Skip to content
+
Section 04

Technical Approach

Architecture, stack choices, and the engineering strategy for Next Gen.

Architecture Principles

Our recommended architecture for VOLY Next Gen is guided by six principles that align directly with VolunteerNow's needs for scalability, maintainability, and future extensibility:

  • Cloud-Native & Scalable: Deployed on modern cloud infrastructure (AWS or Azure) with auto-scaling, containerized services, and managed databases to handle growth without re-architecture.
  • API-First Design: Every capability exposed through well-documented RESTful APIs, enabling the VOLY mobile app, agency portals, third-party integrations, and future AI services to all consume the same backend services.
  • Modular Architecture: Clean separation of concerns across domains (Volunteer Management, Agency Management, Opportunity Management, Check-in/Out, Reporting, Integrations) so that features can be developed, tested, and deployed independently.
  • Security by Design: Role-based access control, data encryption at rest and in transit, SOC 2-aligned practices, and PII handling appropriate for background check and volunteer data.
  • Progressive Enhancement: A responsive, mobile-first front-end that provides a native-like experience on mobile devices while offering full-featured desktop experiences for administrators.
  • Integration-Ready: A robust integration layer with standardized connectors for background check providers, messaging services, payment systems, and future third-party services.

Recommended Technology Stack

While we will finalize technology selections during the Discovery phase based on VolunteerNow's team capabilities and operational preferences, our recommended starting point includes:

Recommended technology stack for VOLY Next Gen
LayerRecommended TechnologyRationale
Front-EndReact / Next.js with Tailwind CSSModern, component-based UI with excellent mobile responsiveness and developer ecosystem
MobileReact Native or Progressive Web App (PWA)Cross-platform mobile experience with shared codebase; PWA option reduces maintenance overhead
Back-End / APINode.js (TypeScript) or Python (FastAPI)High-performance API layer with strong typing, excellent for both REST and future GraphQL
DatabasePostgreSQL (primary) + Redis (caching)Enterprise-grade relational database with excellent JSON support; Redis for session and cache management
Cloud PlatformAWS (recommended) or AzureMature ecosystem with auto-scaling, managed services, and strong compliance certifications
ContainerizationDocker + Kubernetes (EKS/AKS)Consistent deployment, horizontal scaling, and infrastructure as code
CI/CDGitHub Actions + TerraformAutomated testing, deployment pipelines, and reproducible environments
SearchElasticsearch or AlgoliaFast, relevant volunteer opportunity search with geo-filtering and faceted results
File StorageAWS S3 or Azure BlobScalable document and media storage with CDN integration
Messaging/QueueAWS SQS / SNS or RabbitMQAsynchronous processing for notifications, background checks, and report generation
MonitoringDatadog or AWS CloudWatch + SentryApplication performance monitoring, error tracking, and alerting

Key Architectural Components

Volunteer Experience Layer

Volunteer Experience

The volunteer-facing experience will be rebuilt as a modern, responsive application with an emphasis on speed, simplicity, and engagement. Key capabilities include intelligent opportunity discovery (with location-based search, interest matching, and availability filtering), streamlined registration and onboarding flows, QR-code-based or geolocation-enabled check-in/check-out, real-time hour tracking with automatic logging, personal impact dashboards, and push notification-driven engagement.

Agency Portal

Agency Self-Service

Agencies will receive a self-service portal that dramatically reduces their dependence on VolunteerNow staff for routine operations. This includes opportunity creation and management with rich media support, volunteer roster management and communication tools, real-time and historical reporting dashboards, background check status tracking, multi-campus/location management, and configurable notifications and workflows.

Administrative Platform

Admin Tools

VolunteerNow administrators will have comprehensive tools for platform-wide management including site configuration and branding by market, agency onboarding and management, cross-agency reporting and impact analytics, background check administration and compliance monitoring, user management and role-based access control, and system health monitoring and performance dashboards.

Integration Architecture

We will design a standardized integration layer that supports current and future integrations:

  • Background Check Providers: JDP and VeriFYI integrations rebuilt with modern API patterns, error handling, and status tracking
  • Communication Services: Email (SendGrid/AWS SES), SMS (Twilio), and push notification services
  • Payment Processing: Stripe or similar for any payment/donation processing needs
  • Mapping & Geolocation: Google Maps / Mapbox for location-based opportunity discovery
  • Identity & SSO: OAuth 2.0 / SAML for enterprise and corporate partner SSO
  • Future Integrations: Standardized webhook and API patterns for future CRM, HRIS, and third-party connections

AI-Ready Foundation

Built for AI from Day One

While the initial build focuses on core platform modernization, we will architect the system to be AI-ready from day one. This means clean, well-structured data models that can feed ML pipelines; an event-driven architecture that captures volunteer behavior signals; API endpoints designed to support future AI services (intelligent matching, predictive churn, automated outreach); and a content and communication framework that can incorporate AI-generated personalization.

SDD Advantage

Our Spec-Driven Development methodology means every architectural decision is documented in plain-language specifications before code is written. This creates a living blueprint that VolunteerNow's team can reference, understand, and evolve long after our engagement concludes.

Platform Rebuild Risks & Mitigation Strategy

Based on geniant's experience rebuilding mission-critical platforms, we have identified three key risks specific to the VOLY Next Gen engagement and have designed explicit mitigation strategies for each:

  • Risk 1: Data Migration & Legacy System Complexity — VOLY's current database contains 700,000+ volunteer records and serves 4,300+ nonprofit accounts with accumulated data from over a decade. Migration without validation could corrupt volunteer records or lose historical reporting. Mitigation: Early data audit (Week 2 of Discovery) to profile current data quality, document known issues, and establish cleansing rules. Parallel run period (first 2 weeks post-launch) where both systems are live. Documented rollback plan allowing instant reversion if data issues surface. Data validation testing at each migration stage with sign-off from VolunteerNow stakeholders.
  • Risk 2: Stakeholder Adoption & Change Management — Agencies and volunteers have relied on VOLY for years and may resist or struggle with interface changes. Slow adoption = platform underutilization and perceived failure. Mitigation: Co-design workshops in Discovery phase with actual agency staff and volunteer representatives (not just leadership) to validate UX decisions early. Phased rollout: pilot cohort (one school district) for 2 weeks, then expand based on lessons learned. Comprehensive training materials (video guides, quick-start walkthroughs, live Q&A sessions) provided to all agencies 4 weeks before launch. VolunteerNow designates 'Champions' at each campus who receive early training and act as peer support. Post-launch, weekly 'office hours' for agency questions.
  • Risk 3: Background Check Integration Complexity — Background checks (veriFYI, TazWorks) depend on third-party APIs with their own uptime, rate limits, and occasionally breaking changes. Integration failures = volunteer onboarding stalls. Mitigation: Early integration spike in Foundation Build phase (Phase 2, Weeks 7–12) with dedicated engineering time to validate API contracts, error handling, and retry logic before building the main volunteer flow. Mock background check service during development so we can test error scenarios without relying on third-party uptime. Circuit breaker pattern: if check-in fails due to background check API timeout, we degrade gracefully (check-in succeeds, background check retried in background). Fallback to manual verification workflow if API is down for extended period.

veriFYI as Independent SaaS Platform

A critical architectural requirement is that veriFYI functions as an independent, stand-alone background check platform while also being deeply integrated with the VOLY volunteer onboarding flow. This dual nature creates a sustainable business model for veriFYI and maximum flexibility for districts. We achieve this through a microservices-based integration pattern.

geniant brings direct, hands-on experience to this architecture: we served as the full-stack technology partner for backgroundchecks.com for over five years, building and operating a consumer-facing background screening platform from the ground up. That engagement covered FCRA-compliant screening workflows, identity verification integrations, adverse action processing, PII data governance at scale, and the high-availability infrastructure requirements that time-sensitive background check requests demand. The architecture decisions below are informed by that operational experience — not derived from documentation alone.

veriFYI modular independence + VOLY integration architecture
AspectArchitecture Approach
veriFYI IndependenceveriFYI will be deployed as a separately containerized service with its own database, authentication layer, and API surface. Districts can use veriFYI checks without VOLY if desired, or integrate veriFYI with other volunteer platforms. This creates a standalone revenue stream for VolunteerNow and positions veriFYI for market expansion beyond VOLY.
District-Direct OnboardingDistrict administrators can configure and manage veriFYI independently from VOLY through a dedicated admin interface. This reduces dependency on VOLY for background check workflows and gives districts direct control over compliance.
Competitive PositioningIntegrated visitor/volunteer screening platforms (Raptor, etc.) bundle background checks with their existing platform. veriFYI's standalone architecture makes it a compelling alternative for districts that want best-of-breed capabilities: VOLY for volunteer management, veriFYI for background checks. This positioning is powerful in the K-12 market.
VOLY IntegrationVOLY integrates with veriFYI through well-defined REST APIs. When a volunteer registers in VOLY, an event is published to a queue (AWS SQS); veriFYI consumes this event and initiates a background check. Status updates are pushed back to VOLY via webhooks.
White-Label UIVOLY will embed veriFYI UI components (React components) in the volunteer onboarding flow, providing a seamless experience. These components are purely UI wrappers around veriFYI's API calls — veriFYI functionality remains independent.

Student Volunteerism: MLP Architecture

Student volunteerism is not a full K-12 product launch, but rather a research-forward minimum lovable product (MLP) designed to validate the market while protecting student privacy and enabling longitudinal research. The architecture addresses four critical requirements:

  • Hour Validation System: A dedicated subsystem for validating and certifying student volunteer hours. This is the core requirement from VolunteerNow's perspective. When a student completes a volunteer shift, campus coordinators can validate the hours in the system, creating an auditable, certifiable record. This differs from adult volunteering where self-reporting is acceptable.
  • FERPA-Compliant Research Data Export: VOLY will include a research data export feature that anonymizes student volunteer data using k-anonymization and differential privacy techniques. Districts can authorize research partners (universities, nonprofits) to access this data for longitudinal studies. All exports are logged and auditable.
  • Texas Schools Project Registration: Integration with TSP infrastructure to enable districts to register student volunteers as part of their civic engagement research. VOLY provides the technical backbone for TSP data collection.
  • Congressional Award Integration: Student volunteers pursuing Congressional Awards can use VOLY to track service hours and document their impact — satisfying both the volunteer organization and the award program.
  • Growth Path: The MLP is intentionally scoped to be small at launch. It includes student registration, opportunity discovery, check-in/check-out, hour validation, and basic reporting. Future phases can add peer mentoring, financial literacy programs, or college prep features — but only with district demand and research validation.

Multi-Tenant Architecture: District, Campus, & Volunteer Hierarchy

VOLY Next Gen must support a complex multi-tenant model where a District (e.g., Dallas ISD) has visibility across all campuses, but individual Campus Coordinators see only their own campus data, and Volunteers see only opportunities relevant to their interest and location. This is implemented via:

  • Hierarchical tenant model: Each District is a top-level tenant; each Campus is a child entity within a District with its own row-level security policies
  • Row-Level Security (RLS): PostgreSQL RLS policies enforce data boundaries at the database level, not application level, so even if an attacker bypasses the app they cannot see cross-campus data
  • Standardized features across all tenants: volunteer registration, opportunity discovery, check-in/check-out, reporting framework
  • Configurable per-tenant settings: branding (logos, colors), volunteer types, forms, background check workflows, communication templates, workflow steps
  • District admin configuration UI: District admins can modify all tenant-specific settings without code changes — managed via a configuration database

Database Schema: Preventing Data Seepage Between Campuses

The database schema is designed to make data isolation explicit and enforce it at every layer:

Database schema ensuring campus data isolation
Table / ConceptDesign Strategy
Districts TableTop-level tenant. Each row represents a school district. Foreign key reference on all data-bearing tables.
Campuses TableChild entities of Districts. campus_id is the natural partition key for all campus-scoped data. Foreign key to district_id ensures referential integrity.
Volunteers TableIncludes campus_id. Volunteers register with a specific campus. PostgreSQL RLS policy: volunteers can only view/edit their own record; coordinators can view volunteers registered with their campus.
Opportunities TableIncludes campus_id. Opportunities are created by and scoped to a specific campus. RLS: campus coordinators see only opportunities for their campus; district admins get aggregated views across all campuses.
Check-In/Check-Out RecordsInclude campus_id for fast partitioning. Queries for historical data aggregation at district level use materialized views or denormalized cache to avoid expensive cross-campus joins.
Audit LogsInclude campus_id. Even if an attacker gains read access to logs, they see only their campus's actions.

FERPA & COPPA Governance for Student Volunteer Data

Student volunteerism is a new and sensitive capability in VOLY Next Gen. All student data will be treated as education records under FERPA, and additional protections apply for students under 13 (COPPA):

Student Data Governance Framework

FERPA Compliance: Student volunteer data (hours, participation records, achievements) is classified as an education record. Data is never shared outside VolunteerNow without explicit written consent from the District and parent/guardian (for students under 18). VolunteerNow controls data access; geniant has no authority to export or use student data.

COPPA Protections (students under 13): The student volunteer portal will not collect personal data beyond what is necessary for volunteering. No location tracking, no third-party cookies, no data sales. Any communications with students under 13 require verifiable parental consent. Student data is stored on US-based servers only (AWS us-east-1 or us-west-2).

Parental Consent Workflows: When a student under 18 registers to volunteer, the system initiates a parent/guardian consent workflow via email. Consent is verified and retained in the system. Data about the student is not released until consent is obtained.

Data Retention: Student data is retained only as long as the student is enrolled in the school. Upon graduation or transfer, student records are archived and no longer active in reporting queries.

Accessibility Engineering & Spanish Language Support

The Experience Design section covers our accessibility design principles. This section covers how we engineer, test, and verify WCAG 2.2 AA compliance in the codebase — and how Spanish language support is implemented at the framework level:

  • CI/CD Enforcement: Axe-core is integrated directly into the CI/CD pipeline — any new WCAG violation fails the build before code can merge to main. This prevents accessibility regressions from reaching production. Lighthouse accessibility audits run on every sprint review and are tracked as a sprint metric.
  • Sprint-Level Manual Testing: Every sprint, a QA engineer runs manual accessibility testing using keyboard-only navigation and NVDA/JAWS on Windows and VoiceOver on macOS. Screen reader tests cover the core volunteer flows (registration, opportunity search, check-in/check-out, hour reporting) with documented test cases.
  • Third-Party Audits: We engage a certified WCAG evaluator for independent accessibility audits at key project milestones (end of Design phase, end of Development phase, pre-launch).
  • VPAT Commitment: geniant will deliver a completed VPAT 2.x (WCAG Edition) at project completion. All critical and serious accessibility defects are remediated before launch — not deferred to a post-launch backlog.
  • Spanish Language Implementation: Internationalization is implemented via React-Intl with externalized string files, enabling runtime language switching without page reload. All volunteer-facing flows — onboarding, opportunity discovery, check-in/check-out, notifications — are available in English and Spanish at launch. Strings are managed separately from code so translations can be updated without a deployment.

3-Year Product Roadmap with AI Capabilities

Beyond the immediate Next Gen launch, geniant envisions a 3-year roadmap that leverages VOLY's new foundation to introduce intelligent, AI-powered capabilities while maintaining strict governance over data and bias:

3-year VOLY Next Gen roadmap with AI capabilities
HorizonTimelineKey Initiatives
Year 1 (2026–2027)Weeks 1–52Core platform modernization, veriFYI integration, student volunteerism MLP, district/campus hierarchy. Establish clean data foundation. VolunteerNow develops expertise with new platform.
Year 2 (2027–2028)Months 13–24Intelligence layer: AI-powered volunteer-opportunity matching (ML model learns from historical volunteer participation). Predictive engagement analytics (which volunteers are at-risk of churning based on activity patterns). Automated communication personalization. Demographic and impact dashboards for school boards and funders.
Year 3 (2028–2029)Months 25–36Ecosystem expansion: VOLY API for third-party integrations (PowerSchool, Peach Jar for schools). Longitudinal civic engagement scoring (tracking volunteer impact over years). VolunteerNow marketplace capabilities (non-profits can post opportunities directly). Advanced research data platform (anonymized, approved research exports for university partnerships).

Technical Debt Management: geniant commits 20% of each sprint's engineering capacity to technical debt — code refactoring, dependency updates, infrastructure hardening, and test coverage improvement. This percentage may increase to 30% in later phases as the codebase matures. Architecture Decision Records (ADRs) document all major technical choices and are reviewed bi-weekly by the Lead Architect to identify emerging debt patterns before they compound.

Data Masking & Anonymization for Approved Research

VOLY's data is a valuable asset for education research. We will enable approved research use cases while protecting individual privacy:

  • Data governance framework: approved research use cases are defined and approved by the District before any data is shared. All data exports are logged and auditable.
  • Anonymization techniques: k-anonymization (records grouped so individuals cannot be re-identified), differential privacy for aggregate statistics, field-level masking for PII in research extracts
  • Operational vs. research data: operational data (full fidelity, restricted access) powers day-to-day platform function. Research data (anonymized, aggregated) is exported only with explicit approval
  • FERPA compliance: student data in research contexts requires either district consent or falls within FERPA's research exception. All research data exports are documented with consent proof.

LLM & AI Coding Tool Policy

geniant's SDD methodology uses AI-augmented development workflows, which raises important questions about data protection that we address explicitly:

  • AI tools used in SDD: GitHub Copilot (enterprise version, no training on private code), Claude API (via geniant's enterprise account, not consumer chat.claude.ai)
  • Zero ingestion of VolunteerNow logic or data into public models: VolunteerNow specifications, business logic, and proprietary workflows are never submitted to public AI model prompts. All SDD specifications are stored in a private GitHub repository accessible only to the project team.
  • Controls: enterprise/API versions of AI tools do not use inputs for model training. All AI-generated code undergoes human code review before merge. SDD specifications are treated as confidential intellectual property.
  • Compliance: fully compliant with VolunteerNow's data protection requirements and industry standards for AI tool usage in regulated environments.

Third-Party Dependencies & Licensing

The platform will integrate with several third-party services. Here are the key ones with ongoing implications for VolunteerNow:

Third-party licensing dependencies with ongoing costs
ServicePurposeCost ModelVolunteerNow Ownership
Background Check Providers (veriFYI, TazWorks)Background screeningPer-check feeVolunteerNow account direct
Twilio or VonageSMS notificationsPay-as-you-goVolunteerNow account direct
SendGridEmail deliveryFree tier or paid tiersVolunteerNow account direct
MapboxGeolocation, opportunity mappingPay-as-you-goVolunteerNow account direct
AWS or AzureCloud infrastructureUsage-based billingVolunteerNow account direct
Datadog or CloudWatchMonitoring & alertingUsage-basedVolunteerNow account direct

Open-source licensing: All open-source libraries used will be under permissive licenses (MIT, Apache 2.0, BSD). No GPL-licensed code will be included in the delivered platform, ensuring VolunteerNow retains full control over platform licensing and distribution. All dependencies will be documented in a Software Bill of Materials (SBOM) provided at project handoff.

Data Migration Strategy

Migrating the existing VOLY data to the new platform is a critical, non-negotiable deliverable. Years of volunteer records, agency profiles, opportunity history, hour logs, and organizational relationships represent VolunteerNow's institutional memory — and zero data loss is the only acceptable outcome. Our migration approach is structured, testable, and reversible at every step.

  • Data Audit (Phase 1): During Discovery, we conduct a comprehensive audit of the current VOLY database — cataloging every table, relationship, data type, and volume. We identify data quality issues (duplicates, orphaned records, malformed entries) before writing a single migration script.
  • Schema Mapping (Phase 2): We produce a source-to-target data dictionary mapping every current field to its Next Gen equivalent. Where the new schema introduces structural changes (normalized relationships, renamed fields, new constraints), we document the transformation logic explicitly.
  • Automated Migration Scripts (Phase 3–4): Migration scripts are written as versioned, idempotent code — not one-time manual operations. This means they can be run repeatedly in test environments until the output is verified clean, then executed once in production with confidence.
  • Pilot Migration (Phase 4): We run a full dry-run migration against a production data snapshot in the staging environment. geniant and VolunteerNow staff validate record counts, spot-check data integrity, and sign off before the production cutover is scheduled.
  • Production Cutover (Phase 5): Cutover is executed during a planned maintenance window. The legacy VOLY system remains in read-only mode during the window, providing a rollback option if any issue is detected. Post-migration, we run automated reconciliation checks — comparing record counts and spot-check samples between old and new systems.
  • Historical Data Preservation: All historical volunteer hours, agency records, and participation history are migrated and remain queryable in the new platform. No data is archived or discarded without explicit VolunteerNow approval.

Migration Risk Management

The highest-risk migration scenarios — volunteers with complex participation histories, agencies with multi-year relationships, and corporate partner configurations — are identified during Phase 1 and given dedicated test cases. We do not discover data edge cases at go-live.

Source Code Repository Access & Cloud Environment

VolunteerNow will have complete ownership and control of all code and infrastructure:

  • VolunteerNow will be the primary owner of the GitHub (or Azure DevOps) repository from day one — not just granted read access at project end. geniant has write access during development, which is revoked post-launch.
  • All infrastructure will be deployed to a cloud account owned by VolunteerNow (not geniant). geniant has delegated administrative access during development, which is revoked at project completion.
  • VolunteerNow retains full rights to all codebase, infrastructure configurations, design assets, and project artifacts. No licensing restrictions.
  • Recommended hosting environment: AWS with us-east-1 as primary region (Virginia data center) for cost and latency optimization. Alternative: Azure US regions if VolunteerNow has enterprise agreements. Data residency: all data stored in US-based regions per RFP requirements.
  • Post-launch, VolunteerNow can hire internal engineers or engage other vendors to maintain VOLY without geniant approval or licensing restrictions.
+