Non-Functional Requirements
Beyond feature completeness, the platform was held to explicit quality targets across performance, security, usability, reliability, and maintainability. Actual results measured after deployment are covered in Results & Analysis.
Performance
- 95% of page loads complete within 2 seconds under normal load.
- The system supports up to 100 concurrent users during peak periods.
- The architecture is designed to absorb a 300% increase in users without a major redesign.
Security
- All personally identifiable information is encrypted in transit (TLS 1.2 or later) and at rest.
- Role-based access control is enforced on both frontend routing and backend endpoints — a frontend restriction is never the only guard.
- Input is sanitized to defend against SQL injection and cross-site scripting.
- Sessions time out after 30 minutes of inactivity and are backed by secure, HTTP-only cookies.
Usability and accessibility
- Core tasks are completable within 10 minutes with no prior training.
- The interface is responsive from 320px viewports up to 1920px.
- The design targets WCAG 2.1 Level AA guidelines.
Reliability and availability
- The system targets 99.5% operational uptime.
- Service failures degrade gracefully; fault tolerance is built into the API layer rather than assumed away.
- Database referential integrity is enforced through PostgreSQL constraints, not application code alone.
Maintainability and support
- The codebase follows an MVC pattern with a clear separation of concerns.
- Structured logging supports debugging and monitoring in production.
- Deployment is fully automated and version-controlled, running from GitHub through to Vercel and Render on every merge.
Related pages
- Test Strategy for how each of these targets was validated.
- Deployment Guide for how automated, version-controlled deployment is configured.