pplate/pi_mcps
1
1
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

docs(plans): add CannaManage SaaS strategy — cannabis club management for Germany

Browse Source 
- Legal feasibility check vs CanG (Konsumcannabisgesetz): LEGAL as B2B Vereinsverwaltungs-Software
- B2B SaaS for Anbauvereinigungen: member management, distribution tracking, compliance reports
- Tech stack: Spring Boot 3.x (Java 21) + JPA/Hibernate, PrimeFaces MVP, PostgreSQL + Flyway
- Mobile: PWA → Kotlin Android → Kotlin Multiplatform (natural path for Java developer)
- Revenue model: freemium (free ≤30 members), paid tiers €29-€179/month
- Market: 500-3000 clubs forming, zero dedicated tooling exists (first mover window)
- Also adds BIGMIND_HOSTED_MVP.md (BigMind SaaS vision plan)
This commit is contained in:
pplate
2026-04-04 10:52:17 +02:00
parent 8729f541c0
commit 21956f7a42
2 changed files with 723 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
plans/cannabis-club-saas/STRATEGY.md
+511
View File
@@ -0,0 +1,511 @@
# 🌿 CannaManage — Cannabis Club Management SaaS
## Strategic Plan & Feasibility Assessment
**Author:** Patrick (Lumen, 2026-04-04)**
**Status:** Draft for review
---
## Executive Summary
Germany's **Konsumcannabisgesetz (CanG)**, in force since April 1, 2024, legalised cannabis for personal use and established a framework for **Anbauvereinigungen** (cannabis social clubs / CSCs). These clubs face significant mandatory compliance burdens with almost **zero software tooling** available to help them. This is the market gap.
**CannaManage** is a **B2B SaaS platform** for cannabis social clubs in Germany. It handles their mandatory member management, distribution tracking, stock management, compliance reporting, and member portal — replacing Excel sheets and pen-and-paper with a purpose-built regulated-sector management tool.
**Verdict: ✅ LEGAL — ✅ MONETIZABLE — ⚠️ WITH SPECIFIC CAUTION**
---
## 1. Legal Feasibility Check
### 1.1 The Law: Konsumcannabisgesetz (CanG) — Key Facts
Source: Federal Health Ministry FAQ (verified 2026-04-04 via bundesgesundheitsministerium.de)
| Rule | Detail |
|------|--------|
| Personal possession | 25g in public, 50g at home |
| Home growing | Max 3 plants per adult |
| CSC distribution | 25g/day, 50g/month per adult member |
| Members 18-21 | Max 30g/month, max 10% THC |
| Max club density | 1 club per 6,000 residents per district (state-optional) |
| **Advertising ban** | **TOTAL ban on advertising and sponsoring of cannabis AND Anbauvereinigungen** |
| Documentation | Mandatory tracking: who received what, when, contamination traceability |
| Prevention officer | Clubs must designate a Präventionsbeauftragter |
| Youth protection concept | Mandatory health & youth protection plan required |
| Reporting obligations | Regular documentation and reporting to authorities |
### 1.2 The Critical Question: Does a SaaS Platform Violate the Advertising Ban?
**§ CanG: "Generelles Werbe- und Sponsoringverbot für Cannabis und Anbauvereinigungen"**
This is the key legal boundary. The advertising ban applies to:
- Advertising **for** cannabis
- Advertising **for** Anbauvereinigungen (the clubs themselves)
**A B2B management tool is NOT advertising.** Here is why:
| Scenario | Legal Status | Reasoning |
|----------|-------------|-----------|
| Public directory "Find clubs near you" | ❌ Illegal | Constitutes advertising for clubs |
| "Sign up to discover CSCs in your city" | ❌ Illegal | Discovery = advertising |
| B2B dashboard used by club admins | ✅ Legal | Internal operations software |
| Member portal (member logs in to see their club's stock) | ✅ Legal | Member already joined; no advertising |
| Compliance reporting tools for clubs | ✅ Legal | Administrative software, like tax software |
| Payment processing for member fees | ✅ Legal | Financial operations, not advertising |
| Marketing the SaaS **to clubs** via B2B channels | ✅ Legal | Selling software to businesses is normal |
**The analogy:** Shopify doesn't become a drug dealer when a pharmacist uses it. A POS system for a bar doesn't make the bar illegal. We sell **operational software** to licensed, regulated entities. We are not in the cannabis business.
### 1.3 Positioning — Critical Architecture Decision
The platform **MUST NOT** include:
- Public-facing club discovery (no "find clubs near you")
- Any feature that functions as advertising for a specific club to non-members
- Stock information visible to non-members (which could look like advertising)
The platform **SHOULD** include:
- Member login restricted to verified club members only
- Club admin portal (sign-up via direct B2B sales / word-of-mouth — not public listing)
- Explicit "this software is for existing clubs and their verified members" framing
### 1.4 DSGVO / Data Privacy
Clubs handle sensitive personal data (membership, health-adjacent data). Our platform must:
- Store all data in Germany/EU (Hetzner, not AWS us-east)
- Provide DSGVO-compliant data processing agreements (DPA/AVV)
- Enable data export and deletion per member request
- Have clear privacy policies in German
### 1.5 Legal Risk Register
| Risk | Probability | Impact | Mitigation |
|------|-------------|--------|-----------|
| Advertising ban reinterpretation to include B2B SaaS | Low | High | Legal opinion before launch; strict no-discovery design |
| New German government rolls back CanG | Medium | High | Modular architecture — pivot to compliance-only if needed |
| Payment processors (Stripe) block cannabis-adjacent businesses | Medium | High | Use Stripe (they allow compliance software); never process cannabis payments |
| Club licenses revoked / clubs fail | Medium | Medium | Diversified customer base; per-month billing (easy to cancel) |
| DSGVO violation | Low | Very High | EU hosting, DPA agreements, security audit |
**Bottom line:** The legal risk is manageable with correct product positioning. We are selling **compliance management software**, not cannabis.
---
## 2. Market Analysis
### 2.1 Market Size
**Potential CSC count in Germany:**
- Germany population: ~83 million
- If 1 club per 6,000 residents (theoretical maximum): ~13,800 clubs
- Realistic 2025-2028 formation rate: **5003,000 active clubs**
- Reason: complex licensing process, Länder-specific delays, conservative uptake initially
**Consumer backdrop:**
- **5.05 million adults** consumed cannabis in the past 12 months (2024 survey)
- **670823 tonnes** consumed in 2024 — huge demand
- This is not a niche; it is a mainstream market with a regulatory moat
**Total Addressable Market (TAM):**
- 3,000 clubs × €79/month average = €2.85M ARR
- 500 clubs × €79/month = €475K ARR (conservative bootstrap target)
- Even 100 paying clubs = €94,800 ARR — a solid side hustle
### 2.2 Why Clubs Desperately Need This
The CanG creates massive administrative burden on clubs:
| Requirement | Pain Without Software |
|------------|----------------------|
| Track every distribution (who, what, how much, when) | Excel sheets, manual errors |
| Monthly quantity caps per member | Manual math, compliance risk |
| Youth protection (18-21 THC cap, quantity cap) | Manual age checks |
| Contamination traceability | Paper trail disaster |
| Prevention officer reporting | No standard format exists |
| Member data management (DSGVO) | Illegal if done on personal email/phone) |
| Annual reporting to authorities | No tooling from the state |
These clubs are **legally required** to do this. They will pay for something that makes compliance manageable.
### 2.3 Competition Check
**Current competitors (estimated):**
- **None known** at launch time specifically for German CSCs (market is <2 years old)
- General club management software (e.g., ClubDesk, easyVerein) — not cannabis-compliant, lack distribution tracking
- Generic SaaS tools (Airtable, Notion) — no compliance features, no German legal mapping
**Timing advantage is critical.** The window to establish market leadership is 2026-2027 before larger players notice.
---
## 3. Product: Feature Specification
### 3.1 MVP (Version 1 — Ship First)
**For Club Admins:**
- Club registration and setup wizard
- Member management (add/remove, age, contact, membership date)
- Age verification flag (18+, 18-21 restricted category)
- Distribution log: record each handout (member, strain, weight, date/time)
- Monthly limit enforcement: system warns/blocks if member exceeds 50g (or 30g for under-21)
- Stock management: strains, quantities, batch info
- Simple dashboard: total members, distributions this month, stock levels
**For Members (Member Portal):**
- Login with club-issued credentials
- View personal distribution history
- View current stock availability (what strains are available)
- View remaining monthly quota
- Request distribution appointment (optional, club configures)
**Compliance Tools:**
- Monthly distribution report export (PDF + CSV) for authority reporting
- Member list export for inspections
- Contamination alert: flag a batch and see all members who received it
- Prevention officer information tracking
### 3.2 Version 2 (Growth Features)
- Payment processing for membership fees (Stripe — no cannabis payments)
- Automated waiting list management
- Email/SMS notifications to members
- Multi-strain grow tracking (integrate growing calendar)
- **Mobile: PWA first** — Spring Boot serves a responsive web app; works on all Android/iOS browsers, no App Store submission needed
- **Mobile: Kotlin Android app** — native Android app for Play Store distribution (covers ~70% of German users); Kotlin is essentially better Java, Patrick can leverage existing JVM knowledge directly
- API for custom integrations
- Analytics dashboard (club-level, anonymised trends)
### 3.3 Version 3 (Scale Features)
- **Kotlin Multiplatform (KMP)** — shared business logic in Kotlin + Compose Multiplatform UI deployed to Android + iOS + web from one codebase; natural step after the Kotlin Android app
- Multi-location club support
- White-label option for large club networks
- Legal template library (Satzungen, Jugendschutzkonzept, etc.)
- Integration with German authority reporting portals (if they exist)
- Prevention officer training module
---
## 4. Revenue Model
### 4.1 Pricing Tiers (SaaS)
| Plan | Price/month | Members | Key Features |
|------|-------------|---------|-------------|
| **Starter** | Free | Up to 30 | Distribution log, basic member management |
| **Basic** | €29/month | Up to 100 | + Compliance reports, stock management |
| **Professional** | €79/month | Up to 500 | + Member portal, batch tracking, exports |
| **Enterprise** | €179/month | Unlimited | + API, multi-location, priority support |
**Rationale:**
- Free tier creates word-of-mouth in the club community
- Professional is the sweet spot for a typical club (100-300 members)
- Freemium-to-paid conversion pressure: "your club hit 30 members, upgrade to continue"
### 4.2 Revenue Projections
| Scenario | Paying Clubs | Average Plan | MRR | ARR |
|----------|-------------|-------------|-----|-----|
| Bootstrap (Year 1) | 30 | €49 | €1,470 | €17,640 |
| Growth (Year 2) | 150 | €65 | €9,750 | €117,000 |
| Scale (Year 3) | 500 | €79 | €39,500 | €474,000 |
**Year 1 is realistic as a side hustle while working at ADP.**
### 4.3 Additional Revenue Streams
- **Setup fee:** Optional one-time €99299 onboarding fee for Professional/Enterprise
- **Legal templates:** Sell standardised Satzung, Jugendschutzkonzept templates (€49 one-time)
- **Training:** Webinars for Präventionsbeauftragter (€149/person) — high-value, low-effort
- **Affiliate/referral:** Partner with lawyers who advise clubs (they refer clients, we pay commission)
---
## 5. Tech Stack
### 5.1 Skills Assessment — ⚠️ CORRECTED (Java is Patrick's primary language)
> **Important correction:** The initial plan had this backwards. Python is *Lumen's* language, used for MCP servers. Patrick's real expertise is **Java** — JPA/EclipseLink, JAXB, PrimeFaces, Maven, Jakarta EE. He built the entire wellmann-shop without AI, and wrote a custom JPA-annotation-style flatfile parser for euBP/DSAK. The stack below is redesigned around Java as the primary language.
| Technology | Patrick's Level | Required? |
|-----------|----------------|-----------|
| Java (Spring Boot / Quarkus) | ✅ **Expert** | Yes — backend |
| JPA / EclipseLink | ✅ **Expert** | Yes — ORM layer |
| JAXB | ✅ Expert | Yes — report generation |
| PrimeFaces / JSF | ✅ Expert | Optional — one frontend path |
| Maven | ✅ Expert | Yes — build tool |
| PostgreSQL | ✅ Good | Yes — database |
| Docker | ✅ Comfortable | Yes — deployment |
| Spring Security / JWT | 🟡 Familiar | Yes — auth |
| Kotlin (Android / KMP) | 🟡 **Natural transition** — same JVM, IntelliJ | Yes — mobile v2/v3 |
| Compose Multiplatform | 🟡 New but Kotlin-based | Yes — cross-platform UI v3 |
| Vaadin Flow (Java UI) | 🟡 New, Java-native | Alternative fast frontend |
| React / Next.js | ❌ Needs learning | Best long-term web frontend |
| Stripe Java SDK | 🟡 New (REST, documented) | Yes — billing |
| German DSGVO practical | ⚠️ Basic | Critical — legal |
### 5.2 Frontend Choice — The Real Decision
With Java as the primary language, three paths exist:
**Option A: Vaadin Flow — Full Java, zero JavaScript (fastest start)**
- Write UI in pure Java — no HTML/CSS/JS required
- Deeply integrated with Spring Boot, component-based
- Patrick can start immediately with zero new language learning
- Downside: Vaadin commercial license for some features; UI looks enterprise-y
**Option B: PrimeFaces + JSF — Patrick already knows this cold**
- Built wellmann-shop entirely from scratch with PrimeFaces
- Runs on Quarkus, WildFly, or Payara
- Zero learning curve — known patterns, fast to ship
- Downside: JSF is considered legacy by the wider web community; not ideal for modern SaaS polish
**Option C: Spring Boot backend + Next.js/React frontend (Best long-term)**
- Java stays the backend — Patrick's full existing strength
- React/Next.js frontend — one-time learning investment
- Standard modern SaaS architecture (2024+); best hiring/community ecosystem
- Downside: React/Next.js learning curve (~4-6 weeks)
**Recommendation:** Start with **Option B (PrimeFaces)** to ship an MVP fast with zero learning overhead. Migrate the frontend to **Option C (Next.js)** in Version 2 when revenue justifies the investment. This is pragmatic — ship first, polish later.
### 5.3 Recommended Stack
```
Frontend: PrimeFaces + JSF (MVP) → Next.js/React (v2+)
Backend: Spring Boot 3.x (Java 21) — REST API + JPA/Hibernate
ORM: JPA/Hibernate (Patrick's core expertise)
Database: PostgreSQL + Flyway migrations
Auth: Spring Security + JWT (stateless sessions)
Payments: Stripe Java SDK (subscriptions, webhooks)
PDF Reports: iText 7 or Apache PDFBox (Java, battle-tested)
Email: Jakarta Mail / Resend.com REST API
Hosting: Hetzner Cloud VPS (German DC, GDPR, €5-20/month)
— TrueNAS.local Docker for dev/staging
CI/CD: Gitea Actions → Hetzner (Maven build pipeline)
Monitoring: Sentry Java SDK (free tier)
```
**Why this stack:**
- Spring Boot + JPA = Patrick's natural habitat — fastest possible iteration on the backend
- PrimeFaces MVP = zero new tools, ship in weeks not months
- PostgreSQL + Flyway = production-grade, schema migrations Patrick knows from JPA patterns
- Hetzner = German hosting, cheap, GDPR-compliant by design
- Stripe Java SDK = mature, handles EU VAT + subscription billing
- iText/PDFBox = Java-native PDF generation for compliance reports (no Python dependency)
### 5.4 Architecture Overview
```
┌─────────────────────────────────────────────────────────┐
│ CannaManage Platform │
│ │
│ ┌─────────────────┐ ┌────────────────────────────┐ │
│ │ Admin Portal │ │ Member Portal │ │
│ │ PrimeFaces/JSF │ │ PrimeFaces/JSF (MVP) │ │
│ │ Next.js (v2+) │ │ Next.js/React (v2+) │ │
│ │ - Club setup │ │ - Login (club-issued) │ │
│ │ - Member mgmt │ │ - Stock view │ │
│ │ - Distribution │ │ - My quota / history │ │
│ │ - Compliance │ │ - Request pickup │ │
│ └────────┬────────┘ └──────────┬─────────────────┘ │
│ │ │ │
│ └───────────┬────────────┘ │
│ ↓ │
│ ┌───────────────────────────────────────┐ │
│ │ Spring Boot 3.x Backend (Java 21) │ │
│ │ - REST API (Spring MVC) │ │
│ │ - JPA/Hibernate entities │ │
│ │ - Business logic + compliance rules │ │
│ │ - PDF report generation (iText 7) │ │
│ │ - Spring Security + JWT │ │
│ └──────────────────┬────────────────────┘ │
│ ↓ │
│ ┌─────────────────────┐ │
│ │ PostgreSQL │ │
│ │ - Multi-tenant │ │
│ │ (tenant_id on all │ │
│ │ JPA entities) │ │
│ │ - Flyway migrations │ │
│ └─────────────────────┘ │
│ │
│ ┌──────────────────────────────────────────────────┐ │
│ │ Stripe Java SDK │ Email (Jakarta Mail) │ │
│ │ (subscription billing) │ (notifications) │ │
│ └──────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────┘
```
### 5.5 New Skills Needed — Revised Learning Path
| Skill | Priority | Patrick's Starting Point | Resource |
|-------|----------|--------------------------|----------|
| Spring Boot 3.x REST | 🟡 Medium | Knows Jakarta EE — similar model | spring.io/guides |
| Spring Security + JWT | 🟡 Medium | Security concepts from JEE | Baeldung tutorials |
| Flyway migrations | 🟡 Medium | Knows JPA schema generation | flyway.io/docs |
| Stripe Java SDK | 🟡 High | Knows REST from Java | stripe.com/docs/billing |
| Next.js / React | 🔴 For v2+ | Zero JS framework experience | nextjs.org/learn (free) |
| Docker + Compose | 🟡 Medium | Comfortable with Docker basics | Hetzner deploy guides |
| German DSGVO practical | 🔴 Critical | Basic awareness | Legal counsel + AVV templates |
**Pragmatic MVP path:** Use PrimeFaces (Patrick knows it cold) → ship MVP → earn first revenue → invest time in Next.js for v2.
---
## 6. Go-To-Market Strategy
### 6.1 Phase 0 — Build & Validate (Private Beta)
**Goal:** Working MVP, 3-5 beta clubs, collect real feedback
**Actions:**
- Join German cannabis clubs online community (Telegram groups, Reddit r/cannabisde)
- Find 3-5 club admins willing to test for free
- Build MVP focused on distribution tracking + compliance reports (the biggest pain)
- Do NOT launch publicly until legally reviewed
**Where to find early adopters:**
- Hanfverband Deutschland (German Hemp Association) — they represent clubs
- Online forums: Rollitup.de German section, GreenPassion.de
- Local cannabis clubs in your area
- LinkedIn outreach to CSC founders
### 6.2 Phase 1 — Soft Launch (€0 → First €1K MRR)
**Target:** 30+ paying clubs, Basic plan minimum
**Channels (all B2B, no cannabis advertising):**
- Word of mouth between club admins (community is small and tight-knit)
- Content marketing: blog posts about "how to manage CanG compliance" (targets club admins searching for help)
- Partner with lawyers advising clubs (they refer clients)
- Hanfverband newsletter mention (not advertising — editorial content about compliance tools)
- LinkedIn / XING posts targeted to "Vereinsvorstand" / "Vereinsgründer" keywords
### 6.3 Phase 2 — Growth (€1K → €10K MRR)
- Referral program (clubs refer other clubs for free months)
- German startup press (Gründerszene, t3n)
- Templates marketplace (Satzungen, Jugendschutzkonzepte)
- Webinar series for Präventionsbeauftragte
---
## 7. Business Structure & Risk
### 7.1 Legal Entity
**Recommendation:** Register as a **Gewerbetreibender / Einzelunternehmen** first (simplest), then transition to **GmbH** when revenue exceeds €50K/year.
- No special license needed to sell software to cannabis clubs
- You are NOT a cannabis business — you sell management software
- Standard software VAT applies (19% German USt)
### 7.2 Banking & Payments
- **DO NOT** describe your business as "cannabis software" to banks
- Describe it as: "Vereinsverwaltungs-Software" (club management software)
- Stripe works fine for compliance software — they block cannabis sales, not software for cannabis-adjacent industries
- Open a separate business account early (Kontist, Finom, or Deutsche Bank business)
### 7.3 Exit Scenarios
| Scenario | When | Valuation Range |
|----------|------|----------------|
| Keep as passive income | Year 2+ at €5K MRR | N/A |
| Sell to larger SaaS player | Year 3+ at €20K MRR | 3-5× ARR (~€720K-1.2M) |
| Raise seed funding | Year 2 with 200+ clubs | €500K-€2M round |
| Pivot to EU expansion | Year 3 | Same platform, localised |
---
## 8. Development Roadmap
### Phase 0 — Foundation (Weeks 1-8, solo)
- [ ] Set up Spring Boot 3.x project (Maven, JPA/Hibernate, PostgreSQL, Flyway)
- [ ] Design JPA entities: Club, Member, Distribution, Strain, Batch (multi-tenant via tenant_id)
- [ ] Build core REST API (member CRUD, distribution log)
- [ ] Build admin portal with PrimeFaces (Patrick already knows this)
- [ ] Distribution limit enforcement logic (25g/day, 50g/month, 30g/month under-21)
- [ ] Simple PDF compliance report export (iText 7)
- [ ] Spring Security + JWT auth (club admin login)
- [ ] Deploy to Hetzner VPS (Docker Compose)
### Phase 1 — MVP (Weeks 9-16)
- [ ] Member portal (PrimeFaces, login with club-issued creds, quota view, stock view)
- [ ] Stock management module (strains, batches, quantities)
- [ ] Contamination batch recall feature
- [ ] Stripe Java SDK integration (subscription billing)
- [ ] DSGVO: privacy policy, data processing agreement (AVV), cookie consent
- [ ] Beta launch with 5 clubs (free, feedback-only)
### Phase 2 — Launch (Months 5-8)
- [ ] Payment flows live (Stripe webhooks, subscription lifecycle)
- [ ] Email notification system (Jakarta Mail / Resend API)
- [ ] Marketing site (cannamanage.de — example name, separate Next.js landing page)
- [ ] Legal review of terms, privacy, advertising compliance
- [ ] Formal soft launch to club community
- [ ] First paying customers
### Phase 3 — Growth (Months 9-18)
- [ ] Frontend migration: PrimeFaces → Next.js/React (when revenue justifies it)
- [ ] Mobile-optimised (PWA)
- [ ] Legal template marketplace (Satzungen, Jugendschutzkonzepte)
- [ ] Referral program
- [ ] Webinar series for Präventionsbeauftragte
- [ ] Hire first part-time support person
---
## 9. Honest Assessment — Strengths & Weaknesses
### Strengths ✅
- **First mover advantage** — nobody is doing this well yet
- **Regulatory moat** — the compliance burden creates permanent demand
- **B2B SaaS** — predictable recurring revenue
- **Patrick's Java expertise** — Spring Boot + JPA = fastest possible backend iteration (this is his daily tool at ADP)
- **PrimeFaces knowledge** — built a full shop UI from scratch; zero learning curve for MVP frontend
- **Low competition** — niche market overlooked by big players
- **Low infra cost** — Hetzner VPS €5-20/month, manageable
### Weaknesses / Challenges ⚠️
- **Modern frontend gap** — Next.js/React must eventually be learned for v2 polish (deferred, not blocking)
- **Market is young** — clubs are still forming, slow regulatory licensing in some Länder
- **Political risk** — new German government could tighten the law
- **Churn risk** — if a club closes, subscription ends immediately
- **Payment friction** — some processors are cannabis-adjacent-averse (mitigated by correct positioning)
- **Two-sided attention** — building while working full-time at ADP is slow (nights/weekends)
- **Spring Boot learning curve** — Patrick knows Jakarta EE / JEE; Spring Boot 3.x is adjacent but not identical
### The Honest Path
This is a **18-24 month project** to meaningful passive income:
- Months 1-3: Spring Boot setup + PrimeFaces MVP (using existing Java knowledge — fast!)
- Months 4-6: Beta with 5 clubs, Stripe integration, DSGVO compliance
- Months 7-12: Paid launch, first 30-50 paying clubs
- Year 2+: €5-10K MRR is realistic, genuine passive with <10h/week
---
## 10. Immediate Next Steps
1. **Join 2-3 German cannabis club communities** (Telegram, Reddit) — listen, don't sell yet
2. **Start Next.js tutorial** (nextjs.org/learn) — 1 hour/day, 4 weeks
3. **Create a Supabase project** — explore multi-tenancy with Row Level Security
4. **Set up the project repo** (pi_mcps/cannamanage or separate Gitea repo)
5. **Talk to 3 club admins** — validate the pain before writing a line of code
6. **Get a legal opinion** (€300-500 from a cannabis law specialist — worth it before launch)
---
## Appendix: Key CanG References
| Provision | Content |
|-----------|---------|
| §2 CanG | Definitions — Anbauvereinigung, Mitglied |
| §§15-26 CanG | Anbauvereinigungen — formation, rights, obligations |
| §22 CanG | Distribution limits (25g/day, 50g/month) |
| §23 CanG | Under-21 restrictions (30g/month, 10% THC) |
| §§6-7 CanG | Advertising and sponsoring ban |
| §26 CanG | Documentation and reporting obligations |
| §27 CanG | Prevention officer requirements |
---
*Plan created: 2026-04-04 | Next review: 2026-05-01 | Status: Awaiting Patrick's approval*