RestartiX Platform

English

Română

English

Română

Appearance

Growth Roadmap

RestartiX Platform is designed to grow with the business — from a single clinic in Romania to hundreds across Europe and the US, without changing the core architecture.

Each phase has clear triggers, and every dimension of the business is covered: product, compliance, infrastructure, certifications, team, and documentation.

Phase 1 — Launch (current)

Goal: First paying clinics in Romania. Prove product-market fit.

Scale: 1–10 clinics, up to 100,000 patients

Product

  • Core features live: scheduling, patient management, forms & consent, treatment plans, exercise library, video consultations, documents & PDF, automations
  • Clinic app and Patient Portal functional for daily operations
  • Console for platform management and onboarding new organizations
  • White-label branding per clinic (logo, colors, subdomain)
  • Data Processing Agreement (DPA) template — signed with every clinic
  • Sub-processor list published and maintained (AWS, Clerk, Daily.co, etc.)
  • Data Protection Impact Assessment (DPIA) completed
  • Data Protection Officer (DPO) designated
  • Record of Processing Activities (ROPA) drafted
  • Master Service Agreement (MSA) and Terms of Service finalized
  • Privacy policy and cookie consent on all patient-facing surfaces
  • Romania-specific: telemedicine regulations reviewed, specialist licensing verification in place
  • Breach notification procedure documented (72-hour GDPR requirement)
  • Incident response plan written and tested

Infrastructure

  • Single-region deployment on AWS (EU — Frankfurt)
  • ECS Fargate (Core API + Telemetry API + Clinic + Portal + Console + pgbouncer), RDS PostgreSQL (Multi-AZ), ElastiCache Redis, S3, Cloudflare at the edge (DNS + CDN + WAF + Cloudflare for SaaS for per-tenant custom domains)
  • Terraform IaC with state in S3 (native conditional-write locking)
  • Automated CI/CD via GitHub Actions, manual approval gate before production
  • Daily encrypted backups with 7-day point-in-time recovery
  • ~$545/month infrastructure cost (telemetry sub-stack TBD)

Certifications

  • No mandatory certifications yet, but the platform's clinical features (treatment plans, progress tracking, adherence monitoring) already qualify it as a medical device under EU MDR — see Medical Device Classification
  • Begin low-cost certification prep:
    • Add requirement IDs to feature specs during development
    • Note safety implications in exercise library and treatment plan features
    • Preserve full git history as change evidence
    • Keep audit log append-only and immutable
  • Begin Class I registration process (EUDAMED → GS1 → ANMDMR) — can run in parallel with development

Documentation & Processes

  • Platform docs site live (this site) covering product, security, and compliance
  • Architecture and feature specs maintained for development team
  • Compliance checklist tracked and updated per clinic onboarding
  • Onboarding runbook for new clinics

Team & Operations

  • DPO designated (can be part-time or outsourced at this scale)
  • Customer support process for clinic staff and patients
  • On-call rotation for critical incidents

What success looks like

3–5 clinics actively using the platform daily. Stable operations, no data incidents, positive clinic feedback. Revenue covers infrastructure costs.

Phase 2 — Regional Growth (months 12–24)

Trigger: Active clinics exceed 10, or database reaches 100 GB

Goal: Grow across Romania and neighboring EU markets. Prove scalability.

Scale: 10–50 clinics, up to 500,000 patients

Product

  • All Phase 1 features mature and battle-tested
  • Patient segments and automation workflows in active use
  • Webhook integrations enabling clinics to connect CRMs, billing, and EHR systems
  • Localization: Romanian, English; add languages as markets require (Hungarian, Bulgarian, etc.)
  • Clinic-specific exercise libraries alongside platform-curated content
  • DPA signed with every new clinic — process streamlined
  • GDPR compliance audit (internal or third-party) completed at least once
  • Cross-border data transfer documentation (Standard Contractual Clauses) if onboarding clinics outside Romania
  • Data retention policies configured per clinic (aligned with national healthcare record laws)
  • Sub-processor list updated as new vendors added

Infrastructure

  • RDS read replicas added to separate read/write load (~70% of traffic is reads)
  • Redis upgraded for growing session and cache volume
  • Monitoring and alerting matured (CloudWatch dashboards, anomaly detection)
  • ~$1,200–1,400/month infrastructure cost

Certifications

  • Class I registration completed (EUDAMED, GS1 UDI codes, ANMDMR national database) — platform legally on the EU market via Rule 13
  • Product dossier prepared (risk analysis, essential requirements, post-market surveillance plan)
  • Own QMS established (non-certified, sufficient for Class I)
  • Class IIa certification prep begins:
    • Engage regulatory consultant (EU MDR / IEC 62304 experience)
    • Draft Software Development Plan (SDP) aligned with IEC 62304
    • Begin ISO 14971 risk management file (hazard analysis for clinical features)
    • Create SOUP (Software of Unknown Provenance) inventory
    • Map requirement traceability: feature spec → code → test
    • Clinical validation studies planned for measurement tools (goniometer, posture analysis)

Documentation & Processes

  • Quality Management System (QMS) foundation established (needed for ISO 13485 later)
  • Risk management file started (ISO 14971)
  • Formal change control process for clinical features
  • Internal training documentation for new team members
  • Clinic admin guide published

Team & Operations

  • Dedicated support channel for clinics (not just email)
  • Regulatory consultant engaged (part-time)
  • Consider hiring or contracting: QA engineer, DevOps/SRE

What success looks like

20+ clinics across multiple cities. Infrastructure handles load without manual intervention. Certification groundwork laid. Monthly recurring revenue covers team costs.

Phase 3 — Dedicated Tenancy Mode + Medical Device Certification (months 24–36)

Trigger: First paying dedicated-mode clinic contract closes, OR active clinics exceed 50 (Phase 2 ceiling), OR Class IIa certification process completes — whichever comes first.

Goal: Two tenancy modes operationalized. Medical device certification achieved. Multi-country EU presence.

Scale: 50–150 clinics, up to 1,000,000 patients (still single shared Postgres — sharded / dedicated-infrastructure tiers are permanently out of scope; see CLAUDE.md → Project Overview and features/platform/tenant-isolation.md)

Product

  • Two tenancy modes fully operationalized:
    • Shared (default) — pooled platform infrastructure with logical isolation; "Powered by RestartiX" attribution; shared patient_profiles across the platform's network of shared-mode clinics; standard SMB pricing
    • Dedicated (premium) — dedicated auth-provider organisation per tenant; isolated patient identity; sales-negotiated terms
  • Dedicated-mode runtime feature built — the runtime + ops templating deferred during foundation goes live; see features/platform/tenant-isolation.md → Deferred design surface
  • Clinical measurement tools (virtual goniometer, posture analysis, movement quality assessment) launched with CE marking
  • Advanced analytics and reporting for clinic administrators
  • API keys for clinics to build custom integrations (available on both tenancy modes)
  • Per-tenant operational templating (custom DNS, TLS cert, branded SES sender, SMS sender ID, Daily.co domain) — available on either tenancy mode as visual-branding customizations
  • SLA agreements formalized for dedicated-mode / negotiated-contract clinics (uptime, response time, data recovery commitments)
  • Dedicated-mode DPA template (tenant-as-sole-controller, platform-as-pure-processor) finalized — see features/platform/tenant-isolation.md → Deferred design surface
  • Cyber liability insurance obtained
  • Annual GDPR compliance audit (third-party)
  • Data residency guarantees formalized per contract (region selection at the org level, not infrastructure-level)

Infrastructure

  • Vertical RDS scaling (db.r6g.largedb.r6g.xlarge → larger as load grows) — see scaling.md → Beyond Phase 2
  • Read replicas matured for the 70% read-heavy traffic mix
  • Larger Redis tier for growing cache footprint
  • Per-dedicated-tenant operational infrastructure (DNS, ACM cert, Clerk org, SES sender, SMS sender, Daily.co domain) provisioned via templated runbook
  • Single shared Postgres remains the architecture — no dedicated-infrastructure fleet
  • ~$1,800–2,500/month base infrastructure cost
  • Per-dedicated-tenant operational overhead: ~$100–300/month each (third-party services + monitoring)

Certifications

  • EU MDR Class I registration maintained and operational (EUDAMED, ANMDMR)
  • EU MDR Class IIa certification in progress or completed — the proper classification for the platform's full clinical feature set under Rule 11
    • Clinical validation studies completed for measurement tools
    • Notified Body audit passed
    • CE marking obtained for all clinical features
    • Post-market surveillance plan active
  • ISO 13485 (Quality Management System for medical devices) — certified or in final stages. Required for Class IIa
  • IEC 62304 compliance demonstrated (software lifecycle documentation)

Documentation & Processes

  • Full QMS operational (ISO 13485)
  • Risk management file complete and maintained (ISO 14971)
  • Traceability matrix: requirements → design → implementation → verification
  • Post-market surveillance procedures documented
  • Clinical evaluation report written
  • Technical file / design dossier assembled for Notified Body
  • SLA monitoring and reporting automated
  • Dedicated-tenant onboarding runbook templated (DNS, certs, branding, auth-provider org provisioning)

Team & Operations

  • Security officer designated (required before US expansion)
  • Regulatory/compliance lead (full-time or senior consultant)
  • Account management for dedicated-mode clinics
  • 24/7 on-call rotation for production incidents (across both tenancy modes)
  • Formal incident response team
  • Dedicated-tenant onboarding lead — templated process means days-not-weeks per new clinic

What success looks like

80–120 shared-mode clinics + 5–15 dedicated-mode clinics paying. CE marking achieved for core clinical features. Multi-country EU presence (Romania + 1–2 neighboring markets). Annual recurring revenue covers an expanded team and certification surveillance costs.

Phase 4 — International Expansion (months 36+)

Trigger: 100+ clinics, OR a regulatory requirement for per-tenant data residency (e.g., a German clinic requires data in eu-central-1 while Romanian clinics stay in eu-west-3), OR US market entry funded.

Goal: Enter the US market. Multi-region operations for data residency. Global scale.

Scale: 100–1,000+ clinics across multiple regions

Product

  • Multi-region support for data residency: per-tenant region selection (a clinic's data lives in one region, chosen at provisioning time)
  • Full localization for target markets (languages, date/time formats, currency)
  • Region-specific feature toggles (e.g., US billing codes, EU prescription formats)
  • Native mobile app for patients (if PWA proves insufficient for specific use cases)
  • Advanced telerehab features with AI-assisted movement analysis
  • US market entry:
    • HIPAA Business Associate Agreements (BAAs) signed with all sub-processors
    • Annual security risk assessment (HIPAA requirement)
    • Workforce HIPAA training program established
    • US legal entity and contracts
  • EU continued:
    • Per-tenant data residency enforced at the org level (region selection persisted on organizations)
    • Cross-border transfer mechanisms maintained (SCCs, adequacy decisions)
    • Annual GDPR audits continue
  • Cyber liability insurance extended to US operations

Infrastructure

  • Multi-region deployment for data residency: EU (Frankfurt) + US (Virginia) at minimum
  • Each region runs an independent shared Postgres — clinics are pinned to one region at provisioning, no cross-region clinical data flow
  • Architecture stays single-DB per region; no sharding within a region
  • ~$3,000–5,000/month base infrastructure cost (≈2x Phase 3 base for two regions)

Certifications

  • FDA 510(k) or De Novo classification for US market (if clinical measurement tools are offered in US)
  • SOC 2 Type II audit completed (increasingly expected by US dedicated-mode and large clinic clients)
  • EU MDR certifications maintained with annual surveillance
  • ISO 13485 recertification on schedule

Documentation & Processes

  • US regulatory submissions prepared (FDA)
  • SOC 2 policies and evidence collection automated
  • Multi-region disaster recovery plan tested
  • Compliance documentation maintained per jurisdiction
  • Post-market surveillance reports filed annually with EU authorities

Team & Operations

  • Regional operations leads (EU, US)
  • Dedicated compliance team (GDPR + HIPAA + medical device)
  • Regional support teams (timezone coverage)
  • Security officer (full-time, HIPAA requirement)
  • Clinical advisory board for measurement tool validation

What success looks like

Platform operates across regions for data residency. Multi-country EU + US presence. Annual recurring revenue exceeds $1M. Full regulatory compliance in both EU and US markets. Recognized as a certified medical device platform.

What stays the same across all phases

The core architecture doesn't change. What changes is infrastructure, legal structure, and team size.

Stays the sameChanges between phases
Application code and API contractsNumber and location of database servers
Row-Level Security for data isolationPricing tiers and SLA commitments
How clinics experience the productLegal entities and contracts per region
Compliance enforcement (audit trail, encryption)Team size and specialization
Patient data portability modelCertification scope and regulatory filings

Technical details

For infrastructure specifics, connection math, and cost breakdowns, see the development docs:

  • AWS Infrastructure — Full AWS topology, sizing, and cost shape (ECS Fargate, RDS, Cloudflare edge)
  • Scaling Architecture — Phase-by-phase infrastructure evolution with connection pool math