Skip to main content

Non-Functional Requirements

Beyond feature completeness, the platform was held to explicit quality targets across performance, security, usability, reliability, and maintainability. Actual results measured after deployment are covered in Results & Analysis.

Performance

  • 95% of page loads complete within 2 seconds under normal load.
  • The system supports up to 100 concurrent users during peak periods.
  • The architecture is designed to absorb a 300% increase in users without a major redesign.

Security

  • All personally identifiable information is encrypted in transit (TLS 1.2 or later) and at rest.
  • Role-based access control is enforced on both frontend routing and backend endpoints — a frontend restriction is never the only guard.
  • Input is sanitized to defend against SQL injection and cross-site scripting.
  • Sessions time out after 30 minutes of inactivity and are backed by secure, HTTP-only cookies.

Usability and accessibility

  • Core tasks are completable within 10 minutes with no prior training.
  • The interface is responsive from 320px viewports up to 1920px.
  • The design targets WCAG 2.1 Level AA guidelines.

Reliability and availability

  • The system targets 99.5% operational uptime.
  • Service failures degrade gracefully; fault tolerance is built into the API layer rather than assumed away.
  • Database referential integrity is enforced through PostgreSQL constraints, not application code alone.

Maintainability and support

  • The codebase follows an MVC pattern with a clear separation of concerns.
  • Structured logging supports debugging and monitoring in production.
  • Deployment is fully automated and version-controlled, running from GitHub through to Vercel and Render on every merge.