The hiring plan, vendor stack, city-launch playbook, ABDM and DPDP compliance roadmap, and the honest accounting of what could kill us — with mitigations.
M0–3: Product Manager, Senior Backend Engineer, Mobile Lead. M3–6: AI/ML Engineer, Growth Marketer, City Ops Manager #1. M6–12: City Ops #2, Customer Support Lead (3 agents), Compliance Officer. M12–18: CFO/Finance Head, Partnerships Lead, Data Analyst. Total: 14 hires.
Tier 2 hiring keeps costs 30–40% below Bangalore. Engineering leads ₹15–20 L. Mid-engineers ₹8–12 L. Ops/support ₹4–7 L. ESOP top-up for senior roles — cash conservation strategy. Founder takes minimal salary until Series A.
AWS Mumbai ~₹1.5 L/mo (scales with users). Razorpay 2% MDR. WhatsApp Business API ₹50K/mo. Twilio SMS ₹30K/mo. Mixpanel + PostHog analytics ₹40K/mo. Sentry + Datadog monitoring ₹25K/mo. Zendesk support ₹20K/mo. Total infra ~₹3 L/mo at scale.
Primary: AWS Mumbai. DR: AWS Hyderabad. Daily encrypted backups, 30-day retention, 1-hour RPO, 4-hour RTO. Vault data never leaves India. Disaster runbook tested quarterly. Compliant with DPDP Act 2023 data localization expectations.
30-day launch sequence per city: (1) 5 clinic partnerships signed. (2) 1 diagnostic lab integrated. (3) 10 ASHA workers trained. (4) WhatsApp seed communities live (500 members). (5) Regional content calendar populated. (6) Local PR & influencer kickoff. (7) Launch event with first 100 families.
Small HQ in India (low-cost Tier 2 city), remote-friendly for engineering. Quarterly all-hands. Asynchronous-first communication. Code reviews mandatory. Weekly product demos. Founder mindset embedded: "Think like a founder, code like an architect."
Phase 1 — ABHA registration support (M3). Phase 2 — ABDM sandbox integration (M4–6). Phase 3 — certification submission (M6–9). Phase 4 — production-grade ABDM-compliant vault (M9–12). Phase 5 — HPR/HFR provider integration (Y2).
Consent manager built in. Purpose limitation logged per data access. User rights: access, correction, erasure, portability. Data Protection Officer appointed by Series A. Breach notification protocol within 72 hours. Children's data (under 18) has verifiable parental consent gates.
2020 MoHFW/MCI Telemedicine Guidelines compliance for doctor-consult feature. Doctor verification via NMC registration check. Prescription protocol — only RMPs prescribe. Documentation retained for 3 years. No prescribing of scheduled drugs via platform.
Open question: do AI insights make us a SaMD under CDSCO? Position our AI as "wellness guidance, not diagnosis" to stay in Class A or non-device. Engage a regulatory consultant in Phase 1. If classification changes, prepare CDSCO Class A registration pathway.
We do not sell insurance — we're a tech platform partner. Revenue share arrangements with IRDAI-licensed insurers stay legal. If we ever facilitate sales, we register as an Insurance Web Aggregator. Roadmap option, not Day-1 requirement.
If we flag drug interactions or dosage issues, we carry medical-product liability. Mitigation: (1) clear "informational, consult pharmacist" framing. (2) sourced from licensed pharmacopeia databases. (3) clinical board signoff. (4) professional indemnity insurance.
Appzcart Pvt Ltd: ADT-1, AOC-4, MGT-7, board resolutions, statutory audit. GST monthly. TDS quarterly. PF/ESI as headcount grows. ROC compliance via company secretary on retainer.
AppzCode AI Research Federation maintained as a clean Section 8 entity for grants and CSR — not for Appzcart product revenue. Clear arm's-length separation. Inter-entity transactions documented and at fair market value. Protects both entities under audit.