Demo only. Synthetic data. No login. No uploads. No sensitive records. Planning artifact — no sensitive records connected
Security & Storage Architecture
A planning view for the future production boundary. The Friday demo uses synthetic data only and does not connect to Google storage, authentication, uploads, or sensitive records workflows.
Unlisted demo: noindex helps search engines ignore this page, but a direct link can still be opened. This is not private access control.
Friday demo posture
- Synthetic data only
- No login
- No upload
- No Google storage connection
- No sensitive records
- No production claims
Future Google storage posture
Production sensitive records may only be used after appropriate legal, security, vendor, and operational gates. A Google BAA must be in place before sensitive records is used in covered Google services, and only HIPAA Included Functionality should be used.
Third-party apps and add-ons are not automatically covered by a Google BAA. Admin configuration, access controls, audit logging, retention, and least privilege remain operational responsibilities.
Minimum necessary reporting
Student submits a document to a AnchorGrey-controlled workflow, AnchorGrey reviews or routes appropriately, and the program sees status only by default.
Raw document visibility would require legal basis, consent or authorization, and role permission.
Future candidate architecture
Production flow under review.
AnchorGrey Records Portal
Authenticated program and learner experience in a future build.
Identity layer
Cloud Identity, Identity Platform, or appropriate OIDC/SAML provider.
API/backend
Server-side access control, validation, and audit event creation.
Metadata database
Cloud SQL or Firestore depending on final architecture.
Encrypted object storage
Cloud Storage with signed upload URLs, malware scanning, and retention rules if adopted.
Audit logs and status layer
Cloud Logging/Audit Logs, IAM least privilege, optional KMS keys, and status-only program dashboard.
Production gates before real sensitive records
Nothing on this page is configured for production sensitive records today.
- Signed Google BAA
- HIPAA Included Functionality confirmed
- Legal review of HIPAA/FERPA model
- Consent or authorization workflow reviewed
- Access-control matrix reviewed
- Retention policy reviewed
- Audit logging enabled
- Backup and restore tested
- Incident response plan reviewed
- Vendor inventory completed
- Security testing completed
- No ad or session-replay analytics on authenticated sensitive records pages
Select a gate to preview how production readiness would be tracked.