Confidentiality Declaration
Data Entity
Description
Records digital confidentiality declarations signed by peer mentors acting as drivers, confirming they will not disclose personal information about the contacts they transport. Required for driver honorarium reimbursement in organizations like Blindeforbundet.
Data Structure
| Name | Type | Description | Constraints |
|---|---|---|---|
id |
uuid |
Primary key | PKrequiredunique |
user_id |
uuid |
FK to users — the peer mentor who signed the declaration | required |
organization_id |
uuid |
FK to organizations — tenant scope | required |
declaration_type |
enum |
Type of confidentiality obligation being declared | required |
signed_at |
datetime |
Timestamp when the user confirmed/signed the declaration | required |
valid_from |
datetime |
Start date of the declaration's validity period | required |
valid_until |
datetime |
End date of the declaration's validity; null means open-ended | - |
status |
enum |
Lifecycle status of the declaration | required |
declaration_text_snapshot |
text |
Verbatim text of the declaration at the time of signing, for audit integrity | required |
declaration_version |
string |
Version identifier of the declaration template used (e.g. '2024-v1') | required |
expense_id |
uuid |
Optional FK to expenses — links declaration to a specific driver expense claim | - |
ip_address |
string |
IP address of device at time of signing, for audit trail | - |
device_info |
json |
Device platform and app version at signing time | - |
revocation_reason |
text |
Reason for revocation, populated when status is set to revoked | - |
revoked_by |
uuid |
FK to users — admin who revoked the declaration | - |
created_at |
datetime |
Record creation timestamp | required |
updated_at |
datetime |
Record last-updated timestamp | required |
Database Indexes
idx_confidentiality_declarations_user_id
Columns: user_id
idx_confidentiality_declarations_org_id
Columns: organization_id
idx_confidentiality_declarations_user_org_status
Columns: user_id, organization_id, status
idx_confidentiality_declarations_expense_id
Columns: expense_id
idx_confidentiality_declarations_signed_at
Columns: signed_at
idx_confidentiality_declarations_status_valid_until
Columns: status, valid_until
Validation Rules
signed_at_not_future
error
Validation failed
valid_from_not_after_valid_until
error
Validation failed
user_must_belong_to_org
error
Validation failed
declaration_version_format
error
Validation failed
declaration_text_non_empty
error
Validation failed
expense_id_references_valid_expense
error
Validation failed
Business Rules
active_declaration_required_for_driver_expense
A peer mentor must have an active confidentiality declaration of type 'driver_honorarium' before a driver expense claim can be submitted or approved
one_active_declaration_per_type_per_user
A user may have at most one active declaration per declaration_type within an organization; creating a new one automatically supersedes the previous
declaration_text_immutable_after_signing
The declaration_text_snapshot field cannot be modified after the record is created; it is a legal record of what the user agreed to
revocation_requires_reason
Status cannot be set to 'revoked' without populating revocation_reason and revoked_by
expired_declarations_block_new_driver_expenses
When valid_until is passed and status transitions to 'expired', any pending driver expense claims for the user must be flagged for manual review
org_tenant_isolation
Declarations are strictly scoped to organization_id; queries must always filter by the authenticated user's organization