Peer Mentor Location
Data Entity
Description
Stores the home area centroid location for a peer mentor with GDPR opt-in consent tracking. Used by coordinators at Blindeforbundet for geographic matching of mentors to assignment requests on the interactive map view.
Data Structure
| Name | Type | Description | Constraints |
|---|---|---|---|
id |
uuid |
Unique identifier for this location record | PKrequiredunique |
peer_mentor_id |
uuid |
Foreign key to peer_mentors. One active location record per peer mentor; additional records represent historical consent changes. | required |
organization_id |
uuid |
Foreign key to organizations. Used for RLS enforcement so coordinators can only query locations within their own organization scope. | required |
location_centroid |
json |
Home area centroid stored as {latitude: number, longitude: number}. Represents a general neighborhood centroid, NOT an exact address, to minimize GDPR exposure. Null when consent has not been granted or has been withdrawn. | - |
home_area_label |
string |
Human-readable label for the peer mentor's home area (e.g., 'Grünerløkka, Oslo'). Used for display in map pin tooltips and bottom sheet summaries without exposing raw coordinates. | - |
consent_granted |
boolean |
Whether the peer mentor has actively opted in to sharing their location centroid with coordinators for geographic matching. False by default; must be explicitly granted. | required |
consent_granted_at |
datetime |
Timestamp when the peer mentor first granted location sharing consent. Null if consent has never been granted. Preserved even if consent is later withdrawn, for audit trail. | - |
consent_updated_at |
datetime |
Timestamp of the most recent consent state change (grant or withdrawal). Updated every time consent_granted is toggled. | - |
consent_version |
string |
Version string of the GDPR privacy disclosure text that the mentor accepted (e.g., 'v1.2'). Required when consent_granted is true. Allows re-consent prompts if privacy policy is updated. | - |
is_active |
boolean |
Indicates whether this is the current active location record for the peer mentor. Only one record per peer_mentor_id should have is_active=true at any time. Allows soft-deactivation without deletion. | required |
created_at |
datetime |
Timestamp when this location record was first created. | required |
updated_at |
datetime |
Timestamp of the most recent update to any field on this record. Updated automatically on every mutation. | required |
Database Indexes
idx_peer_mentor_locations_peer_mentor_id
Columns: peer_mentor_id
idx_peer_mentor_locations_org_id
Columns: organization_id
idx_peer_mentor_locations_active_consent
Columns: organization_id, consent_granted, is_active
idx_peer_mentor_locations_mentor_active
Columns: peer_mentor_id, is_active
Validation Rules
valid_lat_lng_range
error
Validation failed
peer_mentor_id_exists
error
Validation failed
organization_id_matches_mentor_org
error
Validation failed
home_area_label_max_length
error
Validation failed
consent_version_format
error
Validation failed
consent_updated_at_not_in_future
error
Validation failed
no_location_data_without_consent
error
Validation failed
Business Rules
consent_gates_location_visibility
location_centroid MUST be null and treated as unavailable whenever consent_granted is false. Coordinators querying for mentor locations receive only records where consent_granted=true and is_active=true. No location data is exposed for mentors who have not opted in.
consent_withdrawal_clears_coordinates
When a peer mentor withdraws consent (sets consent_granted to false), location_centroid and home_area_label MUST be set to null immediately. The consent audit trail (consent_granted_at, consent_updated_at, consent_version) is preserved for GDPR accountability.
single_active_record_per_mentor
Only one record with is_active=true is permitted per peer_mentor_id at any time. When a new location record is created for an existing mentor, all prior records for that mentor must be set to is_active=false before inserting the new active record. Enforced transactionally.
coordinator_org_scope_enforcement
Coordinators may only read location records where organization_id matches their own organization scope. RLS policies on the peer_mentor_locations table enforce this server-side via auth.uid() JWT claims. The geographic-matching-service passes coordinatorId and the RLS filter is applied automatically.
centroid_required_when_consent_granted
When consent_granted is set to true, location_centroid must be provided in the same transaction. A consent record without coordinates is invalid — the privacy consent UI collects both simultaneously.
consent_version_required_on_grant
When consent_granted is true, consent_version must reference a valid GDPR disclosure version string. This allows the system to prompt mentors to re-consent if the privacy policy is updated to a newer version.
centroid_is_area_level_only
location_centroid stores a neighborhood/area centroid, not a precise home address. The Privacy Consent Service must communicate this distinction to the peer mentor during the consent flow, and the system must never store street-level precision coordinates in this field.
CRUD Operations
Storage Configuration
Entity Relationships
A peer mentor may have location records with GDPR consent flags for geographic matching at Blindeforbundet