Demo only. Synthetic data. No login. No uploads. No sensitive records. Planning blueprint — no sensitive records connected
Pilot Architecture
A low-vendor, Google-centered pilot architecture for secure requirement-document workflows. This page is a planning artifact, not live sensitive records infrastructure.
Unlisted demo: noindex helps search engines ignore this page, but a direct link can still be opened. This is not private access control.
Minimal vendor stack
Keep each vendor in a disciplined lane.
The Friday demo connects to nothing. A future pilot would keep Google as the primary application foundation, Paubox as a notification and mailbox layer, and Stripe as a sensitive records-free payment rail.
Google Cloud / Google Workspace
- core app hosting
- identity
- document storage
- metadata database
- audit logging
- admin controls
Future production foundation only after BAA, covered-service, access-control, and operational gates.
Paubox
- generic secure notifications
- staff mailbox hardening
- not the primary record system
Notification layer only; real details stay inside the portal unless counsel-reviewed exceptions exist.
Stripe
- payments only
- generic billing labels
- no sensitive records in metadata, product names, descriptions, or receipts
Payment rail only, kept outside the health-information lane.
Counsel / security review
- HIPAA/FERPA model
- school agreements
- BAA review
- retention policy
- access control review
Human gates remain required before any real upload, storage, disclosure, or billing launch.
Future pilot architecture flow
Production-shaped, still gated.
This sequence is the intended control plane for a controlled pilot. It is shown as a static architecture model only; no Google, Paubox, Stripe, upload, or storage integration is active on this site.
AnchorGrey Records Portal
Authenticated future app shell for learners, reviewers, and program staff.
Identity Platform
Future user authentication and role assignment after legal and security gates.
Cloud Run API
Server-side validation, access checks, and audit-event creation.
Cloud SQL metadata
Cohorts, requirements, statuses, review state, billing references, and audit metadata.
Cloud Storage quarantine bucket
Future direct-to-storage signed upload destination before any review access.
Malware scan workflow
Server-side scan and disposition step before moving files into review storage.
Cloud Storage review bucket
Restricted reviewer lane for documents that pass the quarantine flow.
Reviewer queue
AnchorGrey document-review review workflow and next-step drafting.
Program dashboard status layer
Minimum-necessary status reporting by default, not raw sensitive document access.
Paubox generic notifications
Generic notices such as 'an update is available' without health details in email.
Stripe sensitive records-free payments
Generic payment objects only; no requirement details, lab details, or health context.
Why not Google Sites as the app core?
The app needs real application controls.
Google Sites may be useful for non-sensitive records pages, internal documentation, or a lightweight information layer. The actual portal needs authentication, object-level authorization, signed upload URLs, review queues, audit logs, status logic, and storage controls. Those are application concerns, so the future foundation should be a purpose-built Google Cloud app.
Cost-aware pilot posture
Pilot target: under $500/month before heavy usage or outside security review.
- Cloud Run min instances 0
- Identity Platform free tier for early monthly active users
- Small Cloud SQL instance for controlled pilot
- Cloud Storage lifecycle rules
- Default encryption first; CMEK later if required
- Paubox notification-only
- Stripe no monthly platform fee, sensitive records-free use only
Production gates
Real uploads wait for human and technical gates.
- Google BAA accepted
- HIPAA Included Functionality confirmed
- Google Cloud BAA and covered services confirmed
- Counsel reviews HIPAA/FERPA model
- School agreement and contract terms reviewed
- Consent or authorization flow reviewed
- Access matrix reviewed
- Audit logging enabled
- Malware scan flow enabled
- Retention rules configured
- Backup and restore tested
- Incident response plan reviewed
- No adtech or session replay in authenticated portal
Select a gate to preview how the pilot blueprint would track readiness.