Avelia

Appearance

Avelia: The Strategic Road to V1

Product Vision: The private sanctuary for the family journey. PM Strategy: Use the high-friction, high-intent IVF/Assisted Stage as our entry wedge to prove the privacy model before expanding to the mass-market.

1. Phase 1: Clinical MVP (The "IVF Sanctuary")

Objective: Proving the Zero-Knowledge architecture while solving the "IVF Management" pain point. Target Metric: 15% WoW growth in the IVF sub-community.

A. UI/UX Strategy: "Calm & Clinical"

  • The Onboarding Narrative: UX must explain E2EE without jargon. "Your keys, your data, not even we can see it."
  • The Color Anchor (#e6194c): Used for "Action & Urgency" (e.g., Medication Reminders). Backgrounds are soft #fafafc to reduce anxiety.
  • The Protocol Timeline: A horizontal, interactive timeline of the IVF cycle (Stimulation → Retrieval → Transfer).
  • First Visuals: 3D "Glass-morphism" icons for medication types (Injections, Pills, Scans).

B. Feature Specs

  • Argon2id Auth: Identity decoupled from data. Server sees an email and a salt; Client derives the Master Encryption Key (MEK).
  • Medication Vault (E2EE): Schedule hormone injections. Support for dose-specific logging and "Done" state.
  • Local-Only Notifications: Medication reminders that never touch the cloud (to preserve privacy).
  • Doctor Export v1: Locally generated, password-protected PDF of symptom/medication logs for clinic reviews.
  • Payment & Identity — three paths:
    • Standard (default): in-app signup + Apple IAP / Google Play Billing using appAccountToken/obfuscatedAccountId — Avelia never sees the Apple ID or Google account.
    • Anonymous (paid code): in-app redemption of a code obtained from a clinic, midwife, or gift giver. No email. Account-number login.
    • Avelia Fund (free code): same redemption flow; code issued free by partner NGOs to at-risk users.
    • Full spec: avelia-payment-identity.md
  • Avelia Fund launch partners (Phase 1): Hilfetelefon, Pro Familia, bff, Frauenhauskoordinierung (Germany).
  • Clinical launch partners: 3-5 fertility clinics + midwifery practices in Berlin, Hamburg, Leipzig.

C. Engineering Milestones (Sprints 1-4)

  1. Identity Layer: NestJS + Prisma + PostgreSQL (User/Device/Auth). Four-database separation: auth_db, entitlement_db, payment_db, data_db.
  2. Storage Layer: Flutter + Drift (SQLite). Implementation of the CryptoService (AES-256-GCM).
  3. Sync v1 (The Blob): Client encrypts the entire SQLite state into a JSON blob and uploads it to the backend. No server-side relational data.
  4. Security Audit v1: Internal "Red Team" testing of the MEK derivation and local storage security.
  5. IAP Integration: Apple StoreKit 2 + Google Play Billing v4+, with appAccountToken/obfuscatedAccountId. Receipt verification via Apple App Store Server API and Google Play Developer API.
  6. Code System: Mint/redeem/revoke endpoints. CLI script for partner batch generation. code_db schema. 3-year expiration default (German BGB §195).
  7. Partner MOU + onboarding: legal template, first 3-5 clinical partners signed, first 2-3 Fund NGO partners signed.

2. Phase 2: Shared Beta (The "Together" Experience)

Objective: Solving the "Partner Inclusion" gap and expanding to Pregnancy. Target Metric: 60% of entries in "Shared" status (validating the partnership value).

A. UI/UX Strategy: "The Shared Space"

  • The Toggle UI: A persistent, high-visibility "Private | Shared" toggle on every log entry.
  • Visual Distinction: Use avatars and color-coding in the "Us" Feed to show who logged what.
  • Asymmetric Sharing: Implementation of the "Share" button which triggers the E2EE key exchange.

B. Feature Specs

  • The "Us" Feed: A chronological, shared diary of the pregnancy journey.
  • Partner Linking: Invite codes via encrypted deep-links.
  • Social Recovery (Partner Shard): The partner’s device holds an encrypted shard of the user’s MEK. This solves the "Lost Password" problem without a centralized back-door.
  • Pregnancy Stage (W1-W40): Weekly fetal development milestones and a "Birth Plan" builder.
  • Safe Mode (Plausible Deniability):
    • On-device: Alternate PIN/fingerprint opens the app with plausible substitute data (regular cycles, neutral entries). Indistinguishable from normal use. Real data stays encrypted and inaccessible.
    • Shared sync: When Safe Mode is active, linked partners see only the safe profile — synced in real time, no trace of a second profile. User chooses per contact who sees real data vs. safe profile. Real sync and safe sync are cryptographically separated.
    • Why: Protects users from abusive partners who demand phone access or forced account linking, and from regimes that criminalise reproductive health tracking.

C. Engineering Milestones (Sprints 5-8)

  1. Key Exchange Service: RSA/ECC key pair generation on-device. Public keys stored on backend.
  2. RecipientKey Logic: Re-encrypting entryKeys for the partner’s public key whenever a "Share" toggle is flipped.
  3. Safe Mode Crypto: Dual-profile key derivation — safe profile MEK derived separately, cryptographically unlinkable to real MEK. Per-contact visibility flags enforced at the encryption layer.
  4. WebSocket Sync: Real-time updates so the partner’s feed refreshes instantly when the other logs a "Shared" moment.
  5. Beta Launch: 50-couple closed beta via TestFlight.

3. Phase 3: V1 Stable (The "Sovereign Platform")

Objective: Monetization launch and transition to long-term parenting. Target Metric: 5% conversion from Free to Light or Premium (Paid).

A. UI/UX Strategy: "The Marketplace & Insights"

  • The Growth View: Elegant charts for baby sleep/feeding.
  • The Expert UI: Professional profiles for Sleep Coaches and Lactation Consultants.

B. Feature Specs

  • Expert Marketplace: Booking + In-app chat + Secure Log Sharing (temporary read-only key for the expert).
  • Parenting Stages (1-7): Full content library for "First Year" and "Growing Up."
  • Three-Tier Subscription Model:
    • Free (0€): NFP & cycle tracking, Considering & Trying stages, private journal, guides, data export. On-device only, no account needed.
    • Light (2,99€/mo · 26,99€/yr): Everything in Free, plus symptom logging & charts, E2E encrypted cloud sync, 2 GB cloud storage.
    • Premium (8,99€/mo · 79,99€/yr): Everything in Light, plus all 7 life stages, partner linking & shared timeline, cross-device access, 5 GB cloud storage, priority support.
  • Storage Add-ons: +25 GB (2,99€/mo), +100 GB (6,99€/mo). Bring-your-own-storage free with Premium.

C. Engineering Milestones (Sprints 9-12)

  1. Partner Portal: full-featured web dashboard at partners.avelia-health.com for clinics, midwives, and NGOs to manage code batches. Multi-language (EN/DE at launch). Built on Astro SSR, shares code_db with main backend. See avelia-payment-identity.md §7.
  2. Gift Code Web Flow: avelia-health.com/gift for consumer purchases of Premium codes (Stripe, not in-app). Recipient redeems in-app like any other code.
  3. Advanced Privacy Analytics: Local-only ML (TensorFlow Lite) to generate insights from logs without sending data to the cloud.
  4. App Store Launch: Global release on iOS and Android.
  5. Avelia Fund Expansion: onboard 10-15 additional partners globally (UK, US, Australia, France, Italy, Spain, Netherlands). First annual transparency report published.

4. Operational Guardrails

PillarMandate
PrivacyNo 3rd-party SDKs (Firebase/Analytics) allowed. Only first-party or open-source.
IntegrityEvery entry must have a cryptographic signature to prevent tampering.
UXNo more than 3 taps to log any standard event.
Reliability99.9% uptime for the Blob Sync service (AWS/GCP regional redundancy).

Private by design.