🏠 Overview 🎯 Features 🎯 Encrypted Assignment Dispatch

Encrypted Assignment Dispatch

Feature Detail

high complexity high priority must have v1.0 extracted Notifications & Assignment Management Confidence: 100%
9
Components
0
Shared
8
User Stories
Yes
Analyzed

Description

This feature enables coordinators to securely send sensitive personal information — including name, address, and medical summaries — to peer mentors as encrypted assignments. Each dispatch includes delivery confirmation when the message reaches the device and a read receipt when the peer mentor opens the assignment. The system maintains a status dashboard of all open assignments, allowing coordinators to track which assignments have been delivered, read, accepted, or remain unacknowledged, and to follow up accordingly.

Analysis

Business Value

Norwegian privacy legislation (Personopplysningsloven, GDPR) requires that sensitive personal data transmitted to volunteers be protected with appropriate technical measures. Without encryption, sending medical summaries or home addresses via the app would be legally non-compliant and expose the organizations to significant liability. This feature removes a critical legal and operational blocker, allowing Blindeforbundet and other organizations to fully digitize assignment dispatch workflows that currently rely on phone calls or unencrypted email. Delivery and read receipts eliminate the coordinator uncertainty about whether a peer mentor has received critical information, reducing the risk of missed contacts and improving accountability across the volunteer network.

Implementation Notes

Use end-to-end encryption with libsodium (via the pointycastle or cryptography Flutter package) where the assignment payload is encrypted with the recipient's public key stored in Supabase. Private keys are derived from the user's BankID-verified identity and stored in the device secure enclave (Flutter Secure Storage). Supabase stores only the ciphertext; plaintext never touches the server. Delivery confirmation is a server-side webhook acknowledgement written to assignment_dispatches when the FCM/APNs delivery receipt is received. Read receipts are written to assignment_read_receipts when the peer mentor opens the detail screen. The coordinator's assignment status dashboard queries these tables in real time via Supabase Realtime subscriptions. Key rotation and revocation procedures must be documented for the organization's security policy.

Dependencies

email-password-loginbankid-vipps-authenticationrole-based-access-controlcontact-list-search

Definition of Done

Assignment payload encrypted client-side before upload; plaintext never stored on server
Recipient can decrypt and read assignment only after authenticated BankID/biometric session
Delivery confirmation recorded within 30 seconds of FCM/APNs acknowledgement
Read receipt recorded when assignment detail screen is opened and persisted in database
Coordinator status dashboard shows real-time delivery/read/pending state for all open assignments
Encryption implementation reviewed against GDPR Article 32 requirements
Screen reader accessible: all status states announced correctly by VoiceOver/TalkBack
Automated test covers encrypt → store → retrieve → decrypt round-trip with correct content

Components (9)

User Interface (5)

ui Assignment Compose Screen high ui Assignment Detail Screen high ui Assignment Inbox Screen medium ui Assignment Status Dashboard medium ui Encryption Status Widget low

Service Layer (2)

service Encrypted Message Service high service Read Receipt Service medium

Data Layer (1)

data Assignment Repository medium

Infrastructure (1)

infrastructure Secure Key Store medium

User Stories (8)

Accept, Decline, or Follow Up on a Received Assignment
high 3 pts

As a As a Peer Mentor (Likeperson)

I want I want to respond to an assignment by accepting it, declining it, or flagging that I need to follow up, so that the coordinator knows the assignment has been acted upon

So that So that coordinators can see whether their dispatched assignments have been accepted and can redirect or reassign them when a peer mentor is unable to take on the contact

Acceptance Criteria
  • Given the peer mentor has read an assignment, when they tap 'Accept', then the assignment status is updated to 'accepted' in Supabase and the coordinator's dashboard reflects this in real time
  • Given the peer mentor has read an assignment, when they tap 'Decline', then the assignment status is updated to 'declined' and a confirmation prompt is shown before the action is committed
  • Given the peer mentor taps 'Follow Up', when the action is confirmed, then the assignment status is set to 'follow-up-pending' and the coordinator is notified
  • +2 more
View Full Story →
Identify and Initiate Follow-Up on Unacknowledged Assignments
high 3 pts

As a As a Coordinator

I want I want to see a filtered view of all assignments that have been delivered but not read or responded to within a configurable period, and to be able to initiate a follow-up action directly from the dashboard

So that So that no assignment falls through the cracks, peer mentors are followed up in a timely manner, and the organization meets its obligation to ensure contacts are established within the expected timeframe

Acceptance Criteria
  • Given the coordinator opens the Assignment Status Dashboard, when they apply the 'Unacknowledged' filter, then only assignments in 'Dispatched' or 'Delivered' state older than the threshold are shown
  • Given an assignment has been delivered but not read for 10 or more days, when it appears in the filtered view, then the elapsed days since dispatch are clearly displayed alongside the peer mentor's name
  • Given the coordinator selects an unacknowledged assignment and taps 'Mark for Follow-Up', when the action is confirmed, then the assignment record is updated with a follow-up flag and timestamp visible to the coordinator
  • +3 more
View Full Story →
Monitor Real-Time Assignment Status Dashboard for Delivery and Read Receipts
high 5 pts

As a As a Coordinator

I want I want a real-time dashboard showing all open assignments with their current status — dispatched, delivered to device, read by the peer mentor, accepted, declined, or unacknowledged — so that I always know the state of every active assignment without manually contacting peer mentors

So that So that I can immediately identify which assignments have been successfully received and acted upon, and which require follow-up, eliminating the uncertainty that currently forces coordinators to make follow-up phone calls

Acceptance Criteria
  • Given the coordinator opens the Assignment Status Dashboard, when the screen loads, then all open assignments are displayed with their current status and timestamps
  • Given a peer mentor's device receives a push notification for an assignment, when the FCM/APNs delivery receipt is processed, then the assignment row updates from 'Dispatched' to 'Delivered' in real time without the coordinator refreshing the page
  • Given the peer mentor opens the assignment detail screen for the first time, when the read receipt is written, then the dashboard row updates from 'Delivered' to 'Read' in real time
  • +4 more
View Full Story →
View Encrypted Assignment Inbox with Real-Time Status Indicators
critical 3 pts

As a As a Peer Mentor (Likeperson)

I want I want to see a list of all encrypted assignments dispatched to me, with clear visual indicators showing whether each assignment has been delivered, is unread, or has already been opened

So that So that I can quickly identify new or pending assignments requiring my attention and respond to them in a timely manner

Acceptance Criteria
  • Given the peer mentor is authenticated, when they navigate to the assignment inbox, then all assignments dispatched to them are listed in reverse chronological order
  • Given a new assignment is dispatched by a coordinator, when the peer mentor's device receives the push notification and they open the inbox, then the new assignment appears at the top without requiring a manual refresh
  • Given an assignment has not been opened, when it appears in the inbox list, then it is visually marked as unread (e.g., bold text, unread dot indicator)
  • +3 more
View Full Story →
Decrypt and Read Full Assignment Details Including Sensitive Personal Information
critical 8 pts

As a As a Peer Mentor (Likeperson)

I want I want to open an assignment and have it automatically decrypted on my device so I can read the full sensitive details — including the contact's name, home address, and medical summary — without that information ever being visible to anyone other than me

So that So that I receive the information I need to carry out the peer support visit while the organization remains compliant with Norwegian privacy legislation

Acceptance Criteria
  • Given the peer mentor opens an assignment for the first time, when the detail screen loads, then the assignment payload is decrypted on-device using the private key from the secure enclave and the full sensitive details are displayed
  • Given the assignment is opened for the first time, when the screen renders, then a read receipt is written to assignment_read_receipts and the coordinator's status dashboard reflects the 'read' state
  • Given the peer mentor opens the same assignment a second time, when the detail screen loads, then no duplicate read receipt is created
  • +4 more
View Full Story →
Initialize End-to-End Encryption Keys Derived from BankID Identity on First Login
critical 8 pts

As a As a user

I want I want my encryption key pair to be automatically generated and securely stored on my device the first time I log in with BankID, so that I can send and receive encrypted assignments without any manual cryptographic setup

So that So that the encryption system is available immediately after authentication without requiring technical knowledge from the user, while ensuring private keys never leave the device

Acceptance Criteria
  • Given the user completes BankID authentication for the first time, when the session is established, then an X25519 key pair is generated and the private key is stored in the device secure enclave without any user interaction required
  • Given key generation succeeds, when the public key is uploaded to Supabase, then the user's profile record is updated with the public key and is available for lookup by coordinators
  • Given the app is reinstalled and secure storage is cleared, when the user logs in with BankID again, then they are prompted to re-derive their key pair and the private key is restored to the secure enclave
  • +3 more
View Full Story →
Initialize End-to-End Encryption Keys Derived from BankID Identity on First Login
critical 8 pts

As a As a user

I want I want my encryption key pair to be automatically generated and securely stored on my device the first time I log in with BankID, so that I can send and receive encrypted assignments without any manual cryptographic setup

So that So that the encryption system is available immediately after authentication without requiring technical knowledge from the user, while ensuring private keys never leave the device

Acceptance Criteria
  • Given the user completes BankID authentication for the first time, when the session is established, then an X25519 key pair is generated and the private key is stored in the device secure enclave without any user interaction required
  • Given key generation succeeds, when the public key is uploaded to Supabase, then the user's profile record is updated with the public key and is available for lookup by coordinators
  • Given the app is reinstalled and secure storage is cleared, when the user logs in with BankID again, then they are prompted to re-derive their key pair and the private key is restored to the secure enclave
  • +3 more
View Full Story →
Compose and Dispatch an Encrypted Assignment Containing Sensitive Personal Data to a Peer Mentor
critical 8 pts

As a As a Coordinator

I want I want to compose an assignment containing a contact's name, home address, medical summary, and mission details, and dispatch it encrypted directly to a selected peer mentor's device, so that the sensitive information never passes through the server in plaintext

So that So that I can securely communicate the information a peer mentor needs to carry out a support visit while meeting GDPR requirements and eliminating the insecure phone call and email workflows currently in use

Acceptance Criteria
  • Given the coordinator selects a peer mentor with a registered public key, when the Assignment Compose Screen loads, then the recipient's public key is silently fetched and ready for encryption
  • Given the coordinator fills in all required fields (contact name, address, medical summary, mission notes) and taps 'Send', when the payload is submitted, then the Encrypted Message Service encrypts it client-side before any network call is made
  • Given encryption succeeds, when the ciphertext is stored in Supabase, then querying the assignment record server-side returns only ciphertext — no plaintext fields are present
  • +4 more
View Full Story →