Startup — From idea to 500 users in 6 weeks
TheSkinProof — Bangladesh's first verified skincare marketplace. A full-stack e-commerce platform with product verification, AI-powered skin quiz, multi-portal architecture, and fraud detection — shipped in 6 weeks.
1 / 4
Challenge
Bangladesh's online skincare market is flooded with counterfeit and expired products — an estimated 30-40% of products sold online in South Asia are fake. Existing marketplaces treat skincare like any other product with no invoice verification, no batch tracking, and no expiry monitoring. Consumers face decision paralysis without professional guidance, and cash-on-delivery orders are plagued by velocity abuse, fake names, and rapid-fire ordering that create significant operational losses. The challenge: build a skincare marketplace where every product is verified authentic, every recommendation is personalized, and every transaction is protected against fraud — while keeping the experience seamless for buyers, sellers, admins, and warehouse operators.
Solution
We built TheSkinProof as a verification-first marketplace with four distinct portals. The core Product Verification Pipeline requires every listing to pass invoice checks, Certificate of Analysis (COA) validation, batch tracking, and expiry monitoring before going live. An AI-powered 8-question Skin Quiz generates personalized product recommendations with match-score explanations (90% test coverage on the scoring engine). Multi-signal fraud detection handles velocity abuse, name mismatches, rapid-fire orders, and high-value guest COD with a 0-100 risk scoring system. The platform features granular RBAC with 15+ permission modules and 50+ discrete actions, a complete warehouse management system with FIFO batch allocation, and Bangladesh-specific localization including bKash/Nagad/SSLCommerz payments and Pathao courier integration.
Result
Delivered a production-grade platform with 124 RESTful API endpoints, 26 database tables, 779 passing tests across 37 test suites, 75+ React components, and 45+ page-level views. The system handles multi-portal operations (Buyer, Seller, Admin with 30+ pages, Warehouse), processes real-time commission splits, and maintains sub-200ms API response times. Security architecture includes OTP-based login, HMAC-SHA256 signed cookies, Redis-backed rate limiting with 8 presets, auto-logout with inactivity detection, and immutable audit trails. The architecture has been validated to scale to 100+ vendors without schema changes.
Technical Architecture
Verification-first product pipeline with admin review queue and approve/reject workflow. AI skin quiz with 5-stage scoring: tag weight computation, skin type determination, concern prioritization, exclusion generation, and product matching. Multi-signal fraud detection with COD eligibility engine (blocks COD above risk score 75). HMAC-SHA256 session auth with nonces (no JWT). Redis sliding-window rate limiting with 8 presets (strict to relaxed). Zustand 5 for persistent client state (6 stores: cart, wishlist, auth, chat, notifications, UI). 26-table PostgreSQL schema with UUID primary keys, separate sellers table, product_drafts staging table, and 20 incremental migrations.
Problem Statement
Bangladesh's skincare market has grown rapidly, but online platforms have failed to keep pace with consumer trust expectations.
Counterfeit Products
An estimated 30-40% of skincare products sold online in South Asia are counterfeit or expired, posing serious health risks.
No Verification Standard
Existing marketplaces treat skincare like any other product — no invoice verification, no batch tracking, no expiry monitoring.
Decision Paralysis
Consumers struggle to choose products suited to their specific skin type and concerns without professional guidance.
COD Fraud
Cash-on-delivery orders are plagued by velocity abuse, fake names, and rapid-fire ordering that create significant operational losses.
Key Features Deep Dive
Purpose-built systems designed for Bangladesh's skincare market — from verification pipelines to AI-powered recommendations.
Product Verification Pipeline
Every product undergoes invoice checks, Certificate of Analysis (COA) validation, batch tracking, and expiry monitoring before going live. Admin review queue with approve/reject workflow.
AI-Powered Skin Quiz
8-question quiz generating complete skin profiles and personalized product recommendations with match-score explanations. 90% test coverage on the scoring engine.
Fraud Detection & COD Risk
Multi-signal fraud detection: velocity abuse (5+ orders/24h), name mismatch, rapid-fire orders, high-value guest COD. Risk scoring 0-100, blocks COD above 75.
Technology Decisions
| Layer | Technology | Rationale |
|---|---|---|
| Framework | Next.js 16 (App Router) | SSR for SEO, API routes colocation |
| Language | TypeScript 5 (strict) | Type safety across 6,500+ lines |
| Database | PostgreSQL 14+ | Relational integrity, UUID, full-text search |
| Cache | Redis 4.7 | Sliding-window rate limiting, session cache |
| State | Zustand 5 | Lightweight persistent stores (6 stores) |
| Payments | bKash + Nagad + SSLCommerz | 95%+ of BD digital payments |
| Courier | Pathao API | Largest courier in Bangladesh |
| Styling | Tailwind CSS v4 | Utility-first, custom design tokens |
Security Architecture
- OTP-based login with 6-digit codes (10-min expiry)
- HMAC-SHA256 signed cookies with nonces
- Redis-backed sliding-window rate limiting (8 presets)
- Auto-logout after 5 min inactivity with warning
- Immutable audit trail on every admin action
- Security headers: CSP, HSTS, X-Frame-Options, etc.
Testing Strategy
| Area |
|---|
Ready to build something similar?
Let's discuss your project and create a custom plan for your success.