🏠 Overview 💾 Data Models 🗄️ NDA Agreement

NDA Agreement

Data Entity

core PK: id 11 required 1 unique

Description

Records legally binding non-disclosure agreements signed by peer mentors handling sensitive personal data, particularly at Blindeforbundet for encrypted assignment access. Stores signature references, document version hashes, and validity status for compliance gating.

16
Attributes
6
Indexes
9
Validation Rules
11
CRUD Operations

Data Structure

Name Type Description Constraints
id uuid Primary key, auto-generated UUID for each NDA agreement record
PKrequiredunique
user_id uuid Foreign key reference to the users table — the peer mentor who signed the agreement
required
organization_id uuid Foreign key reference to the organizations table — the organization whose NDA template was signed. Legal requirements and document templates vary per organization.
required
document_version string Semantic version string of the NDA template that was signed (e.g., '1.0.0', '2.1.0'). Used to detect when a peer mentor must re-sign due to a template update.
required
document_version_hash string SHA-256 hash of the exact NDA document content at the time of signing. Provides tamper-evidence — the stored hash can be re-verified against the document template in Supabase Storage.
required
signed_at datetime ISO 8601 timestamp of when the peer mentor completed the signing action. Server-side timestamp to prevent client-side manipulation.
required
signature_ref string Storage path reference to the signature image or acknowledgment artifact stored in Supabase Storage under a restricted access policy. Format: 'nda-signatures/{organization_id}/{user_id}/{id}.png'
required
signing_method enum Method used to capture the agreement — either a drawn signature, a PIN-based confirmation, or a biometric-backed acknowledgment.
required
is_valid boolean Computed validity flag. True when the agreement has not expired, has not been superseded by a newer version, and has not been administratively revoked. Used as the primary compliance gate.
required
expires_at datetime Optional expiry timestamp. If set, the NDA agreement becomes invalid after this datetime. Organizations may configure annual NDA renewal requirements. NULL means the agreement does not expire on a fixed schedule.
-
invalidated_at datetime Timestamp when the agreement was administratively invalidated (e.g., due to a new document version being published or an admin revocation). NULL if the agreement has not been explicitly invalidated.
-
invalidation_reason enum Reason the agreement was invalidated, populated when invalidated_at is set.
-
ip_address string Client IP address recorded at the time of signing for audit and legal traceability purposes.
-
device_fingerprint string Hashed device identifier string from the Flutter app at signing time, providing a forensic audit anchor.
-
created_at datetime Server-generated record creation timestamp.
required
updated_at datetime Server-generated last-update timestamp, updated via Supabase trigger on any row mutation.
required

Database Indexes

idx_nda_agreements_user_id
btree

Columns: user_id

idx_nda_agreements_organization_id
btree

Columns: organization_id

idx_nda_agreements_user_org_version
btree

Columns: user_id, organization_id, document_version

idx_nda_agreements_user_org_valid
btree

Columns: user_id, organization_id, is_valid

idx_nda_agreements_expires_at
btree

Columns: expires_at

idx_nda_agreements_is_valid
btree

Columns: is_valid

Validation Rules

user_id_must_reference_valid_user error

Validation failed

organization_id_must_reference_valid_org error

Validation failed

document_version_format error

Validation failed

document_version_hash_length error

Validation failed

signature_ref_non_empty error

Validation failed

expires_at_future_date error

Validation failed

invalidation_reason_requires_invalidated_at error

Validation failed

signing_method_enum_value error

Validation failed

user_has_peer_mentor_role warning

Validation failed

Business Rules

single_valid_nda_per_user_org_version
on_create

A peer mentor may have only one valid NDA per organization per document version at any given time. When a peer mentor re-signs an updated document version, the previous version record is not deleted but is invalidated by setting is_valid = false and invalidation_reason = 'new_version_published'.

nda_required_for_encrypted_assignment_access
always

A peer mentor must have a valid NDA agreement for the operating organization before they can receive or decrypt encrypted assignments. NDA validity is checked as a compliance gate in the encrypted assignment dispatch flow. Access is blocked until a current, unexpired NDA signed against the latest document version exists.

new_version_invalidates_previous
on_update

When a new NDA document version is published by an organization administrator, all existing valid records for that organization are marked is_valid = false with invalidation_reason = 'new_version_published'. Affected peer mentors are prompted to re-sign the updated agreement on next access attempt.

expiry_auto_invalidation
always

If expires_at is set and the current datetime exceeds expires_at, the is_valid flag must be treated as false regardless of its stored value. NDA Validation Service evaluates this dynamically. A scheduled Supabase Edge Function may batch-update is_valid = false for expired records to maintain query consistency.

server_side_signing_timestamp
on_create

The signed_at timestamp must be generated server-side (via Supabase Edge Function or database DEFAULT) and cannot be supplied by the client. This prevents backdating or antedating of NDA signing events.

document_version_hash_integrity
on_create

The document_version_hash stored at signing time must match the SHA-256 hash of the current template content for the given document_version. On compliance audit, the stored hash is re-verified against the document template in Supabase Storage to confirm the peer mentor signed the correct version of the document.

signature_ref_restricted_access
always

The Supabase Storage bucket containing signature images must enforce RLS policies limiting access to the signing user, organization administrators, and compliance auditors. The signature_ref path is never exposed directly to other peer mentors.

CRUD Operations

create allowed
read allowed
update allowed
delete allowed

Storage Configuration

Storage Type
primary_table
Location
main_db
Partitioning
No Partitioning
Retention
Permanent Storage

Entity Relationships

organizations
outgoing many_to_one

NDA agreements are scoped to an organization as templates and legal requirements vary

required
users
incoming one_to_many

A peer mentor may sign multiple NDA agreements as document versions are updated over time

required

Components Managing This Entity

service Task Encryption Service ["mobile"] data NDA Repository ["backend"] infrastructure Document Signing Infrastructure ["backend"] service NDA Validation Service ["backend","mobile"] ui NDA Signing Screen ["mobile"] service Encrypted Message Service ["mobile"] data Admin Repository ["backend"] service Admin Management Service ["backend"] data Database Schema ["backend"] infrastructure Edge Functions ["backend"]