Progressive Digital Consent

Processing sensitive health and personal data without explicit documented consent creates GDPR enforcement risk for all organizations using the encrypted assignment feature. Progressive digital consent replaces fragile paper-based collection with a verifiable, time-stamped digital record, reducing legal exposure and making compliance audits straightforward. The progressive model - presenting consent gates only when contextually relevant - reduces cognitive burden and increases valid consent rates compared to front-loading all consent at onboarding. The manual fallback preserves operational continuity for contacts who prefer paper, aligning with the platform's principle of incremental digitization and supporting parallel system operation during the rollout period.

Consent records are stored in assignment_consents with consent_type, version, granted_at, granted_by, and revoked_at columns. The mobile app checks the consent gate before rendering any assignment detail containing sensitive fields; if consent is absent a full-screen consent flow is presented before the content is decrypted and displayed. Consent template versions are managed server-side in organization_settings; when an org updates a template the API flags affected sessions and the app prompts re-consent on next access. A coordinator-only override marks consent as paper-collected with a mandatory audit note. GDPR-compliant withdrawal sets revoked_at and immediately hides associated sensitive data from the peer mentor's view until re-consent is granted.