Anchor on the core job. Your MVP should validate one painful workflow end-to-end with payments and onboarding, not a feature zoo. Favor boring, proven tech: React/Next.js for the front end, Node/Express or Fastify for APIs, and Postgres for relational sanity. Keep async work in queues (BullMQ/SQS) to avoid blocking user flows.
Multi-tenancy: start with a single database and per-tenant scoping using tenant_id everywhere. Add row-level security or scoped queries to prevent data leaks. Avoid premature sharding; design migrations and backups first. For file storage, isolate by tenant prefix in S3 or similar.
Authentication and billing: use a managed auth provider (Auth0, Cognito, Supabase) to avoid security footguns. Pair with Stripe Billing for subscriptions, usage-based meters if needed, and webhooks to sync entitlements. Keep roles simple (owner, admin, member) and store permissions in the DB, not the token.
APIs and contracts: version endpoints, validate payloads (zod/joi), and return typed errors. Add rate limiting early. For front end, co-locate data fetching with components and leverage caching (React Query/SWR). Render marketing and docs statically; gate the app behind auth with SSR for SEO-neutral pages only.
Observability: add structured logging, traces, and basic metrics (signup success, invite success, billing events). Set SLOs for uptime and latency. Automate backups and disaster recovery drills. Ship feature flags to iterate without redeploys. The goal is an MVP that can survive success without a rewrite.