The problem
Mutual aid networks exist in communities everywhere, but centralized platforms create a surveillance problem. A database of "what people need" is a database of vulnerability — one that can be breached, sold, or handed over to authorities. I wanted neighbours to help each other without the platform being able to see, profit from, or report what they were sharing.
The approach
Expo and React Native for the app layer, Supabase for auth and real-time matching — but with encryption and Row Level Security configured so the platform is blind to request content. Even I can't read what users are asking for. A `PRIVACY.md` gate in the repository blocks every new feature from shipping until its privacy implications are documented. The constraint isn't a policy document; it's enforced by the codebase itself.
What shipped
A proof of concept running in 2 pilot neighbourhoods. End-to-end encrypted requests and offers, real-time matching without a central content database, and a privacy gate that's already been used to block three features that would have introduced tracking. People shared asks they wouldn't have posted anywhere else — because they knew the platform couldn't surveil them.
Reflection
Trust is earned through constraints, not promises. The most important architectural decision I made was building a platform that cannot surveil its users — not one that promises it won't. That's a different thing entirely.
