Skip to content

🎯 MVP Feature Definition

This document defines what ships in GetCimple Day 1 versus what comes later.

In Scope (Day 1 - What we ship)

  • Core Compliance Dashboard: Simple view of E8 maturity levels
  • Policy Upload: Drag & drop PDF/Word/Excel files
  • Policy Archive: Store legacy policy documents for reference
  • Domain Discovery: 20-second onboarding with intelligent defaults
  • Basic Questionnaire: 20-question onboarding flow
  • Director Report: One-page PDF export (Rule-Driven Templating)
  • User Management: Add team members via Kinde Auth
  • Task Assignment: Create and assign compliance tasks (linked to policies)
  • Evidence Upload: Attach files to controls with human attestation
  • Email Notifications: Basic status updates via SendGrid

Out of Scope (Post-MVP)

Phase 1: AI Enhancement (After MVP Validation)

  • AI Agent Interface: ChatGPT-style interactions (After validation)
  • AI-Powered Board Reports: Natural language generation (Rule-based first)
  • Automated Assessments: AI-powered policy parsing (Manual MVP)
  • Conversational Guidance: AI assistant for compliance questions
  • Intelligent Recommendations: ML-driven compliance suggestions
  • Policy Extraction: AI parsing of existing documents (Basic text extraction MVP)
  • Risk Scoring AI: Machine learning risk calculations (Rule-based MVP)
  • Single AI Agent Architecture: LangGraph orchestration with Claude 3 Opus/Sonnet
  • AI Evidence Validation: Automated evidence analysis (Human attestation MVP)

Why Deferred: Prove core governance value with deterministic, auditable processes first. AI adds sophistication but isn't required for board-ready compliance management. Boards value transparent calculations over AI "black boxes."

Phase 2: Integration & Scale

  • WhatsApp Notifications: Twilio WhatsApp integration for mobile updates
  • Multi-framework Support: Additional frameworks beyond E8/ACSC/S180/Privacy
  • Third-party Integrations: API connections (Manual uploads MVP)
  • Advanced Reporting: Custom templates (Standard format MVP)
  • Approval Workflows: Multi-step delegation (Simple yes/no MVP)
  • Board Transcripts: Meeting minute parsing (Future feature)
  • Vendor Management: Third-party risk tracking
  • Real-time Monitoring: Continuous compliance monitoring

Success Metric

[To be measured]: First paying customer completes E8 assessment using GetCimple

MVP Technical Boundaries

  • Frontend: React 19 + Vite with Cloudflare Pages (no complex state)
  • Backend: Supabase with basic RLS (rule-based logic, no AI)
  • Auth: Kinde managed auth (no custom auth)
  • Storage: Files in Supabase storage (basic text extraction, no AI parsing)
  • Messaging: Email via SendGrid (no WhatsApp in MVP)
  • Reporting: WeasyPrint/Puppeteer for PDF generation (template-based, no AI)

Decision Tree

  1. Can we build it in 2 weeks? β†’ Include in MVP
  2. Does it require AI/ML? β†’ Post-MVP
  3. Can a spreadsheet do it? β†’ Simplify or defer
  4. Is it critical for first sale? β†’ Include simplified version

Next Steps

  1. Build UI mockups for 8 core features
  2. Create database schema for MVP only
  3. Set up basic Supabase project
  4. Configure Kinde auth
  5. Deploy hello world to Cloudflare

Remember: Ship something that works for 10 customers, not 10,000.