Hiring Full-Time & Freelance
User-controlled sharing for sensitive health data.
We're building a secure data vault + permissioned sharing layer. Users choose what data is shared, with whom, and for how long—with the ability to revoke access at any time.
Enforcement
Clear consent, enforced every time
Sharing is time-bound, recipient-bound, and checked on every request. Expired or revoked access is denied with a clear reason.
Privacy
Minimum necessary outputs
The system returns only what is allowed and removes personal identifiers by default. No analysis or insights.
Transparency
Human-readable access history
Users see a clear history of share creation, access attempts, expiry, and revocation events.
Engineering
What makes this interesting
- Correct access rules (expiry, revoke, recipient binding) with safe defaults
- Preventing bypass paths where data is returned without enforcement
- Useful auditability without leaking sensitive content
- Strong tests for edge cases (timing boundaries, retries, revoke-in-flight)
- Production hygiene (keys/secrets, monitoring, rate limiting, env separation)