Product (PRD)

Last Updated: 23 March 2026 Version: 2.0

Vision

docus.ao is a compliance-grade document management and business readiness platform for Angolan businesses.

It answers ONE question for each document:

“Do we have a valid, current document that satisfies this compliance requirement?”

It does NOT manage the underlying business processes, policies, or assets that generate those documents.

Foundation Pillars (Non-Negotiable)

These three pillars are the irreducible core of docus.ao. If any one fails, the product delivers zero value. All other features are derivatives built on top of these.

Pillar 1: Document Ingestion & Identity

The system must reliably receive, store, identify, and categorize documents.

A file is uploaded and stored securely, scoped to the correct company
The document is identified by type (Alvará, NIF certificate, INSS clearance, etc.)
It is categorized correctly (Legal, Tax, Social, Operational, Insurance, Fleet, etc.)
The file is retrievable and viewable at any time

Without this, there is no product — just an empty shell.

Pillar 2: Temporal Truth (Dates & Derived Status)

The system must know each document’s validity window and derive compliance status from it.

Issue date and expiry date are captured (via OCR or manual entry)
Document status is always derived from dates — Compliant, At Risk, or Non-Compliant
Users cannot manually override derived status; the dates are the source of truth
See DOMAIN_MODEL.md §4.1 for the canonical status model

Without this, docus.ao is a file cabinet. This is what separates it from Google Drive or Dropbox.

Pillar 3: Proactive Compliance Visibility

The system must actively surface what needs attention — before it becomes a problem.

Documents approaching expiry are flagged (At Risk) before they lapse
Expired or non-compliant documents are surfaced clearly
The dashboard provides an honest, at-a-glance compliance picture
Alerts reach users with enough lead time to act

Without this, users must remember to check. They won’t. A passive archive has no compliance value.

Prioritization Tiers

Everything built on top of the pillars falls into ordered tiers. Higher tiers must be solid before investing in lower ones.

Tier 1 — Foundation Pillars (described above) The compliance engine works: documents go in, status is derived, problems are surfaced.

Tier 2 — Operational Readiness (Can a real team use this daily?)

Cluster	What it covers	Why it matters
CRUD Completeness	Edit metadata, delete/restore, versioning/supersession, correct mistakes with audit trail	If a user can’t fix a wrong expiry date, Pillar 2 is broken in practice
Delivery & Communication	Email notifications, configurable alert thresholds, invitations, activity feed	Alerts that only exist in-app are worthless — the product must go to the user
Navigation & Findability	Search, category filters, sorting, dashboard signal, reports	With 50+ documents across 8 categories, the product is unusable without this
Team & Access	Authentication, multi-tenancy, user invitation, roles & permissions, audit trail	A single-user tool has limited value; a multi-user tool without isolation is a liability

Tier 3 — Value Multipliers (What makes the product compelling?) Smart Packs, OCR auto-extraction, PDF export, compliance resolution flow, duplicate detection, custom document types, knowledge base. These multiply the value of Tiers 1+2 but are not required for basic compliance tracking.

Tier 4 — Polish & Delight (What makes the product excellent?) Favorites, timeline visualizations, advanced reporting, bulk operations, mobile-optimized workflows, offline support.

Prioritization rule: Any bug or regression in a higher tier takes precedence over feature work in a lower tier.

Core Capabilities

1. Document Compliance Tracker

Upload, store, and organize regulatory documents by category and type
Track document validity and expiry with derived compliance status
Monitor compliance across 8 categories (Legal, Tax, Social, Operational, Insurance, Fleet, Commercial, Personnel)
Receive proactive renewal alerts at configurable thresholds
Maintain audit-ready document organization with full audit trail

2. Business Readiness Platform (Smart Packs)

Assemble scenario-based Smart Document Packs with nested hierarchy
Demonstrate compliance for tenders, financing, partnerships, audits
Calculate document readiness percentages with per-item validity requirements
Export professional PDF bundles and bulk ZIP downloads
Resolve compliance blockers through guided resolution flow

→ Pricing model: See BUSINESS_STRATEGY.md § Revenue Model for progressive per-entity pricing, cost structure, and financial projections.

3. Regulatory Intelligence

40+ system document types with Angolan regulatory context, plus custom types
OCR auto-extraction of metadata from uploaded documents (dates, numbers, authorities)
Knowledge base with contextual guidance during upload and from document lists
Track issuing authorities and typical validity periods
Bilingual interface (Portuguese-Angola primary, English secondary)

4. Personnel & Entity Document Tracking

Track documents per person (passports, IDs, certifications) with country of issuance
Assign compliance roles to personnel (CEO, CFO, HR, Compliance, Legal, custom)
Link personnel documents to Smart Packs with jurisdiction requirements

5. Security & Access Control

Multi-tenant data isolation with explicit company_id filtering and RLS
Unified seat model (billing) + four-role hierarchy (in-app). Billing uses a single Internal Users quota; each user is one seat regardless of role. External pack-share recipients are a separate concept and do not consume seats — see SMART_PACK_SHARED_VIEWER.md.
- Administrator (admin): Full access including company settings, billing, invites, and alert configuration. SMS on by default.
- Manager (manager): Full document CRUD, applicability, and Smart Pack management. SMS off by default (admin opt-in per user).
- User (user): Upload and view documents, soft-delete own uploads. SMS off by default (admin opt-in per user).
- Monitor (monitor): Read-only compliance monitoring with download and Smart Pack export (all actions audit-logged). SMS off by default (admin opt-in per user). Renamed from Viewer 2026-04-19 — see DECISIONS.md § DEC-033; code-side rename tracked in SPRINT_SOW.md.
User invitation flow with email verification
Deletion audit trail that persists beyond hard delete
Every download and export logged in audit trail (who, when, which documents)

6. Free Tier Scope (Post-PMF)

Status: Design only. Not for pilot launch. Implementation target: Y2 at the earliest, after product-market fit validation and structured support processes.

The free tier provides full platform access scoped to company-level documents only. It is not a feature-gated trial — all features are available, but entity tracking is disabled.

Included:

Up to 50 company-level documents (Alvara, NIF, INSS clearance, AGT certificates, and all other company-scoped document types)
Full compliance dashboard with document status tracking
OCR auto-extraction on uploads
Knowledge base access
Email alerts for expiring documents
2 Internal Users (any role assignment)
Smart Pack template browsing (read-only: can view templates and see which documents are missing, but cannot export PDF/ZIP)

Excluded:

Tracked entities (people, vehicles, equipment, properties): 0 quota
Smart Pack PDF and ZIP export
SMS alerts
Additional Internal User seats beyond the 2-seat free allocation

Mandatory branding: All exports and shared links from free accounts carry non-removable docus.ao branding. Paid levels can remove branding.

Conversion mechanism: Smart Pack templates require person-level documents (shareholder IDs, manager identification, criminal record certificates) that are tied to tracked entities. Without entities, these documents cannot be uploaded, and Smart Packs display structural gaps — a natural, non-punitive upgrade trigger.

Features

Built on the Foundation Pillars, the product delivers these features:

Pillar Features (Core)

Document Management — Unified view of all documents by category and type. Bulk actions, status tracking, filtering, and the single source of truth for compliance status. → DOCUMENTS_CONSOLIDATION.md

Compliance Alerts — Automated monitoring of document expiry dates with configurable thresholds and proactive notifications. → COMPLIANCE_ALERTS.md

Document Versioning — Lightweight versioning for recurring documents. Shows current version by default while preserving full history. Supersession flow for replacements. → DOCUMENT_VERSIONING.md

Smart Packs Ecosystem

Smart Packs — Transform scattered regulatory documents into organized, professional bundles for any business scenario (bank loans, government tenders, partnerships, compliance audits). Supports nested pack hierarchy. → SMART_PACKS.md

Smart Pack PDF Export — Generate downloadable PDF bundles with professional formatting, cover pages, and document indices. → SMART_PACK_PDF_EXPORT.md

Compliance Resolution Flow — Guided modal interface for resolving compliance issues that block Smart Packs. → COMPLIANCE_RESOLUTION_FLOW.md

Document Intelligence

OCR Document Recognition — Client-side auto-extraction of metadata (document number, dates, issuing authority) from uploaded PDFs and images. Registry of patterns for Angolan document types. → OCR_DOCUMENT_RECOGNITION.md

Knowledge Base Access — Contextual information about Angolan document types, requirements, and issuing authorities. Available during upload and from document lists. → KB_ACCESS_POINTS.md

Duplicate Detection — Hybrid detection using SHA-256 file hashing and OCR metadata matching to prevent duplicate uploads. → DOCUMENT_DUPLICATE_DETECTION.md

Custom Document Types — Companies can create their own document types beyond the 40+ system defaults, with validity tracking and Smart Pack integration. → CUSTOM_DOCUMENT_TYPES.md

Personnel & Entities

Personal Documents — Track personal/personnel documents with country of issuance support for multi-nationality scenarios. → PERSONAL_DOCUMENTS.md

Personnel Roles — Assign compliance roles to personnel with multi-country ID document recognition. → PERSONNEL_ROLES.md

Platform & Operations

User Roles & Permissions — Unified Internal Users billing (one seat per user, role-agnostic) with a four-role hierarchy assigned in-app: admin, manager, user, monitor. RLS-backed data isolation with UI enforcement. Admins own settings, billing, and SMS defaults; managers run document CRUD; users upload and view; monitors have read-only access with logged downloads and Smart Pack exports. External pack-share recipients are a separate, non-seat concept — see SMART_PACK_SHARED_VIEWER.md. Full capability matrix: USER_ROLES_PERMISSIONS.md. Billing rationale: BUSINESS_STRATEGY.md § User Roles & Billing. → USER_ROLES_PERMISSIONS.md

Email Infrastructure — Transactional email via SMTP2Go for compliance alerts, welcome emails, and user invitations. → EMAIL_INFRASTRUCTURE.md

Recycle Bin — Safe deletion with recovery. Soft-deleted documents can be restored or permanently removed. → RECYCLE_BIN.md

Deletion Audit Log — Permanent audit trail for deleted documents that persists even after hard delete. → DELETION_AUDIT_LOG.md

Storage File Naming — Standardized storage format ({SHORT_CODE}_{YYYYMMDD}_{hash8}.{ext}) while preserving original filenames. → STORAGE_FILE_NAMING.md

Dashboard & Reporting

Dashboard — At-a-glance compliance overview with status metrics, expiring documents widget, activity feed, and compliance trends.

Reports — Compliance reporting with category breakdowns and exportable data.

Global Search — Cross-entity search across documents, types, and metadata.

Document Categories

Category	Examples	What We Track
Legal	Commercial license (Alvará), Registry, Articles of Association	Validity, expiry, reference numbers
Tax	Tax clearance (AGT), NIF certificate, tax returns	Issue date, validity period
Social	INSS certificates, social security clearance	Validity, compliance status
Operational	ISO certifications, Environmental permits	Certification dates, renewal
Insurance	Liability, Workers’ Comp, vehicle insurance	Certificate validity (NOT premiums/claims)
Fleet	Vehicle registration, Inspection certificates	Document validity per vehicle
Commercial	Contracts, commercial certificates, trade licenses	Validity, reference numbers
Personnel	Passports, IDs, driving licenses, certifications	Document validity per person, country of issuance
Institutional	Company presentation, project portfolio	Document freshness (no hard expiry)

→ Full details: architecture/PRODUCT_SCOPE.md

Out of Scope

docus.ao IS NOT:

Not This	Because
Insurance policy management	We track certificates, not premiums/claims/beneficiaries
Fleet/asset management	Assets are document anchors only, not operational management
Financial system	No payments, invoices, or accounting
Full DMS/ECM	No approval workflows or collaborative editing (we do have lightweight versioning for document renewals)
HR system	Personnel are document anchors, not employee management
Generic file storage	Every file must be a typed, categorized compliance document

→ Full boundaries: architecture/PRODUCT_SCOPE.md

Decision Framework

Before adding a feature, ask:

Does it help answer “Do we have a valid document?”
- Yes → In scope
- No → Likely out of scope
Does it require managing a business process?
- Yes → Out of scope
- No → Potentially in scope
Does it require storing non-document data?
- Yes → Evaluate carefully; probably out of scope
- No → Potentially in scope
Would a dedicated system do this better?
- Yes → Out of scope (integrate instead)
- No → Potentially in scope

Current State

Attribute	Value
Phase	Pre-Pilot (feature-complete for core workflows)
Live URL	https://app.docus.ao
Hosting	Cloudflare Pages (since March 2026)
Backend	Supabase (PostgreSQL, Auth, Storage, Edge Functions)
Email	SMTP2Go (transactional), Exchange (inbound @docus.ao)
Mobile	Capacitor 7 (iOS + Android) — build-ready, not yet published
Languages	Portuguese-Angola (primary), English (secondary) via react-i18next
Focus	Bug fixes, accessibility (WCAG 2.1 AA), i18n coverage, security hardening
Known Issues	30+ tracked in BUGS.md; critical: BUG-005, BUG-006, BUG-010

Key Messages

What we say:

“Never miss a renewal deadline”
“Business-ready document packages in minutes”
“Compliance confidence for Angolan businesses”

What we don’t say:

“Manage your insurance policies”
“Full fleet management”
“Complete business management”

Positioning: docus.ao is the document compliance layer that sits alongside (not replaces) your existing business systems.

Architecture:

architecture/PRODUCT_SCOPE.md — Detailed boundaries (what IS and IS NOT docus.ao)
architecture/DATA_MODEL.md — Database schema and relationships
architecture/DOMAIN_MODEL.md — Business rules, status models, state machines
architecture/INFORMATION_ARCHITECTURE.md — Navigation and page structure
architecture/PERFORMANCE.md — Caching, optimization patterns

Design & UX:

design/DESIGN_SYSTEM.md — Component library and tokens
design/VISUAL_LANGUAGE.md — Typography, iconography, spacing
ux/USER_JOURNEYS.md — End-to-end user flows

Operations:

PILOT_READINESS.md — Tier-by-tier readiness assessment (start here for current health)
BUGS.md — Bug tracker with severity and status
PLAN.md — Active sprint work tracker
TECH_PLAN.md — Technical conventions and stack decisions
DECISIONS.md — Architecture decision log
features/ — Detailed specs for all features (20+ documents)