Encrypted Task Assignment to Peer Mentors
Feature Detail
Description
This feature enables coordinators at Blindeforbundet to send sensitive personal information — including names, addresses, and medical summaries (epikrise) — to peer mentors in encrypted form, with delivery confirmation and read receipts. The assignment detail widget renders encrypted content only after the recipient has authenticated, and the coordinator has a real-time status overview of all open assignments showing whether each has been delivered and read. An automatic 10-day reminder is triggered if the peer mentor has not acknowledged contact after receiving the assignment. This feature handles the most privacy-sensitive workflows in the entire application.
Analysis
The ability to securely transmit sensitive personal data to peer mentors is legally required under GDPR and is operationally critical for Blindeforbundet, where peer mentors routinely receive home visit assignments containing medical information. The current process relies on phone calls or insecure messaging, creating both compliance risk and information quality issues. A cryptographically secure delivery mechanism with read receipts gives coordinators audit-trail evidence of information delivery, which is important for both internal accountability and potential regulatory review. The 10-day auto-reminder reduces the risk of assignments falling through the cracks, directly improving the quality and timeliness of peer support services.
End-to-end encryption is implemented using asymmetric key pairs generated per user during onboarding and stored securely in device secure storage (Flutter Secure Storage). Assignment content is encrypted with the recipient's public key before being stored in Supabase, ensuring the server never holds plaintext sensitive data. Delivery confirmation is triggered when the encrypted payload is successfully downloaded to the recipient's device; read receipt is triggered when the content is decrypted and rendered. The assignment detail widget checks authentication state before decrypting content. The 10-day reminder is implemented as a Supabase scheduled Edge Function that checks assignment_dispatches for unacknowledged records and triggers push notifications via the push notification gateway. All encryption operations must be performed off the main thread using Flutter Isolates to maintain UI responsiveness.
Dependencies
Definition of Done
User Stories (8)
As a As a Coordinator
I want I want to open any individual assignment from the status overview and view its complete delivery history — including dispatch timestamp, payload delivery timestamp, and read receipt timestamp — so that I have a documented audit trail for each sensitive data transmission
So that So that I can provide evidence of information delivery for internal accountability checks and any regulatory review, and respond confidently when a peer mentor claims they did not receive an assignment
- Given the coordinator opens an assignment detail view, when the screen loads, then dispatch timestamp, delivery confirmation timestamp (or Pending), and read receipt timestamp (or Pending) are all displayed
- Given delivery confirmation has been recorded, when the coordinator views the detail, then the exact device-side delivery timestamp is shown alongside the assignment recipient name
- Given no delivery has been recorded, when the coordinator views the detail, then a Pending indicator is shown with the number of hours or days elapsed since dispatch
- +2 more
As a As a Global Administrator
I want I want to view a platform health dashboard showing the status of encryption infrastructure, including the percentage of active users who have registered public keys, any failed key registration events, and the operational status of the Supabase Edge Functions handling scheduled reminders
So that So that I can proactively identify users or organizations where encryption key provisioning has failed — preventing coordinators from being blocked from sending assignments — and ensure the reminder Edge Function is running reliably
- Given the global administrator opens the encryption health section of the admin portal, when the view loads, then per-organization metrics are shown: total active users, users with registered public keys, and users missing key registration
- Given a user completed onboarding but key registration failed, when the admin views the health dashboard, then that user is listed in a failed-registration queue with their organization and onboarding timestamp
- Given the admin identifies a user with a missing key, when they trigger a re-provisioning notification, then the user receives an in-app prompt to re-authenticate and regenerate their key pair
- +2 more
As a As a Coordinator
I want I want to view a live status dashboard showing every open assignment with its current delivery and read state, so I can immediately see which peer mentors have received and read their assignments without having to follow up individually
So that So that I can prioritise my follow-up effort, quickly identify mentors who have not yet acknowledged contact, and maintain accountability over sensitive assignment delivery
- Given the coordinator opens the Assignment Status Overview Screen, when the screen loads, then all open assignments are listed with their current status: Dispatched, Delivered, or Read
- Given the peer mentor downloads the encrypted payload to their device, when the Delivery Confirmation Service emits a delivery event, then the assignment row updates to Delivered status within 5 seconds without requiring a page refresh
- Given the peer mentor decrypts and views the assignment content, when the read receipt event fires, then the assignment row updates to Read status in real time
- +2 more
As a As a Coordinator
I want I want the system to automatically send a push notification reminder to the peer mentor if they have not acknowledged contact within 10 days of receiving an assignment, and for me to see those assignments prominently flagged in my status overview
So that So that assignments do not fall through the cracks, peer mentors are prompted to act without requiring manual coordinator follow-up for every case, and the quality and timeliness of peer support services is maintained
- Given an assignment has been dispatched and no read receipt has been recorded after 10 days, when the daily Edge Function cron job runs, then a push notification reminder is sent to the assigned peer mentor
- Given the push notification is dispatched, when the coordinator opens the Assignment Status Overview Screen, then the affected assignment is marked as Overdue with the number of days since dispatch visible
- Given the Edge Function runs and no assignments qualify as overdue, when the job completes, then no spurious notifications are sent and no state changes occur
- +2 more
As a As a Global Administrator
I want I want to access platform-wide audit logs of encrypted assignment dispatch, delivery, and read receipt events across all member organizations, so that I can verify GDPR-compliant handling of sensitive personal data and respond to regulatory inquiries
So that So that I can demonstrate to regulators and auditors that sensitive personal data transmitted to peer mentors is handled with documented access controls, delivery evidence, and no server-side plaintext exposure
- Given the global administrator opens the audit log view in the admin portal, when the view loads, then assignment dispatch events from all organizations are listed with dispatch, delivery, and read timestamps alongside organization and coordinator identifiers
- Given the admin filters by organization, when the filter is applied, then only events from that organization are shown without affecting other organizations' data
- Given an assignment record is displayed, when the admin inspects it, then no plaintext sensitive content (names, addresses, medical summaries) is ever shown — only system identifiers, timestamps, and event types
- +2 more
As a As a Coordinator
I want I want to compose an assignment containing sensitive personal information — including the contact's name, address, and medical summary (epikrise) — and dispatch it to a specific peer mentor in encrypted form
So that So that sensitive data is transmitted securely in compliance with GDPR, the peer mentor receives all necessary information to carry out a home visit, and I have audit-trail confirmation of dispatch
- Given a coordinator has opened the Task Assignment Screen, when they fill in contact name, address, and medical summary and select a peer mentor, then the form validates all required fields before enabling dispatch
- Given the coordinator taps Dispatch, when the Task Encryption Service encrypts the payload using the peer mentor's public key, then the ciphertext is stored in Supabase and no plaintext sensitive data is persisted server-side
- Given encryption completes successfully, when the assignment is saved, then the coordinator sees a confirmation screen with the assignment ID and expected delivery status
- +2 more
As a As a user
I want I want the system to automatically generate an asymmetric encryption key pair for my account during initial onboarding, store my private key securely in the device secure enclave, and register my public key in Supabase — without requiring any manual action from me
So that So that I am ready to send and receive encrypted assignments from the moment I complete onboarding, and my private key never leaves my device, ensuring the server cannot access plaintext sensitive data
- Given a new user completes BankID or Vipps authentication during onboarding, when the onboarding flow completes, then an asymmetric key pair has been generated and the public key is registered in Supabase without any user action required
- Given the private key is generated, when it is stored, then it is persisted exclusively in Flutter Secure Storage and is never included in any network request or backup
- Given the public key registration completes, when a coordinator attempts to send an encrypted assignment to this user, then the public key is retrievable by the Task Encryption Service for payload encryption
- +2 more
As a As a user
I want I want the system to automatically generate an asymmetric encryption key pair for my account during initial onboarding, store my private key securely in the device secure enclave, and register my public key in Supabase — without requiring any manual action from me
So that So that I am ready to send and receive encrypted assignments from the moment I complete onboarding, and my private key never leaves my device, ensuring the server cannot access plaintext sensitive data
- Given a new user completes BankID or Vipps authentication during onboarding, when the onboarding flow completes, then an asymmetric key pair has been generated and the public key is registered in Supabase without any user action required
- Given the private key is generated, when it is stored, then it is persisted exclusively in Flutter Secure Storage and is never included in any network request or backup
- Given the public key registration completes, when a coordinator attempts to send an encrypted assignment to this user, then the public key is retrievable by the Task Encryption Service for payload encryption
- +2 more