site Landing pages, pricing page Separate content

14.3 Internationalization beyond translation

Concern Implementation
Date formatting Locale-aware (Intl.DateTimeFormat): "2 March 2026" (en-GB) vs. "2 maart 2026" (nl-BE)
Number formatting Locale-aware (Intl.NumberFormat): "€1,490.00" (en) vs. "€ 1.490,00" (nl-BE)
Currency EUR for all EU markets (simplifies billing); display with locale formatting
Time zones Store UTC; display in tenant's local time zone (configurable in settings)
Pluralization ICU MessageFormat for proper plurals ("1 order" / "3 orders" / "0 orders")
RTL support Not needed for initial EU markets; architect CSS for future RTL support
Address formatting Country-specific: Belgium (street + number) vs. Netherlands (street number)
Phone formatting Country-specific: +32 (BE) vs. +31 (NL) vs. +49 (DE)
VAT number format Country prefix validation: BE0123456789, NL123456789B01, DE123456789

14.4 Implementation architecture

uml diagram

15. Email & Notifications

15.1 Email types

Category Emails Provider
Transactional Welcome, email verification, password reset, login notification Resend / Postmark
Billing Payment receipt, payment failed, subscription confirmed, cancellation Stripe (built-in)
Onboarding Drip sequence (days 1, 3, 5, 7, 12) Resend / Customer.io
Operational Trial ending (3 days), trial expired, account suspended Application + email service
Product Order received, print completed, shipping label created, package shipped Application (in-app + optional email)

15.2 Onboarding drip sequence

Day Email Goal
0 (immediate) Welcome — "Let's connect your tools" Drive to onboarding wizard
1 "Did you connect Shopify?" Complete step 1 if not done
3 "Your print farm is waiting" — connect SimplyPrint Complete step 2
5 "Ship smarter with Sendcloud" — connect Sendcloud Complete step 3
7 "Set up your first product" — map a product Create first mapping
12 "Your trial ends in 2 days" — subscribe now Convert to paid

Behavior-driven: Skip emails for steps already completed. If the tenant completes onboarding on day 1, switch to a "tips & tricks" sequence instead.

15.3 Email infrastructure

Concern Decision
Provider Resend (developer-friendly, EU data processing) or Postmark (high deliverability)
Separation Separate transactional and marketing sending to protect deliverability
Templates MJML for responsive HTML emails; plain text fallback
Branding Consistent with dashboard branding; Forma3D logo, colors
Unsubscribe One-click unsubscribe for all non-essential emails (GDPR + CAN-SPAM)
Tracking Open/click tracking for onboarding sequence; no tracking for transactional

16. Analytics & Metrics

16.1 Business metrics to track

Metric Formula Target
MRR (Monthly Recurring Revenue) Sum of all active subscriptions normalized to monthly Track growth
ARR (Annual Recurring Revenue) MRR × 12 Track growth
Churn rate Cancelled subscriptions / total subscriptions (monthly) < 5%
Net Revenue Retention (MRR at end − new MRR) / MRR at start > 100%
Trial-to-paid conversion Paid conversions / trial sign-ups > 15%
CAC (Customer Acquisition Cost) Marketing spend / new customers Track
LTV (Customer Lifetime Value) ARPU / churn rate LTV:CAC > 3:1
ARPU (Average Revenue Per User) MRR / active tenants Track
Time to first value Sign-up to first order processed < 30 min
Onboarding completion rate Completed wizard / started wizard > 70%

16.2 Product analytics

What to track Why Tool
Feature usage per tenant Identify power users and at-risk accounts PostHog / Amplitude
Page views and navigation Understand UX bottlenecks PostHog
Onboarding funnel Optimize conversion PostHog
API usage per tenant Enforce rate limits, identify heavy users Application logs
Order volume per tenant Usage-based billing, tier recommendations Application database
Error rates per tenant Proactive support Sentry + Grafana

16.3 Internal dashboard

Build an internal (super-admin only) dashboard with:

  • Total tenants by status (trial, active, past due, cancelled)
  • MRR trend chart
  • Churn waterfall
  • Trial conversion funnel
  • Top tenants by order volume
  • System health overview

17. Customer Support & Success

17.1 Support channels

Channel Tiers SLA Tool
Knowledge base / FAQ All Self-service Notion / GitBook / Custom
Email support All Starter: 48h, Growth: 24h, Pro: 8h Help Scout / Freshdesk
In-app chat Growth+ 24h Intercom / Crisp
Priority support Pro+ 8h Dedicated queue
Dedicated account manager Enterprise Custom Internal

17.2 Knowledge base structure

Category Articles
Getting started Onboarding guide, connecting Shopify, connecting SimplyPrint, connecting Sendcloud
Products Setting up products, understanding print files, GridFlock baseplates
Orders Order lifecycle, fulfillment flow, troubleshooting failed orders
Shipping Setting up Sendcloud, shipping labels, tracking
Billing Plans and pricing, updating payment, invoices, cancellation
Account Users and roles, notification settings, data export
API Authentication, endpoints, rate limits, examples

17.3 Support metrics

Metric Target
First response time Within SLA per tier
Resolution time < 24h for Starter, < 8h for Pro
Customer satisfaction (CSAT) > 90%
Ticket volume per tenant Monitor for trends
Knowledge base coverage Resolve > 50% of queries without ticket

18. Operational Readiness

18.1 Status page

A public status page is essential for SaaS credibility:

Requirement Implementation
Provider Instatus, Statuspage.io, or self-hosted
Components Dashboard, API, Shopify Integration, SimplyPrint Integration, Sendcloud Integration, Database
Notifications Email + RSS for subscribers
Incident history Public post-mortems for major incidents
Infrastructure Hosted independently from main service

18.2 Uptime SLA

Tier Uptime commitment Compensation
Starter 99.5% (3.6h downtime/month)
Growth 99.9% (43 min downtime/month) Service credit
Professional 99.9% (43 min downtime/month) 2× service credit
Enterprise 99.95% (22 min downtime/month) Custom SLA

18.3 Monitoring stack

uml diagram

18.4 Backup & disaster recovery

Data Backup frequency Retention Recovery target
PostgreSQL Continuous (DO managed) 7 daily, 4 weekly, 3 monthly RPO: 1 hour, RTO: 4 hours
ClickHouse Nightly to DO Spaces 30 days RPO: 24 hours, RTO: 8 hours
Redis Not backed up (cache only) Rebuild from source
Application config Git (infrastructure as code) Indefinite RTO: 1 hour
Stripe data Stripe-hosted (their backups)

19. Feature Flags & Gradual Rollout

19.1 Use cases

Use case Example
Per-tier feature gating API access only for Professional+
Gradual rollout New analytics dashboard to 10% of tenants first
Kill switch Disable problematic feature without redeployment
Beta features Opt-in beta for selected tenants
A/B testing Test pricing page variants

19.2 Implementation options

Option Complexity Cost
Database flags per tenant Low Free
Environment variables Very low Free
PostHog feature flags Medium Free tier available
LaunchDarkly Medium Paid
Unleash (self-hosted) Medium Free

Recommendation: Start with database-backed feature flags per tenant (stored in the Tenant model). This integrates naturally with multi-tenancy and requires no external service. Migrate to a dedicated system (PostHog) when A/B testing becomes relevant.

20. Domain Architecture Overview

How all the SaaS concerns map to the existing Forma3D.Connect architecture:

uml diagram

21. Implementation Priority

Organized by what blocks the first paying customer vs. what can come later.

Phase 0 — Prerequisites (before any SaaS work)

Item Effort Depends on
Scaling preparations 8–12h
Multi-tenancy + Super Admin 24–40h Scaling

Phase 1 — Minimum Viable SaaS (blocks first paying customer)

# Item Effort Section
1 Stripe integration (Checkout + Portal + webhooks) 16–24h §5
2 Pricing page + tier enforcement 8–12h §4
3 Self-service onboarding wizard 12–16h §3
4 Tenant lifecycle (trial → active → cancelled → deleted) 8–12h §2
5 Terms of Service, Privacy Policy, DPA 8–16h (legal review) §12
6 GDPR basics (cookie consent, data deletion API) 8–12h §10
7 Transactional email setup 4–8h §15
8 Invoicing (Stripe-generated, displayed in dashboard) 4–8h §6
9 Status page 2–4h §18
10 Security hardening (rate limiting, headers, CSRF) 8–12h §13

Phase 1 total estimate: 78–124 hours

Phase 2 — Launch Quality (needed for public launch)

# Item Effort Section
11 EU VAT compliance (Stripe Tax, VIES validation) 8–12h §7
12 Dunning flow + failed payment handling 4–8h §8
13 Cancellation flow with survey + retention offers 4–8h §9
14 Data export (JSON + CSV per tenant) 8–12h §11
15 Onboarding drip email sequence 4–8h §15
16 Knowledge base (initial 10–15 articles) 8–16h §17
17 i18n foundation (react-i18next, EN + NL) 12–16h §14
18 Basic analytics dashboard (super admin) 8–12h §16

Phase 2 total estimate: 56–92 hours

Phase 3 — Growth (post-launch improvements)

# Item Effort Section
19 Belgian e-invoicing (Peppol) 12–16h §6
20 Feature flags system 4–8h §19
21 MFA for admin users 8–12h §13
22 French + German translations 8–12h §14
23 In-app chat support 4–8h §17
24 Product analytics (PostHog/Amplitude) 8–12h §16
25 Churn prediction and alerts 8–16h §16

Phase 3 total estimate: 52–84 hours

Summary timeline

uml diagram

22. References

Research sources

Document Relevance
market-analysis-saas.md Pricing, positioning, competitive landscape
ROADMAP.md Multi-tenancy + super admin prompt
multi-tenant-ux-redesign-research.md UX for non-technical tenants
prompt-multi-tenancy-super-admin.md Technical multi-tenancy implementation
disaster-recovery-research.md Backup and DR strategy
penetration-testing-research.md Security testing approach

This document is a comprehensive research reference. Individual sections should be extracted into detailed implementation prompts as development progresses.