For anyone curious about the technical implementation:
The full stack is:
- PWA (Progressive Web App) with offline-first Service Worker caching
- IndexedDB for local, persistent, structured storage
- Web Crypto API (AES-GCM encryption, PBKDF2 key derivation) for optional local encryption
- Service Worker for offline routing and asset caching
- Local-first storage by default, no required account, no server-side health database
- Optional export (JSON/PDF) so data is portable and not locked in
The key design decision: every feature was evaluated against the question "what happens when this fails at 2am while the user is in a flare?" If the failure punished the user, the design changed.
Open source at github.com/CrisisCore-Systems