Case Study World Bank Group · 2025
A World Bank-commissioned research app for Indonesian warung owners. Fixed institutional deadline. A compliance gap discovered mid-sprint. A distribution channel blocked with 400 participants waiting. Shipped on time anyway.
01 / Context
TokoSmart is a research-grade Android application commissioned by the World Bank Group to study digital financial literacy among warung operators — Indonesia's informal small-shop economy. The app gave participants tools to manage inventory, run sales, and interact with an AI assistant, while the backend captured behavioural data for the WBG research team.
It was not a typical product build. Three organisations were involved — Xopolis as operator, Ipsos Indonesia as the in-country field and participant management partner, and the World Bank Group as data owner and research sponsor. Three compliance frameworks applied simultaneously: the WBG Data Protection Annex, Indonesian Personal Data Protection Law (UU PDP), and an IRB-approved participant consent protocol.
I was the sole Technical Project Manager — responsible for the full delivery cycle from sprint planning through to the Ipsos handover session.
02 / My role
I was the only PM on the project. There was no escalation path above me for day-to-day delivery. Decisions landed with me and moved forward from there.
The team ran across time zones with the Indonesia-based Ipsos partner. I ran all Agile ceremonies — planning, standups, reviews, retros — and maintained the client relationship throughout the sprint sequence.
03 / Constraints
The deadline was set by an institutional research protocol, not a commercial contract. It could not move. Everything else — scope, distribution method, compliance posture — had to flex around it.
Constraint
WBG research timeline locked at the institutional level. A slip would have invalidated the baseline study window and affected funding.
Constraint
WBG Data Protection Annex, Indonesian UU PDP, and IRB-approved participant consent protocol — all active simultaneously.
Constraint
Participants were managed by Ipsos via SHELL_CHAINID keys. Zero PII could enter the Xopolis system — consent flow had to enforce this at the app level.
Constraint
Indonesian warung locations have unreliable connectivity. App required an offline-first architecture with Realm-based local caching before any sync.
04 / Timeline
I structured delivery as four 1-week sprints with hard scope gates between them. No sprint could overrun without stealing from the next. Two critical events hit mid-sequence — both resolved inside the sprint they appeared in.
05 / Key decisions
Challenge 01 — Compliance gap
During architecture review in Week 2, I identified that the Azure deployment was running on West Europe (Amsterdam) infrastructure. The WBG Data Protection Annex mandated US, Canada, or UK data residency — a direct contractual violation, discovered mid-sprint with 14 days left.
This wasn't a technical decision — it was a governance call. I logged it as a formal risk, scoped the remediation path (Azure UK South migration), and made a deliberate choice: don't surface this to Ipsos on the next call without a remediation plan in place. Raising an unresolved compliance gap in a live institutional stakeholder session would create panic with no upside. The fix was identified and tracked before the next client touchpoint.
Challenge 02 — Distribution blocker
Google Play Console closed testing hit a review wall for the research APK. With ~400 Ipsos-enrolled participants waiting for access, the Play Console path was going to break the launch window.
I pivoted to Firebase App Distribution — direct APK delivery to the Ipsos-managed tester list. This required coordinating the invite flow against the SHELL_CHAINID participant IDs held by Ipsos and aligning on a revised onboarding sequence in under 48 hours. All ~400 participants onboarded within the Stage 1 window.
Both resolved without a slip
Neither the data residency gap nor the distribution pivot cost a single day of delay. Both were surfaced, owned, and closed inside the sprint they appeared in.
06 / Outcomes
Every sprint gate hit on time. The institutional research window opened as planned.
Firebase pivot executed in under 48 hours, maintaining the Ipsos participant onboarding schedule.
SHELL_CHAINID entry, scroll-lock consent, agree/decline paths, 10-second countdown on decline — all built and tested to specification.
Azure West Europe gap flagged, UK South migration scoped, and risk communicated before any contractual exposure.
End-to-end demo script produced for the Ipsos Indonesia field team, covering all 13 app modules and the consent flow.
07 / Reflection
What made this engagement different was that there was no slack in the system. In most projects, a 4-week deadline means 5 weeks with pressure. Here it meant 4 weeks — because a World Bank institutional partner was on the other end of the research protocol.
The compliance and distribution challenges weren't escalated upward. They were owned, evaluated, and resolved — because on this project, there was no upward to escalate to. That's the actual job of a Technical Project Manager: not managing a process, but making the calls the process can't make for itself.
The engineering background mattered here. Identifying the Azure data residency gap required reading an architecture one-pager and knowing what a WBG Data Protection Annex requires in practice. The Firebase pivot worked because I understood what moving 400 SHELL_CHAINID-keyed participant invites through a new distribution channel actually involved — and could spec it in under a day.