Ziyut Al Adaa – Mobile Application Technical Project Specification, Acceptance Criteria & Payment Milestones FINAL – SCOPE LOCKED VERSION 1. Purpose of the Application The mobile application is designed for corporate customers of Ziyut Al Adaa and provides: Access to financial documents Viewing of payments made Viewing of account balances and future dues Ability to place new product orders Access to the company’s official social media pages Direct communication with Ziyut Al Adaa via WhatsApp or Viber The application is a B2B customer portal. It is not an e-commerce retail application and not a consumer app. 2. Registration & KYC Process (Onboarding Flow) Each onboarding step appears on a separate screen, in the following order: Language selection (English / Arabic / Kurdish – RTL enabled where applicable) Phone number submission Selection of OTP delivery method (WhatsApp / Viber / SMS) OTP code entry Upload of ID front side Upload of ID back side (if required) Selfie verification (≥80% face-match accuracy) Upload of customer installation photo Automatic GPS coordinate capture GPS Rules Accuracy ≤ 10 meters Mock-location detection enabled Manual coordinate entry not allowed Registration completed — Account activation is performed manually by a Manager. Until activation, account status remains Pending. 3. Customer Locations (Multiple Points of Sale) A single customer may have multiple points of sale / installations (locations). Common Identifier (MANDATORY) The customer’s mobile phone number is the single common identifier One mobile number = one customer account All locations are linked under the same customer profile Locations are not separate users Location Source All locations are retrieved from SQL Each location represents a distinct installation, delivery, or operational point Location Selection The user must be able to: View all locations linked to their mobile number Select which location is currently active Location Context Rules The selected location defines the context for: Sales Documents Customer Collections Customer Summary New Orders GPS validation All displayed data must relate only to the selected location, while authentication remains common via the mobile number. 4. GPS Location Rule (Per Location) GPS verification is location-specific Each location has its own GPS coordinates If valid GPS coordinates have not been captured for the selected location: New Order is disabled for that location Financial information remains visible 5. Main Menu Structure Sales Documents Customer Collections Customer Summary New Order Settings Facebook TikTok Instagram Chat About 6. Chat – Direct Communication Opens WhatsApp if WhatsApp was selected for OTP Opens Viber if Viber was selected SMS selection defaults to WhatsApp (fallback to Viber) There is no in-app messaging system. 7. Sales Documents – Detailed Page Behavior Displays issued sales documents for the selected location. Each document displays: Document date Document number Document type Total amount Currency Rules: Read-only Data retrieved from SQL Views Sorted by most recent No editing, deletion, download, or payment actions 8. Customer Collections – Detailed Page Behavior Displays payments already made for the selected location. Each payment displays: Payment date Payment amount Currency Reference / description Rules: Read-only Data retrieved from SQL Views Sorted by most recent payment 9. Customer Summary – Detailed Page Behavior Displays a financial overview for the selected location. Displays: Current outstanding balance Future due amounts Currency shown per line Rules: Read-only No currency conversion Values displayed exactly as returned by backend 10. New Order Module Brand Selection (Static) Cyclon TotalEnergies Klüber Lubrication Category Selection Retrieved from SQL Product List Each product displays: Small packaging image Product code Description Quantity input field (manual, no + / – buttons) Layout must support large product volumes efficiently. Order Submission Fixed Place Order button Enabled only when quantity > 0 Order created for selected location OrderLines created via API 11. Backend Requirements APIs Registration & OTP File uploads (ID, selfie, installation photo) Customer locations Sales documents Payment history Customer summary Product list Order submission Database SQL Views for financial data Orders table OrderLines table Locations table Installation photos & GPS table Logging tables (audit & debugging) Access Control One SQL user: Read: SQL Views Write: Orders, OrderLines, Installation/GPS Credentials controlled by Ziyut Al Adaa 12. Multi-Currency Support Supported currencies: IQD USD EUR Rules: Display values exactly as returned No currency conversion Currency field mandatory in API 13. Security Requirements (MANDATORY) TLS 1.2+ for all communication Secure file upload handling Backend validation for all inputs Mock-location detection enabled GPS accuracy enforcement (≤10 m) No sensitive data stored unencrypted on device Principle of least privilege for DB access Logging of: OTP failures Order creation GPS validation attempts 14. Performance & Reliability Acceptance Criteria The application is considered ACCEPTED only if: OTP delivery ≤ 30 seconds Order submission ≤ 5 seconds (API round-trip) UI maintains ~60 FPS on supported devices Product lists load smoothly with large datasets Graceful handling of network failures “No connection” banner shown when offline Limited offline cache for last-viewed data 15. Technical Requirements Android 10+ (Target SDK 34) iOS 17+ Light & Dark mode Full RTL support (Arabic & Kurdish) Modular, maintainable architecture Easily extensible for future features 16. Push Notifications (MANDATORY) The application must support system push notifications. Notification Triggers A push notification is sent when: Sales Document Issued Invoice or sales document created Includes document type, number, amount, currency, location Payment Registered Payment recorded Includes amount, currency, location Order Created Order successfully submitted Includes order reference and location Rules Notifications are informational system messages No user enable/disable controls are provided Tapping a notification opens the app on the relevant screen Notifications must be location-aware Technical Implementation Firebase Cloud Messaging (Android) Apple Push Notification Service (iOS) Device tokens stored server-side Notifications triggered by backend events 17. About (Informational Only) Includes: Company information for Ziyut Al Adaa Brand representation: Cyclon TotalEnergies Klüber Lubrication Informational reference to group companies: XLNT (Greece) Fidus Mercari Ltd (Cyprus) All transactions and operations relate exclusively to Ziyut Al Adaa. 18. Excluded from MVP Multi-company workflows Admin web portal Advanced analytics dashboards Advanced UI animations 19. Design, Demo & Deliverables Figma Complete Figma for all screens RTL & Light/Dark included Written approval required before development Demo Fully navigable demo All screens accessible Dummy data allowed 20. Code Ownership & Delivery Full source code ownership belongs to Ziyut Al Adaa Includes mobile apps, backend (if any), configs, scripts Delivery via Git repositories with full commit history Compiled-only delivery is not acceptable 21. Payment Milestones (100%) Milestone 1 – UX/UI Design (Figma): 15% Milestone 2 – Clickable Demo: 10% Milestone 3 – Core Mobile Development: 30% Milestone 4 – Backend & SQL Integration: 30% Milestone 5 – Final Delivery & Handover: 15% 22. Scope Protection Clause Any functionality not explicitly described in this document is OUT OF SCOPE and cannot be charged additionally without written approval from Ziyut Al Adaa.