Fullstack Developer Ongoing work and MVP launch
Bütçe: $10200.0
FIXED /
⭐ 5.00 (3)
Australia
react-js, python, angular, node.js, machine-learning, web-programming, django-framework, shopify, next.js, ios, android, saas
We are seeking an experienced Fullstack developer, who ideally has experience in the healthcare environment to help us take our website to MVP launch. Working with the clinical founder we are looking for a longterm ongoing committed developer to help us bring this project to life. We are seeking.
REQUIRED TECHNICAL SKILLS
Core stack — all required:
React and Next.js — production-grade, not tutorial-level
Node.js — server-side logic, API routes, job scheduling
Supabase — schema design, RLS, Storage for file uploads, PostgreSQL queries
TypeScript — type-safe development throughout
REST API integration — consuming and building APIs
THE ROLE
You will take full technical ownership of an existing Next.js/Supabase codebase and deliver 18 defined tasks across 5 fortnightly sprints. Every milestone is gated — payment releases only when deliverables are demonstrated working in production. You must be comfortable being held to concrete acceptance criteria on every task.
WHAT YOU WILL BUILD
Sprint 1 — Infrastructure and blockers
Fix a booking creation bug blocking all revenue, fix a location screen freeze preventing clients from reaching Stripe payment, stop idle AWS EC2 instances, fix therapist verification email delivery, add new onboarding database fields, and build an admin new booking alert (notification tbc? + email firing on every confirmed booking).
Sprint 2 — Booking flow and pricing
Build a per-service pricing admin panel with a Pricing Type selector (appointment-based: Initial Consultation 60 min + Follow-Up 45 min; session-based: 30/60/90 min), wire Step 4 to read prices live from admin, build a booking summary screen with required phone capture, and fix the dynamic service subtype heading.
Sprint 3 — SMS broadcast and commission
Build a simultaneous SMS broadcast to all approved matching therapists on booking confirmation — first to tap a tokenised accept link wins, all others expire. Build a commission split admin panel with global default and per-service-category override.
Sprint 4 — Payment completion and cancellation
Build SMS tap-to-complete session flow — system sends therapist an SMS at session end time, therapist taps a tokenised link on a mobile-optimised page, one tap releases Stripe escrow to therapist. Build a T-05 auto-release cron job as backstop 2 hours after session end. Build a 5-tier cancellation policy with Stripe refund automation.
Sprint 5 — Earnings, UI, testing, and launch
Build a simplified per-booking earnings view with Stripe Express Dashboard link, verify Stripe 75/25 split in production with a real transaction and configure weekly Monday payout schedule, complete mobile and responsive UI fixes, run full testing suite, and deploy to production.
Payments — Stripe Connect Express specifically:
This is the most critical technical requirement. Standard Stripe checkout experience is not sufficient. You must have prior production experience with:
Stripe Connect Express — therapist Connect account creation and onboarding via Account Links API
Stripe PaymentIntents — capture on booking, release on session complete
Stripe Transfers API — releasing 75% to therapist Connect account
Stripe Refunds API — partial and full refunds for 5-tier cancellation policy
Stripe Account Links API — linking therapist to their Stripe Express Dashboard
Stripe Webhooks — async event handling
You will be required to demonstrate Stripe Connect Express experience before Sprint 1 commences
SMS and notifications — all required:
Mobile Message REST API (mobilemessage.com.au) — or equivalent Australian SMS REST API with ability to transfer to Mobile Message
Tokenised URL generation — unique single-use links with DB storage, expiry validation, and single-use enforcement
BullMQ or equivalent job queue — delayed jobs for session-end SMS trigger and auto-release cron
Email gateway — SendGrid, AWS SES, or Mailgun for transactional emails
Slack webhook — admin notification integration
Frontend and UI:
Responsive CSS / media queries — mobile-first at 375px, 768px, and 1280px breakpoints
CSS Flexbox — specifically align-items: stretch for equal-height card grids
Google Maps JavaScript API — address resolution and pin validation in booking flow
Session storage — managing pre-auth booking data correctly without premature DB writes
Next.js dynamic routing — tokenised completion pages, suburb landing pages
Backend and database:
Supabase schema design — extending existing schema with new fields for onboarding, token storage, and health fund provider numbers
Supabase Storage — document uploads for therapist onboarding (photo ID, certificates, profile photo)
ABR API integration — ABN verification during therapist onboarding (abr.business.gov.au, free)
Scheduled cron jobs in Node.js — time-based triggers for SMS at session end and auto-release 2 hours post-session
Cloud and DevOps:
AWS EC2 (ap-southeast-2) — audit and stop idle instances, pull Cost Explorer report
Cloudflare DNS and Access — understand existing Zero Trust setup, add developer email to access policy
Environment configuration — correct management of .env variables across development, staging, and production
Deployment — deploying Next.js to existing AWS or alternative hosting
Testing — all of the following must be included in the fixed price:
Unit testing — Jest or equivalent — token generation, Stripe calculation logic, cancellation tier logic
Integration testing — Stripe + Supabase + Mobile Message working together end-to-end
End-to-end testing — full booking flow from service selection to payment receipt (Cypress or Playwright)
Mobile and cross-browser testing — iOS Safari and Chrome Android at 375px and 768px — screenshots at all three breakpoints required before each milestone payment
Production test — mandatory real-money Stripe transaction confirming 75/25 split lands correctly in both accounts before go-live. This is a hard requirement for Milestone 3 payment release.
Performance testing — 100 concurrent users without degradation, sub-1-second page load
Security — input sanitisation, rate limiting, token expiry enforcement, no raw card data on platform servers
COMPLIANCE REQUIREMENTS YOU MUST UNDERSTAND
ACMA SMS Sender ID Register — effective 1 July 2026. All SMS sent under the THERAPPY sender name must be registered via our Mobile Message account before any SMS functionality is built or tested. Do not build against the THERAPPY sender ID until registration is confirmed active.
Spam Act 2003 (Cth) — all broadcast and marketing SMS to therapists must include a functional opt-out mechanism (Reply STOP to unsubscribe).
Stripe PCI-DSS — card capture must go through Stripe Elements only. No custom card form. No raw card data on Therappy servers. Bank details (BSB/account number) must never be stored in Therappy's database — Stripe Connect Express onboarding only.
Privacy Act 1988 (APP 11) — SSL/TLS on all data transmission, secure authentication, standard database access control
Upwork'te aç