A secure, compliant communication platform designed for international SMB procurement teams with enterprise upsell capabilities.
- Real-time Team Chat: Secure messaging with supplier/partner guest spaces
- Vendor Management: Complete vendor directory with profiles, compliance docs, and scorecards
- Approval Workflows: Built-in approval flows with quick-approve buttons and audit trails
- Compliance-First: ISO27001/SOC2 ready with audit-ready message retention
- File Management: Automatic cataloging to spend library with antivirus scanning hooks
- Smart Notifications: Email + mobile push for urgent approvals, compliance digests
- Multi-factor authentication (MFA)
- Single Sign-On (SSO) with Azure AD/Okta
- Role-based access control (RBAC)
- Data residency controls
- Audit trail and compliance reporting
- Integration marketplace (ERP, e-signature, SIEM)
- Customer-managed encryption keys
- Multilingual UI support
- Timezone-aware notifications
- Regional regulatory templates
- Cross-border compliance tools
- Backend: NestJS (TypeScript) with WebSocket support
- Frontend: Next.js (React) with TypeScript
- Mobile: React Native (Expo)
- Database: PostgreSQL (transactional data)
- Cache/Queue: Redis
- Search: Elasticsearch/OpenSearch
- Storage: S3/GCS with ClamAV antivirus
- Real-time: Socket.IO
procurement-whatsapp/
βββ backend/ # NestJS API + WebSocket server
βββ frontend/ # Next.js web application
βββ mobile/ # React Native mobile app
βββ shared/ # Shared types, utilities, and constants
βββ docs/ # Documentation
βββ infrastructure/ # Docker, K8s, CI/CD configs
- Node.js 18+
- PostgreSQL 14+
- Redis 7+
- Docker (optional)
# Install all dependencies
npm run install:all
# Set up environment variables (copy .env.example files)
cp backend/.env.example backend/.env
cp frontend/.env.example frontend/.env
# Start PostgreSQL and Redis (via Docker)
docker-compose up -d postgres redis
# Run database migrations
npm run migration:run --workspace=backend# Start backend (API + WebSocket server)
npm run dev:backend
# Start frontend (separate terminal)
npm run dev:frontend
# Start mobile app (separate terminal)
npm run dev:mobile- Auth: JWT, OAuth2, MFA, SSO integration
- Users: User management, roles, permissions
- Chat: Real-time messaging, threads, channels
- Vendors: Vendor directory, profiles, compliance docs
- Approvals: Workflow engine, approval chains, notifications
- Compliance: Audit logs, retention policies, export tools
- Files: Upload, storage, virus scanning, cataloging
- Integrations: ERP connectors, e-signature, SIEM hooks
- Notifications: Email, push, SMS, digest generation
- Modern, responsive dashboard
- Real-time chat interface
- Vendor management UI
- Approval workflow interface
- Compliance reporting dashboard
- Admin control panel
- File browser and spend library
- End-to-end TLS encryption
- At-rest encryption for sensitive data
- Granular permission system
- Activity logging for all actions
- MFA support (TOTP, SMS)
- Optional customer-managed keys
- Regular security audits
- OWASP compliance
- ISO27001 ready
- SOC2 Type II preparation
- GDPR compliant
- Data residency controls
- Audit-ready retention
- Legal hold capabilities
- Automated compliance reports
- SIEM integration hooks
- Core chat functionality
- Vendor directory
- Basic approval workflows
- Audit logging
- File management
- Email notifications
- SSO integration (Azure AD, Okta)
- SOC2 certification
- Advanced audit exports
- Integration marketplace
- Mobile app launch
- AI assistant (thread summarization, PO extraction)
- Spend analytics dashboard
- Supplier risk scoring
- Predictive compliance alerts
- Vetted supplier marketplace
Please read CONTRIBUTING.md for details on our code of conduct and development process.
This project is licensed under the MIT License - see the LICENSE file for details.
- Documentation: docs.procurementwhatsapp.com
- Email: support@procurementwhatsapp.com
- Slack Community: Join here