A framework for writing Product Requirements Documents that are clear, actionable, and developer-friendly.
This framework captures the patterns we use when defining new projects. A good PRD should answer: What are we building, for whom, and how does it work?
Start with a one-liner that explains what the product does.
# [Project Name]
[One sentence describing what it does and for whom]Example: "An app where stream viewers can propose and vote for projects/features that will be developed live."
Define the tools upfront. Split by concern:
## Tech Stack
**Development:**
- [Frontend framework]
- [Backend/Database]
- [Auth provider]
**Deployment:**
- [Hosting/Infrastructure]Considerations:
- Keep it minimal — fewer tools = less complexity
- Choose based on team expertise and project needs
- Consider free tiers for MVPs
Define who can do what before diving into features:
## Access
- **Public:** [What anyone can see/do]
- **Authenticated:** [What logged-in users can do]
- **Admin:** [What admins can do]Why first? Access levels shape your entire feature set. Define them early.
List your entities with their key fields and relationships:
## Data Models
All entities have: `createdAt`, `updatedAt`, `archivedAt`
### [Entity Name]
- `id`
- `field1`
- `field2`
- `foreignKey` (FK → OtherEntity)Best Practices:
- Include standard timestamps on all entities
- Use soft deletes (
archivedAt) instead of hard deletes - Define foreign key relationships explicitly
- Add unique constraints where needed (e.g., one vote per user per proposal)
Describe step-by-step what each user type does:
## User Flows
### [User Type]
1. [First action]
2. [Second action]
3. [Decision point → options]Tips:
- Write flows as numbered steps
- Include decision points and alternatives
- Cover the happy path + key edge cases
List features with scope and key details:
## Features
### [Feature Name]
- **Scope:** [Public | Authenticated | Admin]
- [Key detail 1]
- [Key detail 2]Keep it concise — implementation details go in technical docs, not the PRD.
Always consider abuse prevention:
## Rate Limiting & Bot Protection
- **Captcha:** [Where and what service]
- **Rate limits:**
- [Action]: max [N] per user per [time period]
- **Account age:** [Optional restrictions for new accounts]Common patterns:
- Captcha on user-generated content (proposals, comments)
- Rate limits on writes (proposals, votes)
- Account age requirements to prevent spam accounts
- Consider privacy-friendly options (e.g., Cloudflare Turnstile)
Consider legal and regulatory requirements:
## Compliance
- **Data Privacy:** [GDPR, CCPA considerations]
- **Data Storage:** [Where data is stored, retention policies]
- **User Rights:** [Data export, deletion requests]
- **Third-party Services:** [Data shared with external services]Common considerations:
- GDPR (EU users) — consent, right to deletion, data portability
- CCPA (California users) — disclosure, opt-out rights
- Cookie policies and tracking disclosure
- Terms of Service and Privacy Policy requirements
- Age restrictions if applicable
Define auth methods:
## Authentication
- [Method 1] (e.g., Email magic link)
- [Method 2] (e.g., OAuth provider)Consider:
- Your target audience (Twitch viewers → Twitch OAuth makes sense)
- Friction vs security tradeoffs
- Email as fallback for account recovery
Use this to validate your PRD is complete:
- Summary — One-liner explaining the product
- Tech Stack — Development + Deployment tools defined
- Access Control — Who can do what (Public/Auth/Admin)
- Data Models — Entities, fields, relationships, constraints
- User Flows — Step-by-step for each user type
- Features — Scoped feature list with key details
- Security — Rate limits, captcha, abuse prevention
- Authentication — Auth methods and providers
See a complete PRD example: StreamSaga PRD
- Start with access control — it shapes everything else
- Use soft deletes — you'll thank yourself later
- Define constraints early — "one vote per user per proposal" prevents bugs
- Think about abuse — rate limits and captcha from day one
- Keep it readable — tables and lists over paragraphs
- Version your PRD — it will evolve, that's okay