The Complex Patient

News and Articles

Privacy Policy

Effective Date: June 2026

Platform: The Complex Patient (Universal Expo App & WordPress Community Hub)

The Complex Patient platform consists of the WordPress website and a secure Universal Expo application built from the ground up on a Zero-Knowledge (ZK), Client-Side End-to-End Encrypted (E2EE) architecture.

  • The WordPress website has a Blog, Groups, and Forums
    • Information you post on Blog comments, Groups, and Forums is considered Public information, regardless of whether the Group or Forum is “Private” and the information is stored on our server in plaintext. Do not disclose Private health information in Public spaces.
  • We treat Personal Health Information (PHI) as a sovereign possession of the user and a structural liability to our servers.
  • Our secure application is architected so that we never possess the keys required to read, monetize, or disclose your health profiles.

Who we are

Our website address is: http://localhost:8881.

The Complex Patient is designed and maintained by Digital Defiance, a 501(c)(3) nonprofit organization at no cost and with no financial interest.

Privacy for the Secure Application

1. The Zero-Knowledge Cryptographic Blueprint

All data within the secure application classified as Protected Health Information (PHI)—including medication lists, dosages, compliance logs, symptom severities, flare triggers, and free-text personal notes—undergoes mathematical obfuscation before exiting the local client runtime.

1.1 Key Derivation Function (KDF)

The server never sees, handles, or stores the user’s Master Passphrase. Instead:

  • Algorithm: The client device utilizes PBKDF2 (or Argon2id) to derive a symmetric cryptographic key.
  • Salt: A cryptographically secure, pseudo-random salt is generated locally upon registration.
  • Key Generation: The KDF converts the passphrase and salt into a highly secure 256-bit Key Encryption Key (KEK).
  • Storage Perimeter: On native mobile (iOS/Android), the KEK is moved into the hardware-backed Secure Enclave or Keystore via expo-secure-store. On the web, the KEK lives strictly within volatile execution memory (RAM) and is fully expunged the moment the browser tab is closed.

1.2 Symmetric Encryption (AES-256-GCM)

The client application serializes local relational database records into structured JSON payloads. This text is encrypted using Advanced Encryption Standard in Galois/Counter Mode (AES-256-GCM).

  • Initialization Vector (IV): Every single write transaction generates a unique, cryptographically secure 12-byte random nonce (IV). This ensures that identical health entries logged at different times yield completely different ciphertext strings.
  • Authentication Tag: A 16-byte GCM authentication tag is generated with each encryption cycle. This allows the client app to instantly detect if an adversary or a compromised database server has tampered with the payload during storage or transit.

2. Server-Side Data Storage & Separation of Concerns

Our hosting infrastructure on InterServer runs a standard WordPress/MySQL stack. To eliminate data exposure risks within shared cloud environments, we enforce a strict separation between user identities and user health records.

[Plaintext Identity Data] -------> [Standard WordPress wp_users Table]
                                        (Readable by Server Admin)

[Encrypted Health Payload] ------> [Custom Blind wp_patient_blobs Table]
                                        (Scrambled Ciphertext Only)
  • The Blind Core Table: Encrypted payloads are pushed via an authenticated WordPress REST API endpoint to a custom table. The server maps incoming writes to the current wp_user_id but stores only the following unreadable primitives:
    • ciphertext (Opaque binary/base64 LONGBLOB string)
    • iv (Initialization Vector byte array)
    • auth_tag (Authentication Tag byte array)
  • Zero-Knowledge Visibility: Because the MySQL backend holds no keys, it operates purely as a blind file-hosting platform. If a server breach occurs, the malicious actor obtains nothing but un-decryptable, cryptographically useless strings of text.

3. Local Analytics & Processing Boundaries

Traditional medical software offloads processing and data modeling to external machine learning API arrays. The Complex Patient retains 100% of the computational burden within the user’s localized physical hardware.

  • On-Device Analytics: Chronological medication-to-symptom pattern analysis, lag-time mapping, and flare correlation engines execute entirely inside the client memory sandbox. No telemetry arrays or diagnostic parameters are transmitted to external computing nodes.
  • Native Document Generation: When compiling “Physician Reports,” the application translates the decrypted local state directly into a structured PDF document using native on-device rendering frameworks. The document is built locally in the device’s volatile sandbox memory and is never routed through a server-side print system.

4. Age Restriction & Compliance Guardrails

Because the app platform relies on unrecoverable, client-side encryption keys and handles deeply sensitive medical logs, strict operational boundaries are enforced.

  • Age Mandate (16+): Users must be at least 16 years of age to initialize a cryptographic vault on this platform. This constraint aligns with global compliance frameworks (including GDPR Article 8, California Consumer Privacy Act variations, and mobile app store distribution ecosystem policies) regarding the independent legal capacity to consent to digital data processing without parental proxy management.
  • Unrecoverable Data Clause: Because our system architecture is genuinely zero-knowledge, The Complex Patient administration holds no capacity to reset user vaults, retrieve forgotten master passphrases, or recover lost health data. If a user permanently loses their passphrase and their localized offline backups, the data is mathematically lost.

Privacy for the WordPress Community Hub

1. Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

2. Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

3. Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

4. Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

5. Who we share your data with

If you request a password reset, your IP address will be included in the reset email.

6. How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

7. What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

We can give you the encrypted blob of your secure application data, but cannot decrypt it for you or provide it in any meaningful format.

8. Where your data is sent

Visitor comments may be checked through an automated spam detection service. We do not otherwise send any data.