User Roles
TrustBid has one design principle for roles: each user sees exactly what they need to do their job and nothing more.
Role map
TrustBid (Platform)└── Foundation / NGO ├── Foundation Admin -> creates and oversees everything ├── Area Coordinator -> executes payments in their area └── Donor (read-only) -> verifies execution of their fundFoundation Admin
The director or coordinator of the foundation. Has full visibility of the project and is accountable to the donor.
What they can do:
- Create and configure projects and areas with assigned budgets
- Invite and assign coordinators per area
- View the consolidated dashboard of the entire foundation
- View the complete payment history across all areas
- Export reports in PDF and CSV by area and date range
- See which payments have attached receipts and which do not
- Request fiat off-ramp (USDC to local currency)
- Share the verification link with donors
What they cannot do:
- View data from other foundations
- Modify payments already recorded (append-only)
As a foundation admin, I want to see the execution status of all my active projects in a single screen, so I can respond to my European donor in less than 10 minutes when they request an update.
Area Coordinator
The field coordinator or technician who executes spending for a specific project area.
What they can do:
- View the available balance in their area account
- Record a payment (3-field form: beneficiary, concept, category)
- Attach a receipt (invoice or photo) — optional
- View their own payment history
- See whether a payment is confirmed or pending
What they cannot do:
- View other areas' accounts
- View the admin's consolidated dashboard
- Export reports
- Create new areas or invite users
Critical UX requirement: The payment registration screen must work fully on mobile in 3G. If a payment fails due to connectivity, it queues and retries automatically.
As a field coordinator, I want to record a payment to a transport vendor in less than 2 minutes from my phone, without having to keep the invoice on paper.
Donor (Read-only)
The international funder who contributed the funds.
MVP:
The admin shares the PDF report with verification codes. The donor opens Stellar Expert independently.
Future (public portal):
A public URL where the donor can monitor execution in real time without needing an account.
As an analyst at a donor organization, I want to independently verify that the funds we transferred are being executed correctly, without waiting for a quarterly report.
Permissions matrix
| Action | Admin | Coordinator | Donor |
|---|---|---|---|
| Create project area | Yes | No | No |
| Assign budget | Yes | No | No |
| Invite coordinators | Yes | No | No |
| Record payment | Yes | Yes | No |
| View consolidated dashboard | Yes | No | No |
| View area payments | Yes | Yes | No |
| Export report | Yes | No | No |
| View traceability portal | Yes | Yes | Yes |
| Verify txHash on-chain | Yes | Yes | Yes |
| Request fiat off-ramp | Yes | No | No |
| Modify recorded payments | No | No | No |