Engineering Documents
System Architecture
Proposed architecture: compute, data, auth, integrations, multi-tenancy. Data flow diagrams for HCP-managed and patient-managed device modes.
Architecture
MVP Scope
Must-have / nice-to-have / out-of-scope, broken down feature by feature. Includes the demo-vs-product distinction and recommended cuts.
Scope
Account & Access Model
Three account types (single user, group practice, org with branches), role matrix, RBAC scoping, and the permission flow for patient consent.
RBAC
Architecture Risks
Technical deep-dive on system design concerns. Token storage, auth guards, data leakage, XSS vectors, regulatory compliance requirements, operational complexity, and architectural tradeoffs.
Critical
Compliance & Regulatory
GDPR Article 9 (special category data), HIPAA requirements, audit logging architecture, consent flows, data residency rules, and implementation patterns for healthcare data handling.
Compliance
Requirements to Start
What we need from the Hilo tech team to begin: Entra ID access, B2C database, calls with Matti, legal alignment, and the full dependency list.
Action items
Source Material
Discovery call transcript (28 Apr)
Cléo (PM) ↔ Dhruv kickoff conversation. Held in
.context/attachments/.Account Management & Rights (PDF)
PM-authored role/permission matrix across 4 use cases. Open questions flagged for legal and tech alignment.
Product Strategy & Scope (PDF)
PM-authored MVP definition with must-have, nice-to-have, and out-of-scope columns. Lovable prototype links.
Lovable prototypes (zip × 2)
04_21 (full vision) and 04_23 (must-have MVP). Vite + React + shadcn/ui + recharts + jspdf. UI shell only.