Thread

CrisisCore-Systems

Building privacy first health tools that fail safely when users are already under pressure.

May 12

I just published a piece on why health apps should not put sensitive user data in the cloud by default.

The argument is simple: chronic pain users are often interacting with software while exhausted, foggy, stressed, or trying to preserve records for doctors, insurers, or claims. That changes the architecture.

For PainTracker, I chose a local first PWA model using IndexedDB, browser storage, and offline first behavior because the failure mode matters.

A health app is not trustworthy because the happy path works.

It is trustworthy when failure does not make a vulnerable user more vulnerable.

Full piece here: blog.paintracker.ca/stop-putting-health-data-in-t…

Would love feedback from anyone building PWAs, health tools, local first apps, or privacy respecting software.

#show-and-tell #pwa #privacy

Responses(1)

For anyone curious about the technical implementation:

The full stack is:

PWA (Progressive Web App) with offline-first Service Worker caching
IndexedDB for local, persistent, structured storage
Web Crypto API (AES-GCM encryption, PBKDF2 key derivation) for optional local encryption
Service Worker for offline routing and asset caching
Local-first storage by default, no required account, no server-side health database
Optional export (JSON/PDF) so data is portable and not locked in

The key design decision: every feature was evaluated against the question "what happens when this fails at 2am while the user is in a flare?" If the failure punished the user, the design changed.

Open source at github.com/CrisisCore-Systems

Search Hashnode

I just published a piece on why health apps should not put sensitive user data in the cloud by default.

Responses(1)