Dark mode ๐ŸŒ™

๐Ÿ”ฌ Hairscope Clinic Platform

Requirements Documentation - Enterprise SaaS for Hair Treatment Clinics

Version 1.0.0  ยท  Status: Final  ยท  April 2025

โœ… GDPR Compliant โœ… HIPAA Compliant โœ… GraphQL API โœ… Event-Driven โœ… Multi-Tenant
๐Ÿ“‹
Master Requirements
System principles, global invariants, identity model, permission engine, time handling, ID strategy, GraphQL API standard, audit requirements, error handling, data lifecycle, performance, versioning, and extensibility.
Cross-cutting ยท GI-1 to GI-13

Core

๐Ÿ”
Identity & Access
Staff lifecycle, invite flow, authentication, roles, permissions, deactivation, deletion, multi-device sessions.
IAM-1 to IAM-7
๐Ÿข
Organization Management
Org/clinic hierarchy, self-registration, clinic profile, inter-clinic transfers, dashboards, clinic deactivation, staff availability.
ORG-1 to ORG-7
๐Ÿ“œ
Audit & Compliance
Audit log integrity and coverage, GDPR compliance, HIPAA compliance, consent management, subscription plan compliance.
AUD-1 to AUD-6
๐Ÿ—‚๏ธ
Data Ownership
Record ownership model (attribution vs responsibility), ownership table, reassignable records on staff deletion, patient and session data permanence.
OWN-1 to OWN-4
โš–๏ธ
System Invariants
Non-negotiable rules enforced across the entire platform โ€” identity, patient/session, data integrity, audit, and API/architecture invariants.
GI-1 to GI-33

Modules

๐Ÿง‘โ€โš•๏ธ
Patients
Patient profiles, global patient identity (Hairscope Care App), treatment progress graph, medical documents, GDPR erasure.
PAT-1 to PAT-5
๐Ÿ”ฌ
Sessions
Session lifecycle, products & doctor's note, report generation, AI analysis. Hair Analysis type: global images, trichoscopy (min 6 mandatory positions), annotation editing, questionnaire.
SES-1 to SES-HA-4
๐Ÿ“Š
Leads
Lead assignment mode (AUTO/MANUAL), manual entry, webhook ingestion, selfie analysis capture, staff distribution algorithm, unassigned lead management, CRM actions, conversion.
LM-1 to LM-13
๐Ÿ“…
Appointments
Service configuration with qualified staff, working hours, staff and web component booking, calendar view, status lifecycle, rescheduling, cancellation, smart scheduling engine.
APT-1 to APT-9
๐Ÿ’Š
Products
Per-clinic product catalog, cosmetic and medical types, session recommendations with routines, purchase links, prescription generation.
PRD-1 to PRD-4
๐Ÿงพ
Billing
Automatic invoice generation per session, miscellaneous charges, tax configuration, invoice finalization, PDF export, billing analytics.
BIL-1 to BIL-6

Shared

๐Ÿ“‘
Enums
Canonical enum definitions for all modules โ€” staff status, session types, lead status/source/priority, appointment status, product types, image positions, questionnaire categories, audit actions.
Canonical values
๐Ÿšจ
Error Codes
Full error code registry for all GraphQL responses โ€” auth, invite, validation, staff, patient, session, lead, appointment, invoice, webhook, and system errors.
Error registry
๐Ÿ”Œ
API Contracts
GraphQL conventions, pagination (Relay spec), subscriptions, file upload contract, webhook ingestion contract, rate limiting, async operation polling.
API standards
โšก
Event Definitions
Domain event registry for cross-module communication โ€” session, AI analysis, report, lead, appointment, staff, and invoice events with full payloads and consumers.
Event bus