morethanadiagnosis-hub/openspec/specs/data-model.md

Data Model v1 (Consolidated Schema)

Status: approved Owners: Architecture, Data, Compliance Last updated: 2025-11-18 Related proposal: openspec/changes/2025-11-17-data-model-v1/proposal.md

Core Entities

User & Identity

• User: id, email (PII), password_hash, created_at, updated_at, deleted_at
• Profile: id, user_id (FK), display_name, pseudonym, pronouns, avatar_url, bio, health_journey (PHI), consent_flags, created_at, updated_at
• Role: id, name (member, moderator, admin), permissions
• UserRole: id, user_id (FK), role_id (FK)
• Consent: id, user_id (FK), consent_type, granted, granted_at, revoked_at

Forum Domain

• ForumCategory: id, name, description, order, created_at
• ForumThread: id, category_id (FK), author_id (FK User), title, pinned, locked, created_at, updated_at
• ForumPost: id, thread_id (FK), author_id (FK User), parent_post_id (FK), content (may contain PHI), deleted_at, created_at, updated_at
• ForumReaction: id, post_id (FK), user_id (FK), emoji_code, created_at
• ForumReport: id, post_id (FK), reporter_id (FK User), reason, status, moderator_notes, resolved_at, created_at

Content Domain

• BlogPost: id, author_id (FK User), title, slug, content, published_at, created_at, updated_at
• Resource: id, title, slug, content, access_tier (public/members), tags, created_at, updated_at

Media & Tributes

• PodcastEpisode: id, title, description, audio_url, duration, published_at, created_at
• TributeEntry: id, author_id (FK User), subject_name, memorial_text (may contain PHI), published, created_at, updated_at

Commerce

• MerchProduct: id, name, description, price, stock_count, created_at, updated_at
• Order: id, user_id (FK), total, status, shipping_address (PII), created_at, updated_at

Data Classification

• Public: ForumCategory, PodcastEpisode, Resource (public tier), MerchProduct, BlogPost (published)
• PII: User.email, Profile.display_name, Order.shipping_address, Profile.avatar_url
• PHI: Profile.health_journey, ForumPost.content (context-dependent), TributeEntry.memorial_text (context-dependent)

Relationships & Constraints

• User → Profile (1:1, cascade delete)
• User → ForumPost (1:N, soft-delete user → anonymize posts)
• User → ForumThread (1:N)
• ForumCategory → ForumThread (1:N)
• ForumThread → ForumPost (1:N, cascade delete)
• ForumPost → ForumReaction (1:N, cascade delete)
• ForumPost → ForumReport (1:N)
• User → BlogPost (1:N)
• User → TributeEntry (1:N)
• User → Order (1:N)

Indexing Strategy

• User: email (unique), created_at
• Profile: user_id (unique FK)
• ForumThread: category_id, author_id, created_at
• ForumPost: thread_id, author_id, created_at
• BlogPost: slug (unique), author_id, published_at
• Resource: slug (unique), access_tier, tags (GIN/array)
• Order: user_id, created_at

Retention & Soft-Delete

• User: soft-delete (90-day window); anonymize posts on hard-delete
• ForumPost: soft-delete (90-day window); replace author with "[deleted]" on user delete
• BlogPost, TributeEntry: indefinite retention unless user requests DSR delete
• Order: 7-year retention (tax compliance), then hard-delete

Migrations

• Versioned migrations (Alembic, Flyway, or similar)
• Idempotent scripts for rollback safety
• Seed data: initial categories, default consents, sample resources

Security & Compliance

• Encryption at rest: PII/PHI fields encrypted at database or app level
• Access controls: RBAC at API layer; RLS for multi-tenancy if needed
• Audit logging: all PHI/PII mutations logged (excluding content)
• DSR support: export and delete operations mapped to all entities