Skip to content

Marketplace — Scoping & Delivery Checklist

SCOPE_ITEM: Comprehensive checklist for scoping and delivering marketplace projects. Used during intake (Aimee), architecture (Anna), and project management (Faye/Sytske).

Phase 1: Discovery & Scoping

Business Model

CHECK: What type of marketplace (product, service, rental, B2B)? CHECK: Who are the buyers? Who are the sellers? CHECK: What is the revenue model (commission, subscription, listing fee, hybrid)? CHECK: What is the commission rate? CHECK: What is the expected GMV at launch and 12-month projection? CHECK: What is the competitive landscape (existing alternatives)? CHECK: Is this a new marketplace or migration from an existing platform?

Buyer Side

CHECK: How do buyers find listings (search, browse, location, recommendations)? CHECK: What is the purchase flow (add to cart, direct buy, request quote)? CHECK: Is guest checkout required? CHECK: What payment methods are required (iDEAL, cards, PayPal, Klarna)? CHECK: Is multi-seller cart needed (one checkout, items from multiple sellers)? CHECK: What is the return/refund policy?

Seller Side

CHECK: Can anyone become a seller or is it invite-only / application? CHECK: What business types are accepted (sole traders, companies, both)? CHECK: Is KVK/CoC verification required? CHECK: What information is collected during seller onboarding? CHECK: How many listings per seller (average, maximum)? CHECK: Does the seller need analytics (sales, views, conversion)? CHECK: What is the payout frequency and minimum threshold?

Listings

CHECK: What is being listed (physical products, digital products, services)? CHECK: What attributes describe a listing (title, description, price, location, category)? CHECK: Are there category-specific attributes (size, colour, brand)? CHECK: How many images per listing (minimum, maximum)? CHECK: Is video content supported? CHECK: Is inventory tracking needed (stock count, variants)? CHECK: What is the listing lifecycle (active, expired, sold, suspended)?

Trust & Safety

CHECK: Is listing moderation needed (pre-publish review)? CHECK: Is AI-assisted moderation desired? CHECK: What are the prohibited listing categories? CHECK: Is buyer-seller messaging needed? With contact detail masking? CHECK: Is a review/rating system needed? CHECK: What is the dispute resolution process? CHECK: What are the consequences for policy violations?

Payments & Transactions

CHECK: Which PSP (Mollie Connect (NL, PRIMARY) or Stripe Connect (US, secondary — sovereignty risk))? CHECK: Is escrow / delayed payout needed? CHECK: What is the escrow hold period? CHECK: Is milestone-based release needed (service marketplaces)? CHECK: Are tiered commission rates needed? CHECK: Does the platform need to handle VAT?

Compliance

CHECK: GDPR applicability confirmed (EU data subjects). CHECK: PSD2 compliance (payments via licensed PSP). CHECK: Consumer rights (14-day return policy display). CHECK: P2B Regulation (transparent ranking, seller complaint mechanism). CHECK: DSA obligations (content moderation, reporting mechanism). CHECK: KYC/AML (delegated to PSP).

Phase 2: Architecture & Design

Technical Architecture

  • [ ] Stack confirmed: Next.js + Hono + PostgreSQL + Drizzle.
  • [ ] PSP selected and account created (Mollie Connect preferred. Stripe Connect secondary — US-based, sovereignty risk).
  • [ ] Search engine selected (PostgreSQL FTS or Meilisearch).
  • [ ] Media storage approach confirmed (S3 + CDN, EU region).
  • [ ] Database schema designed (ERD reviewed).
  • [ ] API route structure defined.
  • [ ] Authentication approach defined (NextAuth.js, dual-role).
  • [ ] Background job strategy (BullMQ for payouts, sync, notifications).

Payment Architecture

  • [ ] PSP integration approach documented (Connect type, charge model).
  • [ ] Escrow flow documented (hold, release, dispute).
  • [ ] Commission calculation logic defined.
  • [ ] Refund flow documented (who pays, timeline).
  • [ ] Payout schedule defined.
  • [ ] Webhook handling documented (events, idempotency).

Search Architecture

  • [ ] Search index schema defined (fields, weights, facets).
  • [ ] Index sync strategy defined (real-time vs batch).
  • [ ] Facets and filters defined per category.
  • [ ] Ranking factors and weights documented.

Trust & Safety Architecture

  • [ ] Moderation workflow documented (automated checks, manual queue).
  • [ ] Fraud detection signals defined.
  • [ ] Review authenticity rules defined.
  • [ ] Reporting flow documented.
  • [ ] Policy documents drafted (T&C, acceptable use, review policy).

Phase 3: Development

Sprint 0 — Foundation

  • [ ] Repository initialised with GE stack template.
  • [ ] Database provisioned (EU-hosted PostgreSQL).
  • [ ] Drizzle schema + initial migration created.
  • [ ] Authentication flow implemented (buyer registration, login).
  • [ ] PSP sandbox account configured and tested.
  • [ ] Search engine provisioned (if Meilisearch).
  • [ ] Media storage configured (S3 bucket, CDN, presigned URLs).
  • [ ] CI/CD pipeline configured.
  • [ ] Staging environment provisioned.

Core: Seller Side

  • [ ] Seller registration flow with PSP onboarding.
  • [ ] Seller profile (public page).
  • [ ] Seller dashboard (orders, listings, revenue).
  • [ ] Listing CRUD (create, edit, publish, unpublish, delete).
  • [ ] Listing media upload (images, resize, CDN).
  • [ ] Listing categories and attributes.
  • [ ] Seller payout history view.

Core: Buyer Side

  • [ ] Listing browse (category pages, sort, filter).
  • [ ] Listing search (full-text, faceted).
  • [ ] Listing detail page (images, description, seller info, reviews).
  • [ ] Checkout flow (cart/direct buy, address, payment).
  • [ ] Payment processing (PSP integration, split payments).
  • [ ] Order confirmation and history.
  • [ ] Review submission (post-purchase).

Core: Platform

  • [ ] Admin dashboard (GMV, users, listings, transactions).
  • [ ] Listing moderation queue.
  • [ ] User management (search, suspend, reactivate).
  • [ ] Transaction management (view, refund, dispute).
  • [ ] Content pages (about, terms, privacy, FAQ).

Messaging & Notifications

  • [ ] Buyer-seller messaging (conversation threads).
  • [ ] In-app notification centre.
  • [ ] Email notifications (order confirmation, new message, payout).
  • [ ] Contact detail masking in messages.

Trust & Safety

  • [ ] Pre-publish listing checks (automated).
  • [ ] User reporting system (listing, message, review, user).
  • [ ] Admin moderation queue (reports, flagged content).
  • [ ] Review authenticity enforcement (verified purchase only).

Phase 4: Quality Assurance

Functional Testing

  • [ ] Full buyer journey: register → browse → search → buy → review.
  • [ ] Full seller journey: register → verify → list → sell → payout.
  • [ ] Payment flow: all enabled payment methods tested in sandbox.
  • [ ] Escrow flow: hold → release (buyer confirm + auto-release timeout).
  • [ ] Refund flow: full refund, partial refund, seller-initiated.
  • [ ] Dispute flow: open → evidence → resolve.
  • [ ] Search tested with realistic listing volume.
  • [ ] Messaging tested: send, receive, contact detail masking.
  • [ ] Review tested: submit, display, moderation.
  • [ ] Moderation tested: flag → queue → action → notification.

Security Testing

  • [ ] Authentication tested (registration, login, password reset, social login).
  • [ ] RBAC tested (buyer vs seller vs admin permissions).
  • [ ] Payment security tested (no price manipulation possible via API).
  • [ ] File upload tested (malicious files rejected, size limits enforced).
  • [ ] Contact detail masking cannot be bypassed.
  • [ ] Rate limiting tested (login, registration, messaging, API).

Performance Testing

  • [ ] Homepage loads in <2 seconds.
  • [ ] Search returns results in <200ms (Meilisearch) or <500ms (PostgreSQL).
  • [ ] Listing page loads in <1.5 seconds (SSR).
  • [ ] Checkout completes in <3 seconds (excluding PSP redirect).
  • [ ] Concurrent user simulation (expected load + 2x headroom).

PSP Testing

  • [ ] All payment methods tested in PSP sandbox.
  • [ ] Webhook delivery and processing verified.
  • [ ] Failed payment handling tested.
  • [ ] Refund processing tested.
  • [ ] Payout to test bank account verified.
  • [ ] 3D Secure challenge flow tested.

Phase 5: Deployment & Handover

Pre-Launch

  • [ ] Production environment provisioned (EU-hosted).
  • [ ] PSP switched from sandbox to production (with live credentials).
  • [ ] SSL certificate configured.
  • [ ] DNS configured.
  • [ ] Backup strategy configured and tested.
  • [ ] Monitoring configured (uptime, error rate, response time, GMV).
  • [ ] Search index populated with production listings.
  • [ ] SEO configuration verified (sitemap, robots.txt, structured data).
  • [ ] Policy pages published (terms, privacy, acceptable use).
  • [ ] Client UAT completed and sign-off received.

Go-Live

  • [ ] Production deployment executed.
  • [ ] Smoke test: full buyer journey on production.
  • [ ] Smoke test: full seller journey on production.
  • [ ] Smoke test: live payment with real payment method (small amount).
  • [ ] Webhook delivery verified on production.
  • [ ] Search functioning on production.
  • [ ] Client notified, launch communication sent.

Post-Launch

  • [ ] Hypercare period active (2 weeks, priority support).
  • [ ] Payment monitoring daily (successful vs failed, payout status).
  • [ ] Moderation queue monitored (report volume, resolution time).
  • [ ] Search performance monitored (query latency, zero-result rate).
  • [ ] Client feedback collected after week 1 and week 2.
  • [ ] Handover documentation delivered.
  • [ ] Support and maintenance agreement activated.