Encrypted Assignment Dispatch
Feature Detail
Description
Encrypted Assignment Dispatch enables coordinators to send sensitive personal information - such as names, addresses, and medical summaries - to peer mentors through an end-to-end encrypted channel within the Meander platform. Each assignment is delivered to the peer mentor's inbox with delivery confirmation and read receipt tracking, giving coordinators full visibility into whether the information has been received and opened. The feature also supports automatic reminders when a peer mentor has not made contact within a configurable threshold (default 10 days), ensuring no assignment falls through the cracks. The assignment detail screen presents the sensitive content only after the peer mentor explicitly acknowledges receipt, creating an audit trail for compliance purposes. Coordinators can view a status overview of all open assignments, filtering by mentor, status, and age. The encryption model must ensure that sensitive data is never stored in plaintext - neither in the database nor in transit - and that decryption keys are scoped per recipient so that platform operators cannot read assignment content.
Analysis
This feature directly addresses a critical operational need identified by Norges Blindeforbund: the secure dispatch of sensitive personal data (including medical summaries and home addresses) to peer mentors in the field. Without this capability, organizations resort to unencrypted email or verbal handoffs, creating GDPR exposure and audit risk. By providing a purpose-built encrypted channel with read receipts and automatic reminders, the platform reduces compliance overhead and gives coordinators confidence that assignments are acted on promptly. From a business value perspective, the feature also strengthens the platform's competitive positioning for health-adjacent volunteer organizations, where data protection requirements are non-negotiable. The read receipt and status tracking capabilities reduce coordinator follow-up calls, freeing staff time for higher-value activities. Delivery confirmation also provides an evidentiary record for any disputes about whether a peer mentor received an assignment, reducing organizational liability.
Encryption should use asymmetric cryptography: each peer mentor has a keypair, with the public key stored on the server and the private key stored only in the device's secure enclave (iOS Secure Enclave / Android Keystore). Assignment content is encrypted with the recipient's public key before storage; the server never holds the plaintext or the private key. On the Flutter side, use the platform secure store via flutter_secure_storage, and invoke native crypto APIs for key generation and decryption. The assignments and assignment_reads tables track delivery and read state. Push notifications trigger on new assignment dispatch without including any sensitive content in the notification payload - only an assignment ID that the app uses to fetch and decrypt locally. The automatic reminder logic runs server-side as a scheduled job checking assignments older than the configured threshold with no read record. All encryption operations must be covered by integration tests with known key fixtures; UI must block screenshots on the assignment detail screen on both iOS and Android.
Components (47)
Shared Components
These components are reused across multiple features
User Interface (9)
Service Layer (15)
Data Layer (8)
Infrastructure (7)
User Stories
No user stories have been generated for this feature yet.