Support

Purpose: Make the app feel calm, friendly, and professional so people trust it and use it consistently.

Scope includes:

• Visual consistency pass: spacing, typography, buttons, icons, layout
• Onboarding clarity and copy refinement
• Loading, error, and empty states that explain what is happening
• Accessibility basics: tap targets, contrast checks, readable sizing
• Cross device QA and small bug fixes that impact user confidence

Purpose: Validate that the app stays understandable and reliable for real people, including in stressful or low bandwidth moments.

Scope includes:

• Test plan and scripts, then 6 to 10 usability sessions
• Identify friction points and confusing language
• Accessibility and clarity review of key flows
• Reliability review of missed check in and alert edge cases
• Written findings with a prioritized fix list

Purpose: Enable organizations to participate in community care through a secure portal and be discoverable as support options.

Scope includes:

• Organization signup intake and basic profile management
• Admin review and approval workflow
• Public directory page with simple search or filtering
• Access control and permission boundaries
• Copy review to ensure clarity and consent alignment

Purpose: Reduce real security risk by validating data flow, permissions, and alert surfaces with a thorough internal review.

Scope delivered:

• Threat modeling and review of sensitive workflows
• Real session tokens across both portals (replacing a legacy scheme)
• Two-factor authentication rolled out on all admin and organization accounts
• Modern password protection with per-user salting
• Automated defenses against brute force and abuse
• Auth and permission checks reviewed across all endpoints and roles
• Auditable log of every alert sent by the service

An independent third-party audit is a separate future goal; see below.

Purpose: Improve confidence that alerts fire when they should and failure states are visible rather than silent.

Scope delivered:

• Continuous uptime monitoring across both workers
• Dead-man's-switch alerting on the safety-critical escalation cron
• Retry and self-healing logic when app and server fall out of sync
• Logging improvements so every alert-delivery attempt is diagnosable
• Fail-safe defaults so edge cases do not block legitimate users
• Pre-launch load test completed with 100% success

Purpose: Identify the most important ways the system could fail and reduce harm by addressing those risks early.

Scope delivered:

• Review of missed-check-in logic and escalation assumptions
• Edge cases: phone dead, SMS delays, notification permission issues
• Auto-wipe recovery flow so users do not land in a broken state
• Account-recovery path for app-to-server sync drift
• Wiped-seat indicator so organizations know to send a new invite

Purpose: Make our written policies match the system's real behavior, for both end users and the organizations we serve.

Scope delivered:

• Privacy policy expanded with CCPA and GDPR disclosures, retention schedule, and sub-processor list
• Terms of use expanded with governing law, eligibility, and subscription handling
• SMS consent policy refreshed with toll-free registration detail
• New law enforcement request policy covering subpoena posture and at-risk users
• New data processing addendum for organizations using the portal

Formal attorney review is the next step; see below.