Avocadoo Proposal · Scope · Timeline · Cost

Franchise OS — scope & cost proposal from Avocadoo.

This is Avocadoo's end-to-end implementation proposal for the Summerfield Franchise OS on Toast POS. The document lays out scope by phase, team composition, feature-level breakdown, a 5-month timeline, and an estimated total budget of approx ~$45,000 across all three phases — updated to cover the full module list in the client's May-2026 requirements brief (full Inventory, FDD-compliant LMS, Operations & Checklists, Square Payroll + QuickBooks integrations). The architecture is ready for 5–50 stores and ships with a Simple AI pack starting in Phase 3.

01 3+1 Phases · 3 core + AI

02 5 Months · P1+P2+P3

03 ~$45,000 Estimated total budget

04 4–5 People at peak team

/ 01 /

Executive Summary

The client needs to build a "Franchise OS" on top of Toast POS — to centralize control of menu, recipes, and pricing, sync data across stores, run a franchise approval workflow, and stand up an architecture ready for 50+ stores.

Phase 1 · Lean MVP

Foundation & Toast Sync

Duration5 weeks

Team4–5 people

Cost~$13,000

Phase 2 · Reporting + Full Inventory + Integrations

Cost Control · Square/QB · Scale-ready

Duration8 weeks

Team4–5 people

Cost~$16,000

Phase 3 · Mobile + LMS (FDD) + Operations

Flutter · FDD-LMS · Checklists · Simple AI

Duration8–10 weeks

Team4–5 people

Cost~$16,000

Phase 4 · AI (year 2)

Intelligence Layer

Duration3 months

Team+1 ML eng

CostSeparate RFP

/ 02 /

Scope by Phase

Each phase is an independent milestone that can go live, be signed off, and operate in production before the next phase opens.

Phase 1 — Lean MVP ~$13K

Objective: Centralize operations — HQ controls menu & pricing, Toast data flows into a single system, franchisees have a place to submit proposals — enough to support opening 5 new franchises this year.

F1.1 Project Setup & Infra

DevOps · Tech Lead

4 repos: .NET 8 API (core), NestJS fast service, Next.js web (pnpm), Flutter mobile
Lint + format (dotnet format, ESLint, Prettier, dart format + flutter_lints), CI/CD on GitHub Actions
Azure VNet, Microsoft Entra ID + RBAC, Azure Key Vault
Dev/staging/prod environments on Azure DB for PostgreSQL, Azure Container Apps, Azure Blob Storage
Local dev (Docker compose) with seed data — .NET + Nest + Postgres + Redis

F1.2 Database Design & Migration

Backend Senior

ER diagram (15 core entities)
Migration tooling + master data seed
Basic index review

F1.3 Auth + RBAC (5 roles)

Backend

JWT + refresh, login/logout
RBAC policy: HQ Admin, HQ Ops, Store Manager, Franchisee, Staff
User CRUD UI + role assignment

F1.4 Toast Integration Core

NestJS fast service · "Core of Phase 1"

Toast OAuth, token refresh, sandbox testing
Store ↔ Toast restaurant mapping + UI
Sync orders / payments / menu / inventory — NestJS worker
30-minute batch scheduler + cron
Re-sync by time-window UI
Sync status & log + retry UI
Push menu / price changes to Toast
Manual fix UI for admins

F1.5 HQ Web — Menu & Pricing

Frontend · Backend

Menu list/filter + item CRUD + category/modifier
Master price UI
Price validation (min/max + cost margin warning)

F1.6 Approval Workflow

Backend · Frontend

Proposal data model + status state machine
Submit-proposal API (franchise side)
Approval queue UI (HQ)
Approve/reject + auto-apply + push to Toast

F1.7 Franchise Web (basic)

Frontend

Login + role-based home
Submit price-change proposal form
View proposal status / history

F1.8 Data List & Export

Frontend

Revenue per store table (daily/weekly/monthly)
Basic CSV export

F1.9 DevOps · Deployment · Monitoring

DevOps

Production environment + Azure DB for PostgreSQL + Azure Container Apps prod + Key Vault secrets
Auto backup, App Service Managed Certificates (SSL), Azure DNS
Basic Azure Monitor alerts for sync failure / error rate

F1.10 Testing · UAT · Go-live

QA · Tech Lead

Test plan + test cases
End-to-end integration testing
UAT support, 2 rounds + bug fixes
Go-live + 1 week on-call

F1.11 Documentation

BA + Tech Lead

API documentation (Swagger/OpenAPI)
Basic user manual (HQ + franchise)

Phase 1 Subtotal ~$13,000

2-week sprints · 2–3 sprints
Demo at the end of each sprint
Go-live at the end of week 5
1 year warranty & business maintenance on core flows

Phase 2 — Reporting + Inventory + Cost ~$16K

Objective: Add multi-dimensional reporting (with Square Payroll + QuickBooks data feeding the HQ dashboard), a BOM/cost engine, full inventory operations (item master, PO + receiving, counts/audits, waste, transfers, low-stock alerts, Toast BOM deduction). Upgrade performance (Azure Service Bus queue + cache + indexing) so the architecture is ready for 50 stores. Read-replica horizontal scaling is carved out into a separate expansion RFP once you reach 50+ stores.

F2.1 Reporting & Dashboard

Executive dashboard: sales today/week/month, top-selling items, labor cost %, food cost %, training completion %, open issues
Per-store drill-down: hourly sales pattern, item-level sales, inventory status, staff roster, training status, recent issues
Multi-store comparison side-by-side on key KPIs (sales/labor-hour, food cost %, training completion, complaints)
Role-based dashboard views (HQ Admin sees all · HQ Ops operational · Store Manager their store · Franchisee their stores + anonymized brand benchmarks)
Custom date range + filters · top-selling items report
Custom saved reports + recurring email schedule (e.g., "Top 10 items by margin" weekly)
Custom alerts & thresholds rules (e.g., "alert if any store food cost % > 32%")
Export to CSV / Excel for all reports and tables

F2.2 Data Migration (Toast history)

Toast historical data extract (last 12 months)
Basic data cleansing
Import into Central DB + validation report

F2.3 BOM / Recipe Management

Master recipe DB: one canonical recipe per menu item (ingredients, qty in measurable units, prep steps, plating notes, photo)
BOM linking to inventory item master so the system knows what is consumed per drink
Recipe versioning: change log with date / author / reason, previous versions preserved, effective-date publishing
Recipe permissions: HQ-only edit · Franchisee submit-proposal flow with approval & audit trail · Store Manager/Staff read-only
Allergen tagging (dairy, nuts, soy, gluten, etc.) — visible to staff, with manager-routing guardrail for customer allergy questions
Recipe library export — printable recipe cards / training references for staff
Recipe builder UI (drag/drop ingredient) · Recipe-to-menu linking

F2.4 Cost Calculation & Menu/Price Lock

Ingredient cost data model (point-in-time)
Cost calculation engine (BOM × current ingredient cost → COGS per item)
Margin warning UI — configurable threshold per item (default flag if margin < 70%)
HQ-defined active menu per store/market — stores cannot add items independently
Toast menu sync: approved items + prices push to each store's Toast POS; off-menu items cannot be sold
HQ-only price control per item / per store / per market

F2.5 Inventory Snapshot + Movement

Inventory data model + daily snapshot job
Inventory movement (IN/OUT) + adjustments
Inventory report by store + ingredient
PAR level config (per ingredient, per store)
Low-stock alerts — in-app + email to store manager and HQ when item hits or drops below PAR
Reorder-quantity suggestion (rolling 30-day average + lead-time) surfaced on the PO draft screen

F2.6 Receipt / Invoice Upload

Receipt upload UI (capture/upload + Azure Blob Storage)
Receipt list & filter
Optional manual link of a receipt to a received PO

F2.13 Item Master & Supplier Records

Item master CRUD: name, SKU, unit of measure (oz / g / ml / count), category, default supplier, current cost
Supplier master CRUD (Sysco, LA Food + others): contact, payment terms, delivery schedule, items supplied
Per-store stock-level tracking (qty-on-hand updates on receive / use / count)
Cost-tracking history per ingredient × supplier over time

F2.14 Purchase Orders & Receiving Workflow

Mobile-first · Sysco / LA Food

Create PO from low-stock items (supplier, items, qty, expected delivery)
PO email sender + PDF export to suppliers; direct supplier API if available (future)
Mobile receiving: check items against PO, capture actual qty, note discrepancies, attach photos of damaged items
On-hand counts auto-update on confirm; partial / over-delivery handled explicitly

F2.15 Inventory Counts / Audits

Periodic physical-count workflow (weekly / monthly templates)
Mobile count entry per item · blind-count option
Variance report (system count vs physical) for HQ review and approval

F2.16 Waste / Spoilage & Inter-store Transfer

Waste log: items thrown out + reason (expired, damaged, prep error)
Waste-cost rollup per store over time (HQ KPI)
Inter-store transfer: double-entry (deduct origin, add destination) with audit trail

F2.17 Toast Inventory Deduction (BOM)

Daily batch reconciliation · NestJS worker

Daily batch: Toast sales orders × recipe BOM → deplete ingredient stock on-hand
Modifier-level BOM (extra shot, alternate milk) deducted correctly
Reconciliation report: orders vs ingredient consumed; flag discrepancies for review
Real-time deduction (Toast webhook-driven): scoped as a Phase 2 add-on if HQ requires < 30-min freshness

F2.18 Square Payroll Integration

Required — replaces manual hour entry

Pull labor hours and labor cost from Square Payroll API on a daily schedule
Surface labor cost % on the HQ dashboard (per store, per period)
Eliminates the current manual export-from-Toast → enter-into-Square workflow

F2.19 QuickBooks Read-only Sync

Required — read-only; QB remains accounting source-of-truth

QuickBooks Online OAuth + read-only API connection
Pull key financial metrics (revenue, expense categories, gross margin) for the HQ dashboard
No writes to QuickBooks — accounting team continues to own the books

F2.7 Pricing Schedule

Schedule data model + builder UI (effective from/to)
Schedule executor (cron)
Schedule conflict check

F2.8 Per-franchise Pricing Override

Override data model
Override UI + bulk update

F2.9 Auto Duplicate / Missing Detection

Duplicate-order detection logic + review UI
Missing-order detection with HQ alert
Reconciliation report

F2.10 Full Audit Log

Audit log table + viewer UI
Every HQ/Franchise mutation is recorded

F2.11 Performance & Scale Prep

Azure Service Bus queue for Toast sync (basic decoupling)
Caching layer (Redis) for dashboard queries
DB indexing review + slow-query monitoring
Read replica + horizontal API scaling: deferred until 50+ stores

F2.12 Testing · UAT · Go-live

Phase 2 test cases + integration testing
UAT, 2 rounds + bug fixes
Go-live + 1 week of support

Phase 2 Subtotal ~$16,000

2-week sprints · 4 sprints
Pilot with 1 store before rollout
Historical-data validation report
Architecture ready for 50 stores
Square Payroll + QuickBooks live in dashboard at end of phase
1 year warranty & business maintenance on core flows

Phase 3 — Mobile + LMS (FDD) + Operations + Simple AI + Support ~$16K

Objective: Flutter mobile (iOS + Android) for HQ + Franchise + Staff; a FDD-compliant LMS (quizzes, learning paths, digital certificates, refresher training, franchisee pre-opening workflow); the Operations & Checklists module (daily/weekly/monthly templates with photo/temp/signature evidence + audit history); a Simple AI Pack (anomaly alert + reorder suggestion + AI Q&A assistant); a lean ticket support system; and an internal security review. Advanced AI (full ML/forecasting/DWH/RAG) is still carved out into Phase 4.

F3.1 Mobile App Foundation

Flutter project setup, GoRouter navigation, Riverpod/Bloc state management
Mobile auth flow (login + refresh, biometric optional)
Push notifications (firebase_messaging + flutter_local_notifications, FCM + APNs)
Basic offline cache (Hive / shared_preferences)

F3.2 Mobile — HQ Features

HQ home (basic aggregate KPIs)
Approval queue on mobile
Notification center

F3.3 Mobile — Franchise Features

Franchise home (today's revenue)
Submit proposal on mobile
Inventory check + receipt upload (camera)

F3.4 Mobile — Staff

Staff mobile home (today's schedule, assigned training, assigned checklists)
Daily / weekly / monthly checklists execution (see F3.10)
Training module playback (see F3.5) — video + PDF + quiz on mobile
Staff-to-manager chat: deferred to Phase 4

F3.5 LMS — Course Library & Content Migration

FDD-compliant · Module 2 in brief

Course / lesson data model with versioning
HQ training portal — create, edit, retire, version modules
Content types: MP4 video, PDF, slide decks (PPTX / Google Slides export), images, rich text, embedded links
Content migration from Google Drive: ~111 pages of written content + 19–30 short videos (HQ-owned content)
Video hosting strategy: Azure Blob + CDN (or Vimeo Pro) with adaptive playback; mobile-friendly
Multi-language readiness: English at launch, schema + UI ready for Spanish & Vietnamese later (no rebuild required)

F3.5b LMS — Learning Paths & Assignment

Role-based learning paths (Barista, Shift Lead, Store Manager, Franchisee)
Auto-assignment on user provisioning (new barista → barista path; new franchisee → franchisee path)
Manual assignment / re-assignment by HQ or Store Manager
Mandatory vs optional modules within a path

F3.5c LMS — Quizzes & Assessments

Question types: multiple choice (single & multi), true/false, short answer, matching
Configurable pass threshold per quiz (e.g., 80%)
Configurable retake limit · randomized question order
Auto-grading + manual review for short-answer

F3.5d LMS — Progress Tracking & Certificates

Per-user, per-store, per-franchisee completion status (complete / in progress / not started)
Quiz scores + attempt history archived
Digital certificate auto-issued on path completion · stored against employee record · downloadable PDF
Certificate ID + issue date + validity period (for FDD audit trail)

F3.5e LMS — Franchisee Pre-opening Workflow

FDD-critical · gates store opening

Self-study phase: assigned modules to complete before arriving at HQ
Classroom hours phase: tracked during in-person training week (attendance + classroom-hour log)
On-the-job hours phase: signed off by an HQ-approved trainer (digital sign-off with timestamp + trainer ID)
Completion of all three phases gates the franchisee's store opening date
Audit trail for the entire workflow (FDD legal-defensible record)

F3.5f LMS — Refresher & Reporting

Refresher / recurring training: modules can be set to require annual or quarterly re-completion
System auto-assigns when re-completion is due (e.g., Food Safety every 12 months)
HQ reports: completion rate by store / role / module; employees behind on required training
Reports exportable to CSV / PDF for inspection or audit

F3.X Simple AI Pack

NestJS fast service · Rule-based + LLM API · no ML training required

Sales Anomaly Alert — rule-based z-score against a 4-week baseline (.NET core API), flags stores with unusual revenue dips or spikes
Reorder Quantity Suggestion — rolling 30-day average + lead-time (.NET), suggests restock quantities per ingredient
AI Q&A Assistant — NestJS proxy calling Claude/OpenAI API + RAG-lite over SOP/recipe docs, chat UI on mobile + web

F3.6 Ticket Support (lean)

Ticket data model + submit UI + attachments
Ticket queue UI (HQ support)
Comments + internal notes
Email notifications (SLA tracking: deferred)

F3.10 Operations & Checklists — Templates

Module 5 in brief · HQ-defined templates

HQ creates checklist templates with steps, frequency (daily / weekly / monthly), assigned role (opener, closer, manager), and required evidence per step
Evidence types per step: photo, signature (canvas), temperature reading, numeric value, free-text note, dropdown
Template versioning · clone-from-existing · enable/disable per store

F3.11 Operations — Scheduled Assignment & Execution

Auto-assignment by time + role (morning opener → opening checklist; closing staff → closing checklist)
Mobile-first execution on shared tablet or staff phone
Photo verification per step (camera capture + Azure Blob upload)
Temperature / numeric logs: capture value, out-of-range values flag automatically with alert to manager
Issue logging mid-checklist (e.g., "ice machine making strange noise") routed to manager and tracked to resolution

F3.12 Operations — Visibility & Audit History

HQ and Store Manager see which checklists are complete / in progress / overdue in real time
Every completed checklist archived with timestamps, photos, signatures, and numeric values
Searchable audit history (filter by store, template, date, role) — for health-department audits and internal review
Offline mode: mobile queues submissions when wifi drops, auto-syncs on reconnect with conflict handling

F3.7 Security Review (internal)

OWASP top-10 self-checklist
Dependency scan (Snyk free / GH Dependabot)
Fix critical findings
External pen-test: optional add-on ~$3.5K if requested by the client

F3.8 Smoke Load Test

Basic load test (k6/Artillery, 50-store simulation)
Quick tuning of bottlenecks if identified

F3.9 Release · App Store · UAT

Mobile e2e smoke test (Flutter integration_test / Patrol)
App store submission (iOS + Android; certificate & account fees paid directly by the client)
1–2 rounds of UAT + fixes
Go-live + 1 week of support

Phase 3 Subtotal ~$16,000

2-week sprints · 4–5 sprints
FDD-compliant LMS live before first franchisee opens
Operations & Checklists module live across pilot stores
App store submission 2 weeks early
Simple AI Pack goes live in the same phase
Full-project source code handover
1 year warranty & business maintenance on core flows

Phase 4 — AI Layer (optional, year 2)

When to deploy: Once you have ≥12 months of clean data (roughly Q3-2027). This phase is optional and does not need to be signed now. Objective: data → insight → action.

F4.1 Data Platform Upgrade

Set up data warehouse (Postgres + dbt or Azure Synapse Analytics)
ETL pipeline (Airbyte/Airflow)
Standardized fact + dimension tables
Data quality checks

F4.2 Inventory Alert AI

Time-series forecast model (Prophet/ARIMA)
Anomaly detection (low/high stock)
Alert dispatcher

F4.3 Smart Auto-Order + Dynamic PAR

Forecast demand by daypart
Dynamic PAR adjustment by promo / weather
Auto PO suggestion

F4.4 Promo Impact & Menu Optimizer

Promo lift analysis
Item-level COGS analysis
Menu mix optimization recommendations

F4.5 Anomaly & Fraud Detection

Voids, refunds, discount baseline per store
Outlier detection & alerting

F4.6 Mobile AI Assistant (RAG)

Vector store for SOP/recipe content
Mobile chat UI
Guardrails + audit log of responses

F4.7 ML Ops & Monitoring

Model versioning + retraining pipeline
Drift detection
Model performance dashboard

F4.8 UAT · Tuning · Release

2 rounds of A/B testing with HQ ops
False-positive tuning
Release + 2-week monitoring

/ 03 /

Tech Stack & Rationale

A pragmatic stack for a 5–50 store footprint. Every choice has a reason; not over-engineered, not over-simplified. We always favor boring, proven tech.

Frontend

Web & Mobile clients

Next.js (App Router) for HQ + Franchise web · Flutter for mobile.

Web Apps (HQ + Franchise)

Next.js 15 (App Router)SSR/RSC + standard routing

TypeScripttype-safe API contract

TanStack Queryserver state, cache

shadcn/ui + Tailwindfast design system

Rechartsdashboard charts

Zustandlight client state

NextAuth / OIDCsession + JWT bridge

Mobile (Phase 3)

Flutter 3.x (Dart)single codebase, iOS+Android

Riverpod / Blocstate management

GoRouterdeclarative routing

Dio + Retrofittyped HTTP client

Hive / shared_preferencesoffline cache

firebase_messagingFCM + APNs push

Backend

API & Integration

.NET 8 core API · NestJS fast service · Toast Connector in the integration layer.

Core API (Domain & Business Logic)

.NET 8 (ASP.NET Core)core domain API

EF Core + NpgsqlORM for Postgres

FluentValidationDTO validation

MediatR / CQRS liteseparate query / command

Serilogstructured logs

Swashbuckle (OpenAPI)auto API docs

JWT + refreshstateless auth

Fast Service (NestJS — Node 20)

NestJSToast sync worker, webhook, BFF

BullMQ + Redisjob queue, P2

Zod / class-validatorDTO validation

Pino loggerstructured logs

Toast Connector

Toast Public APIorders/menu/payments

Azure Service Bus (Phase 2)decouple sync

Azure Functions Timer triggerbatch scheduler

Data & Infra

Database & DevOps

PostgreSQL SSOT · Azure Container Apps · Terraform IaC.

Database & Cloud

PostgreSQL 16 on Azure DB for PostgreSQL (Flexible Server)SSOT, proven

Read replicareporting workload

Materialized viewsaggregation performance

Azure Cache for Rediscache + queue

Azure Blob Storagereceipts, video, assets

Azure Container Appsno server management

Azure Monitor + App Insights + Sentrymonitoring + error tracking

DevOps · CI/CD · IaC

GitHub ActionsCI/CD

Terraformrepeatable infra

Dockerenvironment consistency

Datadog (optional)APM at >50 stores

Why Azure (not AWS or GCP)?

The short version: Azure is Microsoft's cloud, and our backend is .NET 8 — so the two were designed to work together. That tight fit means less plumbing, fewer surprises, and faster shipping.

First-class .NET runtime & tooling. Azure App Service and Azure Container Apps treat .NET as a first-class citizen — managed runtime upgrades, native OpenTelemetry, App Insights integration without adapters, Visual Studio publish flows, hot-reload deployments. On AWS or GCP these all work, but you spend more setup time wiring them together.

One identity stack. Microsoft Entra ID (formerly Azure AD) covers user identity, SSO readiness (Google/Microsoft Workspace), managed identities for service-to-service auth, and Key Vault integration — all from a single control plane. RBAC at the cloud layer mirrors the RBAC inside the app.

Operationally familiar. Postgres Flexible Server, Container Apps, Service Bus, Functions, Blob Storage, App Insights — these are the same managed services Avocadoo (and the previous vendor on this engagement) have used to build long-running production systems for other SMB / multi-store clients. We're not learning the platform on Summerfield's bill.

Cost is comparable. At 5 stores Azure infra runs ~$320/month (all-in ~$440 with third-party services) on a cost-optimized starter tier — single-instance compute, no Redis replication, smaller Postgres; at 50 stores ~$2,405/month Azure (all-in ~$3,070) with full HA. AWS and GCP land in the same ballpark — the differentiator is dev velocity, not raw price. See section / 07 / Hosting cost projection for the full line-by-line breakdown including Blob bandwidth, App Insights ingestion, and geo-redundant backup.

If the HQ team has a strong preference for AWS (e.g., existing AWS billing relationship), we can port the architecture — the design is cloud-portable since everything runs as containers + standard Postgres + standard Redis. It would add ~1 sprint of infra setup but no architectural change.

Why .NET 8 + NestJS hybrid, NO microservices from day one, NO Data Lake / DWH in Phase 1?

Why .NET 8 (core API) + NestJS (fast service): ASP.NET Core handles complex domain logic (BOM, cost calc, approval workflow, audit) with rock-solid stability, type safety, and high performance — and enterprise teams already know it. NestJS runs alongside as a "fast service" for lightweight, I/O-bound flows — Toast sync worker, webhook listener, mobile BFF, AI/LLM proxy — where Node's event loop and the npm ecosystem (BullMQ, ioredis, OpenAI SDK) feel more natural. The two services deploy independently on Azure Container Apps, share Postgres + Redis, and communicate over REST + Azure Service Bus.

Microservices are premature optimization: at 5–50 stores, a modular monolith (.NET) + 1 fast service (NestJS) is plenty: same performance as microservices, 30% faster dev velocity, and 2–3x simpler debugging. We split further only when crossing 100+ stores (Strangler Fig pattern).

Data Lake / DWH isn't needed yet: 5 stores generate ~5K–10K orders/day → ~3M–7M rows/year. Postgres handles that easily. A DWH (Azure Synapse / Snowflake) adds ~$1.5K–3K/month in infra without solving any problem at this scale.

Advanced AI (ML/forecasting) isn't needed yet: Meaningful models require ≥12 months of clean data to train. Build it early and you get high false-positive rates → HQ silences alerts → wasted spend. The Simple AI Pack in Phase 3 (rule-based + LLM API) is fundamentally different — no training required, useful from the very first store.

/ 04 /

Architecture & integration map

A high-level view of how the four user-facing clients, the two backend services, and the external integrations fit together. Everything in the dotted box runs inside the same Azure resource group — one Postgres database is the system of record, one set of secrets in Key Vault, one observability pipeline.

Reading the diagram: three columns, left → right. Clients (Next.js web · Flutter mobile) talk to the backend over HTTPS. The backend is split into two services — a .NET 8 monolith for domain logic, a NestJS service for I/O-heavy work — both deployed to Azure Container Apps and sharing one Postgres + Redis + Service Bus. The fast service is the one that talks to external systems on Toast and the LLM APIs, keeping integration churn out of the core API. Operations runs entirely inside one Azure resource group with one identity stack (Entra ID + Key Vault).

/ 05 /

Team composition

Primary point of contact & named team

A small, in-house Avocadoo team — four people who actually own the build end to end. No outsourced sub-contracting unless agreed in writing. Pham Minh Quan is the single point of contact for the Summerfield HQ team throughout the engagement.

Name	Role	What they own
Pham Minh Quan PRIMARY POC	Project Manager · single point of contact	Runs working sessions, sprint demos, scope & CR conversations, status updates. Fluent enough in English to walk through operational and business-logic edge cases with the HQ team — not just translating tech specs.
Tran Quang	Tech Lead	Architecture, code review, integration design (Toast / Square Payroll / QuickBooks / BOM engine), security review, NestJS fast-service & AI pack ownership.
Thai Van Dung	Full-stack Engineer	.NET 8 Core API + Next.js web for HQ portal, Franchise portal, dashboards. Inventory, recipe, approval-workflow, LMS web, reporting.
Huynh Quang Bao	Mobile Engineer	Flutter iOS + Android — HQ, Franchise, and Staff apps. LMS playback, checklist execution with photo/temperature evidence, offline queue.

QA & DevOps: shared rotating capacity inside Avocadoo — Tech Lead owns the QA plan; a senior QA engineer is brought in 2–3 days per sprint for test execution and UAT support. DevOps work (Terraform, CI/CD, monitoring setup) is done in P1 and then maintained ~0.2 FTE thereafter.

/ 06 /

Cost breakdown — by Feature / Function

Same dollars, viewed as "modules you're getting".

Feature / Module	Phase	Cost (USD)	Short description
Core infra & Foundation
Project Setup & Infra	P1	$1,000	Azure, CI/CD, Docker, Terraform
Database Design	P1	$500	ER, migration, seed
Auth + RBAC (5 roles)	P1	$800	JWT, refresh, RBAC; MFA for HQ Admin/Ops
DevOps & Monitoring	P1	$650	Prod env, alarms
Toast Integration
Toast API Sync (orders, payments, menu, inv)	P1	$3,540	Core of the system
Performance & Scale Prep (Service Bus, cache, index)	P2	$500	Azure Service Bus + Cache for Redis + indexing → 50-store ready
Auto Duplicate / Missing Detection	P2	$550	Automated data quality
HQ Control Center
Menu Management (CRUD)	P1	$885	Item, modifier, category
Master Pricing + Validation	P1	$590	Min/max, margin warning
BOM / Recipe Management	P2	$1,200	Lock + versioning
Cost Calculation Engine	P2	$750	Margin per item
Pricing Schedule (effective from/to)	P2	$500	Scheduled price changes
Per-franchise Price Override	P2	$400	By state/store
Franchise Portal & Approval
Franchise Web (basic)	P1	$735	Login, submit, history
Approval Workflow	P1	$1,030	Queue + auto-apply
Reporting & Dashboard
Data List + Export CSV (basic)	P1	$440	Phase 1 stub
Dashboard + Multi-store comparison	P2	$1,200	Charts, filters, top items
Dashboard Advanced (drill-down, custom email reports, alerts/thresholds, labor/food/training KPIs)	P2	$550	Saved reports, recurring report emails, threshold rules
Data Migration (12 months of Toast history)	P2	$450	Extract + cleanse
External Integrations (Square Payroll + QuickBooks)
Square Payroll Integration	P2	$450	Pull labor hours/cost; eliminate manual entry
QuickBooks Read-only Sync	P2	$450	Pull financial metrics for HQ dashboard
Recipe / Menu — additional
Recipe Enhancements (allergen tagging, printable export, off-menu lock)	P2	$250	FDD-relevant safety + brand protection
Inventory & Supply
Item Master & Supplier Records	P2	$590	Items, SKUs, UoM, suppliers (Sysco/LA Food), cost history
Inventory Snapshot + Movement	P2	$1,200	Daily snapshot + IN/OUT
Low-stock Alerts + Reorder Suggestion	P2	$295	In-app + email alerts; reorder hint on PO draft
Purchase Orders & Receiving Workflow	P2	$1,100	PO + email/PDF to suppliers + mobile receiving with photo
Inventory Counts / Audits	P2	$500	Periodic physical count + variance report
Waste / Spoilage & Inter-store Transfer	P2	$400	Waste log + cost rollup + double-entry transfer
Toast Inventory Deduction (BOM, daily batch)	P2	$800	Sales × BOM → ingredient depletion + reconciliation; modifier-aware
Receipt / Invoice Upload	P2	$500	Blob Storage upload + list
Mobile App (Phase 3)
Mobile Foundation	P3	$1,100	Flutter, push, offline cache
Mobile HQ Features	P3	$400	Dashboard, approvals
Mobile Franchise Features	P3	$700	Submit, inventory, receipts
Mobile Staff (checklist execution + training playback)	P3	$590	Daily checklist + LMS module playback on mobile
LMS — FDD-compliant (Phase 3)
LMS — Course Library & Content Migration	P3	$650	Migrate ~111 pages + 19–30 videos from Google Drive; multi-language ready
LMS — Learning Paths & Assignment	P3	$440	Role-based paths; auto-assign Barista/Shift Lead/Manager/Franchisee
LMS — Quizzes & Assessments	P3	$650	MCQ, T/F, short-answer, matching; configurable threshold + retakes
LMS — Progress Tracking & Digital Certificates	P3	$500	Per-user/store/franchisee progress; auto-issued PDF certs
LMS — Franchisee Pre-opening Workflow	P3	$950	Self-study + classroom + on-the-job sign-off; gates store opening
LMS — Refresher Training & Reporting	P3	$350	Annual/quarterly auto-assign; completion reports by store/role/module
Simple AI Pack (Phase 3)
Sales Anomaly Alert (rule-based)	P3	$200	4-week z-score baseline, alerts HQ
Reorder Quantity Suggestion	P3	$200	Rolling 30-day avg + lead-time
AI Q&A Assistant (LLM + RAG-lite)	P3	$200	Claude/OpenAI API over SOP/recipe docs
Operations & Checklists (Phase 3)
Checklist Templates & Evidence types	P3	$750	Templates with photo/signature/temperature/numeric evidence
Scheduled Assignment & Mobile Execution	P3	$1,200	Auto-assign by role/time; photo capture; temp logs with out-of-range flag; issue logging
Real-time Visibility, Audit History & Offline mode	P3	$500	Searchable audit (health-dept ready); offline queue + sync
Support & Security
Ticket Support System (lean)	P3	$600	Submit + queue + email notif
Full Audit Log	P2	$295	Every HQ/Franchise mutation
Security Review (internal)	P3	$500	OWASP checklist + dep scan
Smoke Load Test	P3	$200	k6/Artillery, 50-store simulation
App Store Submission + UAT + Release	P3	$1,150	iOS+Android, 1–2 UAT rounds
Cross-cutting (every phase)
Testing / QA Cross-phase	P1+P2+P3	$2,900	Total QA effort (uplifted for LMS + Operations + Inventory)
PM / Coordination	P1+P2+P3	$3,800	Sprints, demos, stakeholder mgmt (4–5 sprints in P2 + P3)
BA / UX / Documentation	P1+P2+P3	$1,400	Specs, user manual, API docs (incl. Operations + LMS content)
Tech Lead oversight / code review	P1+P2+P3	$1,000	Embedded review + architecture
Onboarding + Pilot validation + LLM API budget	—	$675	Kickoff workshop, pilot store check, Claude/OpenAI API for Phase 3
Rounding adjustment (goodwill)	—	$295	Avocadoo rounds the estimate cleanly to approx ~$45,000
Grand Total — Phase 1+2+3		~$45,000	≈ approx ~$45K, updated for expanded scope per May-2026 client brief

/ 07 /

Hosting cost projection — 5 stores vs 50 stores

The build cost above is one-time. Running the platform is monthly. Here is what we estimate the all-in operating cost looks like at your current scale of 5 stores, and at the projected scale of 50 stores. Numbers are deliberately on the generous side — we would rather over-quote ops and have you save on the bill than under-quote and surprise you later.

Azure infrastructure

At 5 stores, tiers are right-sized for launch cost: single replica, no zone redundancy, Basic Redis, smaller Burstable Postgres — still a real production stack, not a demo. At 50 stores, compute and RAM move to the comfortable side with HA, replication, and read replicas so the system stays responsive on a busy day.

Service	Tier @ 5 stores	5 stores / month	Tier @ 50 stores	50 stores / month
Azure Container Apps (.NET + NestJS)	Consumption · 2 vCPU + 4 GB combined · 1 replica (single zone · no HA)	$95	6–10 vCPU + 16–24 GB · autoscaled replicas across 2 zones	$700
Azure DB for PostgreSQL (Flexible Server)	Burstable B1ms · 1 vCPU · 2 GB RAM · 32 GB SSD	$70	General Purpose D4s_v3 · 4 vCPU · 16 GB · 512 GB SSD + read replica	$850
Azure Cache for Redis	Basic C0 (250 MB · no replication)	$18	Standard C3 (6 GB · replicated)	$300
Azure Service Bus	Standard	$30	Standard · more topics	$50
Azure Functions (cron / scheduled)	Consumption · low invocation	$10	Consumption · higher invocation	$25
Blob Storage — capacity	Hot · ~50 GB + lifecycle to cool	$5	Hot · ~500 GB + lifecycle	$25
Blob Storage — bandwidth + read ops	~50 GB egress + transactions (receipts, checklist photos)	$20	~500 GB egress + transactions (LMS video heavy)	$90
Bandwidth — egress (API → clients)	~50 GB outbound / month	$5	~500 GB outbound / month	$45
Azure Monitor + Application Insights	PAYG · ~5–8 GB ingestion · sampling + daily cap	$40	PAYG · ~50 GB ingestion · longer retention	$250
Geo-redundant backup (Postgres LTR)	7-day point-in-time + monthly LTR	$15	30-day PITR + monthly + yearly LTR	$50
Azure Key Vault	Standard	$5	Standard · more secrets & requests	$10
Azure DNS	1 zone	$1	2 zones	$2
Static public IP (egress whitelist)	1 IP	$4	2 IPs (primary + failover)	$8
App Service Managed Certificate (TLS)	Free	$0	Free	$0
Azure subtotal		~$320	—	~$2,405

Third-party services & hidden costs

Item	Provider / tier	5 stores / month	Notes @ 50 stores	50 stores / month
Domain registration	Namecheap / Cloudflare · ~$15/yr	$2	Same	$2
Transactional email (PO, alerts, certs)	SendGrid Essentials	$20	SendGrid Pro · ~50K emails/month	$90
Error tracking	Sentry Team · 50K events/month	$26	Sentry Business	$80
LMS video hosting / CDN	Bunny.net or Vimeo Pro · ~25 videos	$25	Higher bandwidth tier	$120
Claude / OpenAI API (AI Q&A pack)	Pay-per-use · low query volume	$30	~25K queries/month	$280
Apple Developer Program	$99/year	$9	Same	$9
Google Play Developer (one-time $25)	Amortized	$1	Same	$1
Push notifications	FCM (Google · free) + APNs (via Apple Dev)	$0	Free for app push	$0
GitHub (private repo + CI/CD minutes)	Team tier	$8	Team tier · more concurrent runners	$24
Backup retention (geo-redundant)	Included in Postgres tier	$0	Long-term backup add-on	$30
Third-party subtotal		~$121	—	~$636

Bracket	Azure	Third-party	All-in monthly	All-in yearly
5 stores (today)	~$320	~$121	~$440	~$5,300
10–15 stores (~18 months)	~$1,180	~$295	~$1,475	~$17,700
50 stores (projected)	~$2,405	~$666	~$3,070	~$36,800

What this does not include: the cost of the LLM API budget specifically for the AI Q&A assistant if usage spikes (we can put a hard monthly cap in code — recommended); any premium content licensing for LMS videos; SOC 2 / pen-test costs if Summerfield decides to certify (typically $15–30K for SOC 2 Type II, scoped separately); and the maintenance retainer covered in / 08 /.

/ 08 /

Maintenance & support

The brief calls this out as one of the most important sections — fair, because vendors quoting low on build and recouping margin on inflated retainers is a real pattern. Here is how we handle it: a warranty period included free, then a clear retainer with itemized scope, and a 3-year total-cost-of-ownership view so there are no surprises.

Warranty (included free, per phase)

After each phase goes live, 12 months of free warranty & business-flow maintenance on the features delivered in that phase. The warranty covers any behavior that deviates from the accepted UAT criteria — i.e., bugs. It does not cover new features, scope changes, or business-logic adjustments the team decides on after go-live (those are change requests, see below).

What is a bug. Code that does not do what the UAT-signed spec says it does. Performance regressions below agreed thresholds. Security findings in dependencies we own.

What is a change request. "Can we add a field to the recipe model?", "Can the dashboard also show X?", "Can we add a new role?". Quoted separately at the rates below.

What happens at the warranty\'s end. Either the HQ team picks one of the retainer tiers below, or maintenance moves to time-and-materials at our standard rate.

Bug-fix SLA (during warranty & under a retainer)

Severity	Definition (in plain language)	Response	Resolution target
P0 — Store down	System fully unavailable; stores cannot operate or sales are blocked.	1 hour BH 4 hours OOH	Best effort · target ≤ 4 hours
P1 — Critical	Key flow broken (Toast sync stopped, approval queue down, FDD-related LMS workflow blocked).	4 business hours	1 business day
P2 — High	Important flow degraded (dashboard slow, scheduled report missed, photo upload intermittent).	1 business day	3 business days
P3 — Medium	Non-critical bug; a workaround exists.	2 business days	1 week
P4 — Low	UI / cosmetic / minor copy issue.	1 week	Next release cycle

BH = business hours (09:00–18:00 ICT, Mon–Fri). OOH = outside business hours. P0/P1 outside hours need the Tier C plan or a per-incident emergency fee (below).

Monthly maintenance retainer (after warranty)

Pick the tier that matches how much ongoing work you expect. Tier B is what we would recommend for a 10–25 store operation; Tier C kicks in around 30+ stores where the system is genuinely business-critical.

Tier A

Essentials

$500 /mo

Bug fixes only · for small steady-state ops

Included

Bug fixes — P2 or lower SLA
Up to 4 hours/month enhancement work
Quarterly dependency review
HQ-managed Azure resources (you own monitoring)

Not included

P0/P1 SLA · OOH support
Security patching cadence

Recommended

Tier B

Operate

$1,200 /mo

Avocadoo owns the platform day-to-day

Included

Bug fixes — P1 or lower SLA
Security patches + dependency updates monthly
Hosting management — monitoring, backups, alerts, scaling
Up to 8 hours/month minor enhancements
Quarterly architecture / cost review
Office-hours support window

Not included

24/7 P0 SLA · OOH on-call

Tier C

Business-critical

$2,500 /mo

For 30+ stores · weekend support included

Everything in B, plus

P0 SLA 24/7 — including OOH on-call
Up to 20 hours/month enhancements
Monthly product check-in with Tech Lead
Pen-test coordination + advisory
Disaster-recovery drill every 6 months

Feature change requests & emergency support

Type	Pricing	Notes
Small CR (under 8 hours)	$50/hour blended · 4-hour minimum	Quoted on a CR ticket; client signs off before work starts
Medium CR (8–40 hours)	Fixed-price quote	Includes design, build, test, deploy
Large CR (> 40 hours)	Scoped as a mini-phase	Same flow as P1/P2 — sprint demo + UAT
Emergency support — OOH P0/P1 (without Tier C)	$150/hour · 2-hour minimum	Saturday-night store down, holiday outage, etc.

3-year total cost of ownership

A realistic projection assuming the Summerfield team grows roughly along the brief\'s scale plan (5 → ~12 stores by Y2 → ~25 stores by Y3). Hosting scales with store count; maintenance moves up from warranty (free) to Tier B (recommended) once the warranty ends.

Year	Build & phases	Hosting (all-in)	Maintenance	Reasonable enhancements	Year total
Year 1 (build · 5–8 stores)	$45,000 (paid by milestone)	~$440/mo × 12 = $5,280	Warranty — $0	Included in build	~$50,280
Year 2 (~10–15 stores)	—	~$1,475/mo × 12 = $17,700	Tier B · $1,200/mo × 12 = $14,400	~$5,000 (small CRs)	~$37,100
Year 3 (~20–30 stores)	—	~$2,250/mo × 12 = $27,000	Tier B · $1,200/mo × 12 = $14,400	~$8,000 (mid CRs)	~$49,400
3-year total cost of ownership					~$136,780

/ 09 /

Timeline (Gantt) — 5 months

A continuous schedule: 3 phases back-to-back with a short Operate & learn window after Phase 1 go-live before Phase 2 build begins — choose only with steady, committed resourcing on both sides.

	W1	W2	W3	W4	W5	W6	W7	W8	W9	W10	W11	W12	W13	W14	W15	W16	W17	W18	W19	W20
Kick-off & Design	Setup
Phase 1 — MVP build	P1 Sprint 1-2 build UAT
Operate & learn	Operate 1–2 weeks
Phase 2 — Reporting+Inv	P2 Sprint 1-3 build UAT
Phase 3 — Mobile+LMS	P3 Sprint 1-3 (Mobile, LMS, AI, Sec) UAT + App Store

/ 10 /

RBAC matrix — who can do what

Five roles from Section 2.1 of the brief × the major modules of the platform. This is the working sketch — it gets locked into a formal RBAC spec during Phase 1 design, then enforced at the API layer (not just the UI). Cells use a compact legend: V view · C create · E edit · D delete · A approve · X execute · — no access. A star (★) means "scoped to their own store(s) only".

Module / capability	HQ Admin	HQ Ops	Store Manager	Franchisee	Staff
Identity & security
Users & role assignment	C E D V	E V (non-admin)	—	—	—
RBAC policy	E V	V	—	—	—
MFA enforcement	Required	Required	Optional	Optional	Optional
Audit log	V all	V (non-admin)	—	—	—
Menu, pricing & recipes
Menu items (active menu per store)	C E D V	V	V ★	V ★	V ★
Master pricing	C E V	V	V ★	V ★	V ★
Recipes / BOM	C E D V	V	V	V + submit proposal	V
Allergen tags	C E V	V	V	V	V
Approval workflow (proposals)	A	A	—	Submit · V own	—
Inventory & supply
Item master & suppliers	C E D V	C E V	V	V ★	—
Stock levels (qty-on-hand)	V all	V all	E V ★	V ★	—
Purchase orders	V all · A	V all · A	C E V ★	C E V ★	—
Receiving (mobile)	V all	V all	X ★	X ★	X ★
Counts / audits	V all · A	V all · A variance	X ★	V ★	—
Waste & inter-store transfer	V all	V all · A transfer	C V ★	V ★	C ★ (waste log)
LMS — training
Course content (HQ portal)	C E D V	E V	V	V (assigned only)	V (assigned only)
Learning path assignment	C E V	C E V	E V ★ (staff)	V ★	V own only
Quizzes & assessments	C E V scores	V scores	V ★ scores	V own	Take · V own attempts
Digital certificates	V all · revoke	V all	V ★	V own	V own · download
Franchisee pre-opening workflow	A · V all	A · V all	—	X own (self-study/classroom/OJT)	—
Refresher cycles	C E V	V	V ★	V own	X own
Operations & checklists
Checklist templates	C E D V	C E D V	V	V ★	—
Scheduled assignment	V all	E V (overrides)	V ★	V ★	V own
Execution (photo, temp, signature)	V all	V all	X · A ★	V ★	X ★
Issue logging	V all	V · A close	A close ★	V ★	C ★
Audit history (health dept)	V all · export	V all · export	V ★	V ★	—
Dashboard & reporting
Executive dashboard	V all	V operational	V ★	V ★ + anonymized brand benchmarks	—
Per-store drill-down	V all	V all	V ★	V ★	—
Cross-store comparison	V all	V all	—	V (anonymized)	—
Custom reports + email schedule	C E V	C E V	V ★	V ★	—
Alerts & thresholds	C E V	C E V	V ★ subscribe	V ★ subscribe	—
Support & tickets
Tickets (raise, reply)	V all · A close	V all · E	C E V ★	C E V ★	C E V own

Two principles behind this matrix. (1) Least privilege — staff and franchisees see only their own scope; the system enforces it at the API, not just by hiding UI. (2) Audit everything privileged — anything HQ Admin or HQ Ops does that changes a recipe, price, role, or permission lands in the audit log with before/after values, timestamps, and actor identity (the FDD-relevant fields for legal defensibility). Roles are configurable inside the platform after launch — adding "HQ Finance" or "Regional Manager" later does not require a release.

/ 11 /

What we need from you to start

A build is only as accurate as the inputs. To keep the timeline honest, here is what we will need from the Summerfield team — grouped by when we would need it. The earlier items unblock Phase 1 design and database modelling; the later ones are about not blocking Phase 2 and Phase 3 once we get there. Business rules, formulas, and calculation logic are listed in the same priority bands below — Critical when they block P1 (menu, pricing, approval, recipe/BOM shape); High when they block P2 (COGS, inventory, deductions, dashboard KPIs). We would rather receive these in a shared folder (Google Drive or Dropbox is fine) than over email — easier to track what is complete.

🔴 Critical — needed before kickoff or in week 1

What	Why we need it	Format
Toast credentials (sandbox + production)	To verify the API the moment we kick off — Toast integration is the single biggest risk in P1 (see risks table).	API key + restaurant IDs for all 5 stores · sandbox account
Sample receipts & orders for DB analysis	To model the database correctly — we want to see the actual shape of your data, not guess from docs. The ER diagram in P1 is built on top of these samples.	~1 week of Toast daily summaries per store · sample receipts (CSV / JSON / PDF exports)
Sample supplier invoices (Sysco, LA Food)	To design the supplier & PO data model accurately — what fields matter, what the actual line items look like, payment terms.	10–20 invoices (PDF or scan)
FDD-relevant excerpts on training commitments	The LMS franchisee pre-opening workflow is built from the FDD language — we need to read the exact wording you have committed to.	Section excerpts (no need to share full FDD)
Logo + brand basics	To get the UI shells in place from day one — header, login, app icon.	Logo SVG/PNG · primary colors · brand font name
Business rules & calculations — Critical (P1)
Canonical recipes + BOM (Bill of Materials)	Recipe/cost modules and Toast menu mapping depend on how you define a drink today — ingredients, quantities, UoM, and which Toast menu items/modifiers each recipe covers.	5–10 representative drinks fully written out · spreadsheet or doc · note how modifiers (size, milk, toppings) change quantities
Pricing control & validation rules	Master pricing, min/max checks, and franchise approval need your real rules — not assumptions.	Written rules: who may change price · min/max or band per item · margin warning threshold if you use one (e.g. flag below 70% gross margin) · per-store vs single national price list
Franchisee proposal & approval workflow	The approval queue and auto-apply behavior in P1 must mirror how HQ actually decides today.	Step-by-step: what a franchisee may request · what HQ must approve · what applies automatically after approval · any blackout periods
Toast menu ↔ internal item mapping logic	Sync and push-to-Toast need rules for item IDs, modifiers, and off-menu items.	One store’s current Toast menu export · which fields HQ owns vs store · rule for seasonal/LTO items

🟠 High priority — needed before Phase 2 (integration sprint)

Includes integration credentials and the calculation/KPI logic that feeds inventory, cost control, and the HQ dashboard. One record per integrated service for credentials; business-rule docs can live in the same shared folder.

Business rules & calculations — High (before P2)

What	Why we need it	Format
COGS & margin calculation spec	Cost engine and margin alerts must match how HQ thinks about drink economics.	Formula in plain language: ingredient cost source (last PO, average, manual) · how menu price − COGS = margin · rounding rules · alert threshold %
Food cost % & labor cost % (dashboard KPIs)	Executive dashboard and cross-store comparison need your definitions — numerators/denominators and period (day/week).	One-pager per KPI: formula · data source (Toast, Square, QuickBooks, inventory) · target or red-line % if you have one
PAR levels & low-stock logic	PAR alerts and reorder hints depend on whether PAR is per item per store, category defaults, or HQ-set only.	PAR table or rules doc · who sets PAR (HQ vs store manager) · in-app vs email recipients
Reorder quantity suggestion rules	Reorder hint on PO draft should follow your ops habit, not a generic average.	Rule: e.g. order to PAR, cover N days of usage, supplier case packs · lead time per supplier if known
Toast → inventory deduction (daily batch)	BOM depletion job needs timing and edge-case rules aligned with the brief’s daily-batch minimum.	Batch time (e.g. nightly) · how combos/modifiers map to BOM lines · how to treat voids/refunds · who reconciles variance
Physical count & variance approval	Audit workflow and variance reports need sign-off rules.	Count frequency · acceptable variance % · manager vs HQ approval for adjustments
Waste / spoilage & inter-store transfer rules	Cost rollup and double-entry transfer must match how you account for loss and moves today.	Reason codes you use · whether transfer requires HQ approval · cost basis on transfer
Pricing schedule & effective-date logic	Scheduled price changes need timezone and “effective at” behavior (open of business day vs midnight).	Written rule + 1–2 historical examples of a scheduled change
Per-franchise / per-market price override rules	Override table in P2 only works if we know when state/store overrides are allowed.	Matrix: which markets differ · who may request · approval path
Square Payroll → dashboard mapping	Labor hours/cost on the dashboard must match the fields your accountants trust.	Which Square fields = “labor hours” and “labor cost” · store/location mapping · pay period alignment
QuickBooks → dashboard mapping	Read-only financial metrics need a fixed list of accounts or report lines.	QB report name + line items to pull · refresh cadence · store/location dimension if any
Dashboard alerts & saved reports (thresholds)	Threshold rules and scheduled emails need your real operational triggers.	List of 3–5 alerts (e.g. food cost > 32%) · who receives email · optional saved report definitions

Integration credentials & confirmations

Service	What we need	Owner on your side
Toast POS	Production API key · webhook secret (if available) · partner-account status · API docs URL	—
Square Payroll	API key with read scope for labor hours · OAuth redirect URL · docs URL · sample export of last month	—
QuickBooks Online	OAuth app registration · read scope confirmation · QB realm ID · sample financial report	—
Sysco	Vendor portal access OR PO email contact · current PO format you use today · payment-terms confirmation	—
LA Food	Same as Sysco	—
Curate	Written confirmation no integration is required (we want this in writing so it does not surface later)	—
DoorDash	Written confirmation no integration is required (managed via Curate)	—
Reolink (cameras)	Written confirmation out of scope	—
Domain & DNS	Registrar access (e.g., to create CNAMEs for app subdomains) · target domain (e.g., ops.summerfieldteabar.com)	—
SendGrid (transactional email)	Either: your existing SendGrid account · or authorize us to create one billed to you	—

🟡 Medium priority — needed before Phase 3 (mobile + LMS)

What	Why we need it	Format
LMS content inventory	The ~111 pages of PDFs and 19–30 videos mentioned in the brief — we will structure them into learning paths during P3 design.	Folder of PDFs + videos (MP4 or links) · a one-page index of "what is for whom"
Existing quiz / assessment material	If you have ever written quiz questions or knowledge checks — even informal — we would rather adapt them than invent from scratch.	Any format · even handwritten
Quiz pass threshold & retake policy	Assessments need configurable rules — defaults are fine if you confirm them.	Default pass % (e.g. 80%) · max retakes · whether short-answer is manager-graded
Franchisee pre-opening gate rules	Three-phase workflow (self-study / classroom / on-the-job) must match FDD + your training ops.	Hours or modules required per phase · who may sign OJT · what blocks store opening
Refresher training cadence	Annual/quarterly auto-assign depends on which modules repeat and on what schedule.	List (e.g. Food Safety every 12 months) · assign-to role
Checklist evidence & temperature limits	Out-of-range flags and required evidence types need store-level standards.	Sample templates · min/max °F per log type · photo-required steps
Sales anomaly alert rules	Simple AI pack baseline should reflect what “unusual day” means for your stores.	Metric (sales $, transactions, item count) · sensitivity or % drop vs prior weeks
Apple Developer Program account	To submit the iOS app to the App Store. $99/year, billed to Summerfield (industry standard).	Apple ID for the org · payment method
Google Play Console account	For Android submission. $25 one-time.	Google account for the org · payment method
Push notification provider config	Firebase Cloud Messaging project (for Android) · APNs key (from Apple Developer)	JSON config file + .p8 key
LLM API account (Claude or OpenAI)	For the AI Q&A assistant in the Simple AI pack. We will set a monthly hard cap to prevent runaway cost.	API key · billing method · monthly cap preference

🟢 Nice-to-have — improves quality but will not block delivery

What	Why we need it
Current PAR levels per item per store (if any exist)	Seed data only — PAR logic is High priority above; actual numbers here are optional accelerators.
Vendor payment terms per supplier	Pre-fill supplier records (Net 30 vs Net 60, delivery cadence).
Master allergen list	To pre-tag the recipe library.
Draft daily / weekly / monthly checklists (if any exist)	Even handwritten notes — saves design time on the Operations module.
Initial user list per store (HQ + each store)	To provision accounts before go-live so day-one onboarding is smooth.
Azure region preference	East US, West US, or Central US — confirms data residency. We default to East US if unspecified.
Email tone / template preferences	How formal or casual should automated emails sound? (PO emails, low-stock alerts, welcome emails)
One half-day operational walk-through	The "Working Session" the brief mentions at the end of Section 5 — book this in week 1 and the entire team comes away with shared context that prevents most CRs later.

How this will work in practice: after kick-off we will set up a shared folder with a checklist of these items. The PM (Pham Minh Quan) tracks status weekly. Anything Critical we do not have by end of week 1 — including recipe/BOM samples and pricing/approval rules — becomes a flag we surface. High business-logic items must be agreed before the P2 sprint that builds inventory, COGS, and dashboard KPIs; missing formulas there is the most common source of post-launch change requests.

/ 12 /

Risks & assumptions to clarify in the contract

Section / 11 / is the checklist of what Summerfield provides (credentials, samples, business rules, formulas). This section covers delivery risks and contract assumptions only — we do not repeat those inputs here.

12.1 Key risks & mitigations

#	Risk	Impact	Severity	Mitigation
1	Toast API limitations or version changes	Incomplete sync, incorrect mapping	High	Toast sandbox + production credentials in week 1 (/ 11 /); verify API in P1; retries; manual-fix UI
2	Missing / duplicate Toast data	Revenue reports drift	High	Manual-fix UI from P1; auto-detection in P2
3	Toast rate limits with 50 stores syncing concurrently	Slow sync, missing data	High	Throttling, exponential backoff, per-store batching, P2 queue
4	Toast historical export incomplete	Year-over-year (YoY) comparison is off	Medium	Sync forward from go-live; backfill when a solution exists
5	Menu / pricing changes bypass HQ (Toast tablet or franchisee)	Loss of brand control, data divergence	Medium	HQ→Toast one-way push; lock tablet pricing; approval workflow + audit log (rules in / 11 /)
6	App store rejection (especially iOS)	Mobile go-live delayed	Medium	Submit 2 weeks early; Apple/Google accounts per / 11 /
7	Mid-phase change requests	Timeline + budget slip	Medium	Clear CR process, end-of-sprint scope review
8	Vendor capacity drop mid-project	Delay or difficult handover	Medium	Source code escrow, thorough documentation, milestone-based payment
9	Business rules or formulas agreed late	Rework on COGS, inventory, dashboard KPIs	Medium	Sign-off on / 11 / High-priority logic before P2 sprint starts

12.2 Contract assumptions to verify

Operational rules (recipes, COGS, PAR, KPIs, LMS gates, etc.) are captured as deliverables in / 11 /, not repeated below.

#	Assumption	Action
A1	Section / 11 / deliverables arrive on the stated Critical / High / Medium dates	Shared-folder checklist owned by PM; late items flagged weekly
A2	Toast API is stable for 50 stores; rate limits are sufficient	Validate in week 1 of P1; partnership account if needed
A3	30-minute Toast sync is sufficient (no real-time POS sync required)	Confirm with HQ ops; 15-minute sync is a paid scope change
A4	Flutter mobile is one codebase for iOS + Android	OK; no separate native builds in scope
A5	Email/password auth in P1; Google/Microsoft SSO is a later add-on	OK unless HQ requests SSO in P2
A6	SOC 2 compliance is out of scope for Phases 1–3	Can be scoped separately at >25 stores
A7	English-only UI at launch (US market)	OK; LMS schema supports additional languages later
A8	Summerfield names one primary POC available within 24 business hours	Written into the contract
A9	Source code escrow + complete handover documentation at each milestone	Written into the contract; client repo access from day one

12.3 Proposed contract clauses

Source code ownership. The client owns 100% of the source code upon UAT sign-off. The vendor issues a clear IP transfer document.

Source code escrow. Code, schema, infra-as-code, and secret configuration are committed to the client repository (GitHub/GitLab Cloud/private), with the client holding admin access throughout.

Warranty & business maintenance. 1 year of free warranty & business maintenance on core flows.

Change Request process. Any out-of-scope change is documented via an addendum and estimated separately.