This is a high-level description intended for partners and candidates. Details are shared later in the process.

1) Store

Users upload or connect sensitive data into a secure vault.

2) Share

Users create a time-bound share for a specific recipient and scope.

3) Request

An external entity requests data (e.g., AI chatbot or physician portal user).

4) Enforce

Every request is evaluated at request time; expired/revoked shares are denied.

5) Minimize

Return only the minimum allowed subset; remove personal identifiers by default.

6) Audit

Record allow/deny outcomes in a human-readable access history.