AFI Companion App

A personal-finance companion app for AFI clients — built lean, owned by you, deliberately scoped to stay below Mexico's Ley Fintech regulatory line.

For: Marianita & Violeta — Arquitectura Financiera Integral · From: Pablo González Acosta — Spark Automations

Executive summary

What you're building. A mobile companion app where AFI clients connect their bank accounts via Open Banking, see their financial picture aligned to AFI's methodology, and follow a guided path toward the goals you set with them in coaching.

What Spark proposes. A 12-week build around three load-bearing modules — Bank Connection (Belvo), AFI Dashboard, and Guided Check-in — plus a compliance brief, ownership-transfer-from-day-1, and 60 days of post-launch support. Deferred features (granular budgets, multi-goal tracking, custom CMS) move to V1.1, post-launch, when real user signal informs which to build first.

Why this shape works for AFI. Belvo Open Banking gives clients real bank data instead of manual entry — the methodology lands on actual transactions, not a spreadsheet. Lean stack means AFI runs the app on ~$0–50/month at small scale. Compliance is reasoned into the scope from day one. Code, infra, and documentation transfer to AFI's name from week one. There is no version of this engagement where you depend on Spark to keep operating.

First-principles read

Before scoping features, we asked four questions. The answers shape the proposal.

a) What does AFI actually sell?

AFI sells methodology + accountability — a structured way of looking at personal finance that clients pay you to learn and apply. The app is a delivery surface for the methodology, not the methodology itself. This matters: every feature in V1 should make the methodology more legible or more sticky. Features that just imitate Fintonic / Klar / Ualá without serving the methodology are noise.

b) Buy vs build Tier 3

Mexican personal-finance apps already cover budgets, goals, and bank linking — Klar, Fintonic, Ualá, even Belvo's own Direct UI. We considered configuring one of these instead of building from scratch.

Recommendation: build. The methodology is the differentiator and none of the existing apps surface it. Configuring someone else's app would constrain how AFI's frameworks render and would lock you into their lifecycle. Building keeps both creative and economic upside with AFI.

c) Lean MVP — three modules instead of six

The standard scope for this kind of app is six modules: Onboarding, Bank Linking, Budgets, Goals, Dashboard, Education, Notifications. That covers everything anyone might want. The lean cut for V1 is the smallest set that delivers AFI's coaching loop end-to-end:

Onboarding is part of (1). Education content lives on AFI's existing site (linked from the app) until a CMS is justified by usage data. Budgets and Goals move to V1.1 — built after we see how clients actually use the dashboard, not before.

d) Regulatory fork — V1 stays below the Ley Fintech line Tier 2

Mexico's Ley Fintech (Ley para Regular las Instituciones de Tecnología Financiera, 2018) regulates two entity types: ITFs (Instituciones de Fondos de Pago Electrónico) and IFCs (crowdfunding institutions). The triggering question is custody and money movement — does the app hold or move client funds?

V1 as scoped does not cross that line: bank data is read-only via Belvo (the regulated party is Belvo, not AFI), the app never holds funds, never initiates transfers, never issues e-money. AFI remains an unregulated educational + advisory service.

Features that would cross the line, and are therefore explicitly excluded from V1:

• Holding client funds in any AFI-controlled wallet or e-money instrument
• Initiating SPEI transfers, payments, or any movement of money on behalf of clients
• Issuing debit/credit instruments or branded cards
• Accepting deposits, even temporarily for "round-up to savings" features
• Acting as intermediary between clients and any other regulated entity

If any of those are on AFI's roadmap for V1.5 or V2, we flag it in §10 and run a CNBV-counsel checkpoint before scoping.

Scope — V1 MVP

Eight user stories ship in V1. Each one is anchored to an AFI methodology principle so we can defend why it's load-bearing. Acceptance criteria are listed in Appendix A; this section is the user-visible surface.

User-facing features in V1

1. Onboarding + SSO. Email + password, plus Google and Apple SSO. Sub-3-minute first-run.
2. Bank connection via Belvo. Connect one or multiple accounts (checking, savings, credit cards). Read-only, OAuth, no credentials stored on AFI infra.
3. Transaction sync. Daily background sync. User-initiated refresh.
4. AFI Dashboard. Single screen showing AFI's "salud financiera" indicators computed against live transaction data. The methodology, made visible.
5. Categorization assist. Belvo's auto-categorization + a one-tap UI for the user to recategorize anything wrong. No manual rule engine in V1.
6. Weekly Guided Check-in. Push notification each Sunday: 3 framework questions, 1 reflection prompt, 1 nudge anchored to the user's data.
7. Coach view (read-only). Marianita and Violeta can view a client's dashboard with the client's consent. Drives coaching sessions.
8. Profile + privacy controls. Disconnect a bank, delete account, export data (LFPDPPP-required).

Explicitly NOT in V1 deferred

• Granular budgets by category. The dashboard surfaces overall trajectory; granular budget envelopes wait for V1.1 once we see whether users want them.
• Multi-goal savings tracking. One implicit goal in V1 (the AFI methodology arc). Multiple named goals → V1.1.
• Custom CMS for educational content. Education links out to AFI's existing site. CMS justified only when the AFI team is editing > 1 piece/week.
• In-app messaging between client and coach. WhatsApp/email is faster, already in your workflow, and avoids a moderation surface.
• Any payment, transfer, or e-money feature. See §2(d).
• Marketing site, app store optimization, paid acquisition. Out of scope; can be quoted separately.

Architecture

The default proposal is a Progressive Web App with an optional native wrap. This cuts maintenance overhead by an order of magnitude vs a from-scratch React Native build, and lets us ship features without app-store review delays.

Stack

Topology

Cost-to-operate at scale Tier 3 — to validate at kickoff

For comparison: an equivalent AWS EC2 + RDS + S3 stack starts around $300–500/mo even with zero users, before Belvo. Serverless wins at AFI's expected scale curve.

Security & compliance

Bank-data surface

• Belvo is the regulated entity. AFI never sees or stores bank credentials — Belvo handles OAuth directly with the bank.
• AFI receives only transaction history + balance snapshots through Belvo's API. Read-only.
• Belvo tokens are encrypted at rest, scoped per-user, revocable from the user's Profile screen.

Encryption + access control

• At rest: AES-256 (Supabase managed Postgres).
• In transit: TLS 1.3 end-to-end.
• Row-level security: Postgres RLS policies on every user-owned table — a user can only ever read their own data, enforced at the database layer not just the API.
• Coach access: requires explicit per-client consent flag in the user's profile. Logged + revocable.
• Admin access: Pablo + 1 designated AFI admin. MFA required. Audit log on every admin read.

Mexican regulatory framework Tier 2 — verified by counsel

The proposal is structured around three named bodies of law. None of them block V1 as scoped, but each carries obligations we build into the deliverables:

Hard limit: Spark provides architectural compliance reasoning. Final regulatory clearance for the launched product is AFI's responsibility, supported by AFI's counsel. We hand over the architecture analysis as part of §9 deliverables so counsel can validate without redoing the work.

Team & responsibilities

Spark side

No separate UI/UX designer line at this price point. Functional design driven by Pablo + AFI feedback. If AFI wants a brand-grade design pass, that's a separate (small) add-on quoted on demand.

AFI side

• Marianita and/or Violeta — primary point of contact, weekly 30-min check-ins, methodology content owner, sign-off on each phase gate.
• Methodology delivery — written content for the AFI dashboard framework (the indicators, thresholds, language), the weekly check-in questions, and the disclaimer/legal language.
• Account ownership — AFI creates and owns the Belvo, Vercel, Supabase, Apple Developer, and Google Play accounts. Spark configures inside them.
• Counsel touchpoint — AFI's legal counsel reviews the LFPDPPP aviso, validates the Ley Fintech architecture before launch, and signs off the CONDUSEF disclaimer. Spark provides the technical inputs.

Timeline

12 focused weeks of work, distributed across Q3 2026. Kickoff target mid-June 2026 (after RUBISCO2 hotels demo on June 9). Realistic launch window: September–October 2026. Pre-kickoff (now → mid-June) is reserved for contracting, account setup, and AFI methodology content drafting — no fee, just preparation.

Honest framing. "12 weeks" is 12 weeks of focused Pablo time, not 12 contiguous calendar weeks. Around RUBISCO2 + Miguel commitments, real elapsed time is ~16–20 calendar weeks. Each phase ends in a demo + go/no-go gate, so AFI sees progress on a regular cadence.

Each gate is a real go/no-go. AFI can pause, change scope, or terminate at any gate; pricing is pro-rated to phase completion. No "we'll figure it out at the end" surprises.

Investment

Itemized

Payment schedule

30 / 40 / 30 weighted toward Phase 2 (when most of the actual work happens) and away from upfront risk. Lower upfront than industry-standard 50 / 25 / 25.

What's included no extra cost

• All 8 user stories built, tested, and shipped to production
• Source code in AFI's GitHub organization from week 1 (private repo)
• Infrastructure provisioned in AFI's name (Vercel, Supabase, Belvo)
• Architecture, runbook, and on-call documentation
• 3-hour training session for the AFI team (recorded)
• 60 days of post-launch support included (vs the typical 30) — any in-scope bug, plus light requests / questions from the AFI team during the support window
• LFPDPPP aviso de privacidad template + data-export & deletion endpoints
• Counsel-ready architecture compliance brief for Ley Fintech / CNBV review

What's NOT included separate

• Third-party service costs: Belvo subscription, Vercel/Supabase paid tiers, Apple Developer ($99/yr), Google Play ($25 one-time). AFI pays these directly to the providers.
• Marketing, app-store optimization, paid acquisition
• Native app store wrap (Capacitor build for iOS + Android stores). Quoted separately at $9k / 3 weeks if AFI decides to ship to stores in V1. Default V1 is PWA-only.
• Dedicated UI/UX designer pass. Optional add-on at $6k / 3 weeks.
• Methodology content writing. AFI provides; Spark renders.
• Legal counsel fees for LFPDPPP / CNBV / CONDUSEF review.
• Post-warranty maintenance — see options below.

Post-support maintenance choose around day 60 post-launch

After the included 60-day support window, ongoing work happens under one of two friend-shaped arrangements:

If the AFI ↔ Spark relationship evolves into something with equity / partnership terms, both of these arrangements can fold into that. Decided then, not now.

What you own

Spark's "operations as code, automation as taste" stance means AFI never depends on us to keep operating. Practically:

Risks & assumptions

User stories — full detail

US-1 · Onboarding + SSO

As a new AFI client I want to create an account in under 3 minutes so that I can start using the app the day Marianita invites me.

Acceptance: Email + password OR Google SSO OR Apple SSO. First-run flow ≤ 6 screens. Empty-state dashboard renders with explanatory copy if no bank connected yet.

US-2 · Bank connection via Belvo

As a user I want to connect my checking, savings, and credit-card accounts via the Belvo widget so that AFI sees my actual financial picture without me typing anything.

Acceptance: Belvo Connect Widget embedded. Multiple accounts per institution supported. Connection status visible (green/syncing/disconnected). Disconnect flow tested.

US-3 · Transaction sync

As a user I want my transactions and balances to refresh automatically every day so that the dashboard reflects current reality without me touching anything.

Acceptance: Daily 6 AM CST background sync via Belvo webhook + cron fallback. Pull-to-refresh in app. Last-sync timestamp visible. Failure surfaces as a banner with one-tap retry.

US-4 · AFI Dashboard

As an AFI client I want a single screen that shows my "salud financiera" indicators using AFI's framework so that I see what Marianita and Violeta would point me to in our coaching sessions.

Acceptance: Single screen, no tabs. Renders the AFI methodology indicators (TBD with AFI in Phase 1) computed against transaction data. Each indicator has a tap-to-explain card.

US-5 · Categorization assist

As a user I want the app to auto-categorize my transactions and let me fix any mistakes so that the dashboard math is right.

Acceptance: Belvo's categorization used by default. Long-press a transaction → recategorize via dropdown. Recategorizations remembered per merchant for future transactions. No manual rule engine.

US-6 · Weekly Guided Check-in

As an AFI client I want a weekly nudge with 3 framework questions and a reflection prompt so that I stay engaged with the methodology between coaching sessions.

Acceptance: Push notification each Sunday at user's local 6 PM. In-app screen with: 3 questions (multiple choice, framework-anchored), 1 free-text reflection (optional), 1 nudge based on the week's spending (auto-generated from transaction data). Saved to user's history.

US-7 · Coach view

As Marianita or Violeta I want to view a client's dashboard with their consent so that our coaching sessions start with the data already loaded.

Acceptance: Coach role in user table. Consent flag per client. Coach sees a list of consenting clients + read-only access to each one's dashboard. Coach actions logged. Consent revocable from client's profile.

US-8 · Profile + privacy

As a user I want to disconnect a bank, export all my data, or delete my account so that I am in control as required by Mexican data protection law.

Acceptance: Disconnect bank → Belvo token revoked + transactions retained or wiped per user choice. Export data → JSON download with all user-owned rows. Delete account → soft-delete with 30-day grace, then hard-delete. All actions confirmed via email.

Data model — V1

Eight tables. RLS enabled on every user-owned table. Foreign keys + cascades documented in the migration files.

Aviso de privacidad — template Tier 2 — counsel review required

Skeleton template covering LFPDPPP Articles 15–17. AFI's legal counsel reviews and approves before publication on the AFI site and inside the app.

1. Identidad y domicilio del responsable. Arquitectura Financiera Integral, [domicilio fiscal de AFI].
2. Datos personales que se recaban. Identificación (nombre, correo electrónico), datos financieros (saldos de cuentas, historial de transacciones obtenidos vía Belvo bajo consentimiento expreso del Titular), datos de uso de la aplicación.
3. Finalidades del tratamiento. Primarias: (a) prestación del servicio de visualización financiera y acompañamiento metodológico; (b) cumplimiento de obligaciones contractuales con el Titular. Secundarias (con consentimiento expreso): mejora del servicio, comunicación de contenido educativo.
4. Transferencias. A Belvo Tecnología en Información para México, S.A.P.I. de C.V. (procesamiento de datos bancarios bajo regulación CNBV). A Supabase Inc. (almacenamiento de base de datos, EUA). A Vercel Inc. (alojamiento de aplicación, EUA). A los entrenadores designados de AFI con consentimiento explícito del Titular.
5. Mecanismos para limitar uso o divulgación. En la sección de Perfil de la aplicación: revocación de conexiones bancarias, revocación de consentimiento al entrenador, eliminación de cuenta.
6. Derechos ARCO. El Titular puede ejercer sus derechos de Acceso, Rectificación, Cancelación y Oposición mediante: (a) las opciones disponibles en el Perfil de la aplicación; (b) escrito dirigido al responsable a [correo de contacto AFI].
7. Cookies y tecnologías similares. [a definir según implementación final]
8. Cambios al aviso. AFI notificará cambios materiales con al menos 15 días de anticipación a través de la aplicación y por correo electrónico.

Note for AFI counsel: this template covers the LFPDPPP minimum. Counsel should add (a) any sector-specific disclosures CONDUSEF expects from financial-education providers, (b) explicit AML/KYC language if AFI adds those features in V1.5+, (c) the INAI registration confirmation if applicable.

Side-by-side vs prior quote neutral comparison

Both proposals address the same underlying brief. Differences below are factual; AFI evaluates which posture fits.

Both quotes are solo-developer builds on Supabase. The deltas are: (1) bank data — Belvo vs manual entry, (2) regulatory posture — written analysis vs none, (3) ownership transparency — repo-from-day-1 vs unspecified, (4) post-launch support — 60 days vs unspecified. AFI picks based on which deltas matter.