Skip to main content
Mutual Mesh's guest-demo feed: a 'Demo — sample data' banner over neighbourhood listings for canned goods, baby formula and winter coats, each tagged Available with an FSA-level location

Solo builder

Sky Halisky

Mutual Mesh

Privacy-first mutual-aid marketplace for food, baby supplies, hygiene and HRT. Invite-only, neighbourhood-level (never an address), built not to surveil.

Role
Solo builder
Year
2026

Tech

  • Expo
  • React Native
  • Supabase
  • TypeScript

Tags

  • community
  • mobile
  • privacy

The problem

Mutual aid networks exist in communities everywhere, but centralized platforms create a surveillance problem. A database of “what people need” is a database of vulnerability — one that can be breached, sold, or handed over to authorities. I wanted neighbours to help each other without the platform being able to see, profit from, or report what they were sharing.

The approach

Expo and React Native for the app layer, Supabase for auth, data, and Storage — locked down with Postgres Row Level Security that denies anonymous access on every table, so the marketplace is invite-only and verified-only. The platform deliberately collects the minimum: a chosen handle instead of a real name, a three-character postal prefix (a neighbourhood, never an address) in place of GPS, and a per-resource contact handle revealed only after someone claims an item. Photos are stripped of EXIF metadata on both client and server, and ‘delete my account’ is a true cascading hard-delete, not a soft-delete tombstone. A PRIVACY.md (opens in new tab) gate in the repository blocks every new feature from shipping until its privacy implications are documented. The constraint isn’t a policy document; it’s enforced by the codebase itself.

What shipped

A working proof of concept — thirteen screens, a web build, WCAG 2.2 AA accessibility, and a privacy data-model reviewed and approved before any code touched user data. The newest addition is a read-only guest demo: anyone can explore the marketplace on synthetic sample data, with zero network calls, so a curious visitor sees exactly how it works without an account and without ever touching a real person’s information.

Reflection

Trust is earned through constraints, not promises.

The most important architectural decision I made was designing the platform to collect as little as it possibly could — no real names, no addresses, no readable contact info until a claim, photo metadata stripped, deletions real — so that “we won’t misuse your data” is backed by how little there is to misuse. That’s a different thing from a promise.


— Sky Halisky · Okanagan Valley, British Columbia

A Brief Account

Inside the build

See it in motion.

  • Browse a neighbourhood’s offers — no real name, no address, just a chosen handle and an FSA.
  • Pickup is neighbourhood-level; a contact handle is revealed only after you claim.
  • Invite-only by design — the public demo runs on synthetic data with zero network calls.

More work

Continue reading.

Have something like this?
Write to me.

Send me an email