PLEN
Let's talk
All case studies
Stealth mode · pre-launchSaaS · Aesthetic medicine2025, ongoing
Case Study #01

Med4You.
From MVP
to a live product.

The first production version was built in 12 working days. Then came two further development phases: iteration after real usage and product scaling. The relationship continues, because nobody has to relearn the context from scratch.

12 days
Phase I: first product version
~50
features across three phases
Med4You · v0.3 · production
12 screens · 3 phases
Patient list
Before/after comparison
Patient profile, visit timeline

Medical documentation
in one place.

Med4You · production screenshotsPatient list · Comparison tool · Visit timeline
12 days
Phase I: first version
Working days. 28 requirements, design, code and deploy.
+18 days
Phase II: iteration
Additional working days after feedback from real usage.
+24 days
Phase III: in progress
A separate development phase: AI, GDPR, modules and desktop.
~50
Features after three phases
Including 6 AI modules: prescription, documentation, label and notes.

The 12 days refer to the first product version. The following numbers show separate development phases, not one combined sprint.

Introduction00 / Problem

Kasia is an aesthetic medicine doctor. Like hundreds of other specialists in Poland, she kept treatment documentation and patient photos on her own phone. Every new patient, a new folder. iOS notes, GDPR-sensitive data scattered everywhere, and comparing effects after a year was impossible without manual scrolling.

Together with Tomasz, the business and technical co-founder, they decided to solve it. That is how Med4You was born: a SaaS product for aesthetic medicine treatment documentation.

They came to me with a vague idea and one question: can this be built?

That was a few months ago. Today the project is in its third development phase.

IAct

The first product version in 12 working days.

Challenge #1: separating doctor and patient roles.

A doctor must be able to create a patient record even when the patient has no account in the application. But if the patient later decides to log in, their history must attach to them. Doctor and patient can edit the same profile, but their entries must be visually distinct and sharing permissions must be controlled.

It sounds like a detail. In practice it is the foundation of the entire database architecture and permissions logic.

One screen, two roles.
The doctor writes. The patient gets their own version.
Med4You, doctor's patient list
Doctor
Creates a local patient record even when the patient has no account. Entries are marked “Dr Kowalska”.
Architecture
Supabase RLS moves access control from application code down to the database layer.
Screen 01Doctor/patient role separation, separate accounts, shared recordInteractive
Doctor profile
Video 01Doctor profile · mockup 3DLoop · 11 sec.

Challenge #2: medical photos under GDPR.

Every photo has EXIF metadata (location, device), requires encryption, labeling (processing purpose) and a publication policy. A botox-treatment photo cannot leave the clinic without consent. A photo for the clinic portfolio is a completely different mode. Everything is aligned with GDPR Articles 6 and 9 (medical data).

A photo is not a file. It is documentation.

MomentInitial · Before · After · Follow-up, every state described.
AngleFront, side, semi-profile and other angles; the comparison tool pairs matching shots.
StatusColor dot = entry author. Blue for patient, gold for doctor.
RODOProcessing purpose stored with every file. Encrypted storage, EU hosting.
Patient gallery with GDPR labels
Before · 2026-02-12After · 2026-02-12Semi-profile · 2025-12-05
Screen 02GDPR · photo labeling and processing purposePatient gallery

What I did.

I designed a PRD with 28 functional requirements and a full set of non-functional requirements. I built a clickable prototype with the complete application design before writing the first line of code. We walked through it with the client and caught nuances that would otherwise have surfaced halfway through the build.

Days 1–2
Foundation

Auth, roles and permissions

  • Registration and onboarding
  • Health interview
  • Supabase RLS and access policies
Days 3–5
Core CRUD

Patients and visits

  • Patient management
  • Treatment templates
  • Visit form
Days 6–8
Media · Sharing

Photos, comparison tool and sharing

  • Upload, compression and EXIF
  • Before/after comparison tool
  • Patient module + record sharing
Days 9–10
Reporting

Reports, export and doctor panel

  • PDF report generation
  • Export and PL/EN localization
  • Notifications
Days 11–12
Compliance · Ship

GDPR and deployment

  • GDPR compliance
  • Photo policies
  • Production deployment

Stack chosen for the problem, not for the CV

Next.js + TSReactSupabasePostgreSQL + RLSS3 (szyfrowane)EU hosting / GDPRPlaywright

From an empty record to effect comparison.

01 · Patient list01/06
Patient list
Select a patient or add a new record.
02 · Profile, visits02/06
Patient profile
The full history on one timeline, marked by author.
03 · Template selection03/06
Treatment template
Templates grouped into injectables, device-based and other treatments.
04 · Form04/06
Visit form
Date, specialist, product, note and treatment areas.
05 · Completed05/06
Completed visit
Autosave and draft-mode work.
06 · Compare mode06/06
Before/after photo comparison
Two shots, a slider, the same angle, the effect is visible immediately.
Screen 03Act I · MVP, wizyta od pustej karty do zapisu6 steps · interactive

After 12 days they had a working first product version, ready to use and to keep learning from real data. What usually happens to an MVP at that point? The client goes to a software house to scale it, disappears, or the developer finishes and moves to the next project. Here, something different happened.

I feel you are a bit of an owner of this product, and I appreciate it. It really sets you apart. A great mix.
Tomasz · Med4You co-founderAfter Act I
IIAct

Iteration, from MVP to live product.

Kasia and Tomasz came back after two weeks with a list of changes. Not vague claims that “something does not work”, but with real feedback from users who had started using the application.

The second phase was another 18 working days of work. The scope covered 18 new features and improvements:

II / 1
Onboarding & UX

Lower barrier to entry

  • Consultation as a simplified visit type
  • Password reset with cross-role verification
  • Small UX fixes reported by users
  • Reminders about next treatments
II / 2
Medical data

Deeper medical record

  • Two-sided notebook, doctor and patient in one thread
  • Profile photos (front, side, semi-profile) with comparison tool
  • Vision defect with versioned history
  • Complications with a catalog
II / 3
Specialization

First scope extension

  • New visit category, Dental
  • Location and dose for every injectable treatment
Doctor view
A visit recorded by the specialist.
Doctor, completed visit form
Patient view
The patient adds their own context.
Patient, their own visit entry
Screen 04Act II · two-sided notebook and shared historyDoctor vs pacjent
Patient and history view
Video 02Doctor profile · historia pacjenta w mockupie 3DLoop · 9 sec.

After phase II, the product grew from 28 features to ~46. Those additional 18 working days cost a fraction of the original budget, because the prototype and phase-one architecture were ready for it.

This is the test most MVPs fail:
whether you can keep working after deployment without rewriting from scratch.

IIIAct

Scaling: AI, GDPR and desktop.

The third phase, currently being implemented, adds another +24 working daysof development. It touches three dimensions at once.

III · AI in the product

AI reads a prescription → the “vision defect” field fills itself.

1Photo of the prescription form from the camera
2OCR → struktura: sph, cyl, axis, add
3LLM validation and suggested values
4Doctor akceptuje lub edytuje, zapis z timestampem
Visit form filled by AI
AI ✦ Auto-fill
Screen 05AI · from prescriptions to note analysis, 6 modules on the wayWow moment
III / AI
6 modules

AI features inside the product

  • Reading a prescription / optical form from a photo
  • Reading medical documentation from PDFs and galleries
  • Recognizing product labels (name + LOT)
  • Assisted visit entry from paper forms
  • Analysis of patient and doctor notes
III / RODO
Consents

Advanced legal compliance

  • On-screen signature authorization + timestamped PDF
  • SMS consent flow with 3 reminders and auto-deletion
III / Modules
Architecture

Dynamic specialization modules

  • Aesthetic / Cosmetic / Dental, selected during onboarding
  • Each module activates its own fields and terminology
  • Scaling toward further specializations without rewriting the core
  • Desktop version planned

This is no longer an “MVP”. It is a product with three specialization types, AI modules, GDPR compliance and its own design, with a plan to scale into further medical specializations.

Security · GDPR

I treat medical data like medical data.

Legal basis
GDPR Articles 6 and 9
Data access
Row-Level Security (Supabase)
Photo storage
Encrypted S3, with per-purpose policy
EXIF cleaning
Metadata stripped on upload: geolocation, device and camera timestamp
Hosting
EU, jurisdictional compliance
Consents pacjenta
On-screen signature + PDF · SMS flow
Audit
Timestamp + log of every action
My roleNo software house · one pair of hands
  1. 01
    Discovery and PRD
    Vague idea → 28 concrete functional and non-functional requirements.
  2. 02
    Full application design
    All screens, flows, color system and components before the first line of code.
  3. 03
    Clickable prototype
    The client sees what will be built before everything enters the build phase.
  4. 04
    Architecture i kod
    Stack chosen for the problem, not for the CV. Frontend, backend, database.
  5. 05
    Security and GDPR
    Articles 6 and 9, Supabase RLS, photo encryption and sharing policies.
  6. 06
    Production deployment
    CI/CD, environments and Playwright E2E tests.
  7. 07
    Iteration based on feedback
    The second and third phases were not “support”; they were product leadership.
  8. 08
    AI in the product
    Design and implementation of LLM-powered features, from prescriptions to note analysis.
  9. 09
    Marketing materials
    Copy, landing page proposals and product presentation formats.

No handovers between PM, analyst, designer and developer. One person who has known the product from day one; every next iteration is cheaper and faster because nobody has to relearn the context.

Med4You is currently in stealth mode, before public launch.

The founders have a working GDPR-compliant product, with architecture ready for scaling and further development with any team. There is a plan to expand into additional medical specializations.

After the MVP, the relationship does not end; it accelerates.

Have an idea you want
to bring to launch?

Write to meSee the live productOther case studies