Priv

Priv — The Private Biodata Company

A privacy-first biodata vault enabling individuals to store, control, and selectively share encrypted health & wellness data using their existing cloud accounts such as Google Drive or Apple iCloud — without any central database.

Abstract

Priv provides individuals with a secure, private, and interoperable place to store health and wellness data. Instead of relying on centralized databases or Web3 protocols, Priv leverages existing cloud storage (Google Drive, Apple iCloud, or similar) combined with client-side encryption. Users authenticate with their personal accounts (Google or Apple ID) and all files are encrypted before leaving their device. Selective sharing is supported through encrypted keys and cloud-native access permissions.

Problem Statement

  • Data silos: Health data is fragmented across providers (hospitals, wearables, labs) with poor interoperability.
  • Privacy & trust: Traditional apps store user data on centralized servers, creating risks of misuse or breaches.
  • Lack of user control: People often cannot easily revoke or manage access to specific portions of their health data.
  • Barriers to collaboration: Sharing health data with doctors or researchers securely and transparently remains difficult.

Solution Overview

Priv Vault is a client-centric application that empowers users with:

  • Authentication via familiar accounts (Google, Apple ID) — no new identity system required.
  • Client-side encryption of health files before storage on Google Drive or iCloud.
  • Fine-grained, revocable sharing by combining encrypted keys with cloud provider permissions.
  • Transparent access logs and notifications to track when and by whom data is accessed.

System Architecture

Components

  • Frontend (React/Next.js): Vault UI, local encryption, upload/sharing workflows.
  • Auth Layer: OAuth 2.0 / OpenID Connect flows for Google and Apple sign-in.
  • Storage Layer: Google Drive or Apple iCloud user-owned storage APIs.
  • No central backend database: Only minimal session state, no storage of user files or health data.

Data Model & Flows

Design principle: Never store unencrypted sensitive data off the user's device. Cloud storage only ever receives ciphertext.

Core Entities

  • Artifact: Encrypted file (medical report, wearable CSV, image) stored in the user's Drive/iCloud.
  • Artifact Metadata: Small JSON record (file ID, type, tags, encryption scheme) stored alongside the file in the user's cloud.
  • Permission Record: Maintained by the user via cloud file-sharing controls, combined with encryption key distribution.
  • Audit Entry: Users can view cloud provider logs (e.g., Google Drive activity feed) plus in-app logs for access and sharing actions.

Security, Privacy & Compliance

  • Client-side encryption: Data encrypted with strong algorithms (AES-GCM) before upload.
  • No central database: Priv never stores personal files or keys — everything stays with the user.
  • Access revocation: Users revoke access by changing cloud file permissions and rotating encryption keys.
  • Auditing: Cloud-native activity logs combined with local app logs for transparency.
  • Compliance: Aligns with GDPR/HIPAA principles through user control, encryption, and data minimization.

Roadmap & Implementation Plan

  1. MVP (0-3 months): Next.js app with Google/Apple auth, client-side encryption, Google Drive/iCloud upload, basic file sharing UX.
  2. Beta (3-6 months): Enhanced sharing (time-bound, purpose-specific), activity log UI, simple wearable data import.
  3. Production (6-12 months): Hardened crypto key management, advanced collaboration features for clinicians & researchers, regulatory audits.

Ethics, Governance & Legal Considerations

  • User consent & transparency: Clear consent flows and human-readable sharing descriptions.
  • Data minimization: Priv does not store or analyze user data centrally.
  • Regulatory compliance: Architecture is designed for GDPR/HIPAA alignment.
  • Governance: Oversight by external ethics & privacy boards as the platform evolves.