Rilev Logo
Rilev technical docs

Rilev Docs

A clear technical overview of the Rilev platform: the app surfaces, API families, anonymity model, zero-knowledge architecture, and the boundaries we preserve when building integrations.

Explore API surfaceZero-KnowledgeAnonymity
Platform snapshot
Product
Individual, Pro, Enterprise
Architecture
Split identity/data planes
API style
Server-side application handlers
Privacy core
Anonymous capability access

Overview

Rilev is a psychological assessment platform with three product surfaces: an anonymous individual app, a professional workflow layer, and an enterprise aggregation platform. The technology underneath is shared, but the trust model is intentionally different for each audience.

The individual platform is designed around a strict separation between account identity and assessment data. Professional and enterprise systems add operational layers on top of that model without weakening the underlying anonymity guarantees.

Docs Library

These focused pages make the platform easier for people and crawlers to understand. Each page has its own canonical URL, topic-specific metadata, and structured breadcrumb context.

Platform Guide

How the individual app, professional platform, enterprise layer, and integration surface fit together.

API Guide

A crawler-readable explanation of the main API families, public versus internal surfaces, and integration boundaries.

Zero-Knowledge Guide

The technical privacy model behind capability-based access, one-way ownership proof, and plane separation.

Anonymity Guide

A concise map of account anonymity, storage separation, and what Rilev intentionally does not collect.

Security Model

How Rilev layers session verification, request-origin protection, body limits, abuse controls, ownership checks, and provider verification.

Data Lifecycle

What data is created, where it lives, how it moves, what is intentionally minimized, and where deletion boundaries sit.

Integrations Guide

How GPT Actions, MCP-style tools, live context, authorization grants, and provider callbacks fit into the Rilev trust model.

Privacy Impact Assessment

Formal assessment of data processing proportionality, risks, safeguards, and individual rights — required under Quebec Law 25 and best practice under PIPEDA.

Data Processing Agreement

Standard DPA for professional-tier users outlining data processing obligations, breach notification, subprocessor disclosure, and cross-border transfers.

Product Map

Individual App

Anonymous assessment, personal dashboard, progress tracking, and report generation built around access-key accounts instead of identity-first signup.

Professional Platform

Referral codes, client report workflows, Stripe-gated report generation, sharing controls, and operational analytics for professionals.

Enterprise Platform

Assessment waves, aggregated wellness reporting, departments and locations, access control, and privacy thresholds that suppress small groups.

AI & Integration Layer

GPT Actions, MCP-style workflows, live-context grants, OAuth code exchange, and report-generation services with hashed token storage.

API Surface

Rilev's API surface is grouped by platform responsibility. Some surfaces are public product integrations; others are internal application handlers. This docs page explains the domains and design intent rather than publishing every private implementation detail.

Authentication
Session lifecycleAnonymous access restoration
Session creation, access-key account flows, capability restoration, and session lifecycle.
Assessment
Assessment sessionsDerived outcomesProtected decode flows
Session progression, score sync, derived insights, outcomes retrieval, and protected decode workflows.
Tracking & Health
Daily check-insTrend readsHealth aggregates
Daily check-ins, trend reads, subscription state, and privacy-preserving health aggregates.
Professional
Referral workflowsReport jobsBilling portals
Accounts, referrals, code management, payment setup, report jobs, shared reports, and billing portals.
Enterprise
Assessment accessAggregate reportingExports
Assessment access, code validation, waves, member roles, exports, alerts, and aggregate reporting.
Integrations
AI actionsLive contextMachine integrations
OAuth grants, GPT Actions, anonymous context exchange, and machine-readable integration entrypoints.

Privacy Architecture

Capability-based data access

Sensitive records are addressed through random capability-style access, not ordinary identity identifiers.

One-way ownership proof

The identity plane stores only a one-way proof. The raw capability is not persisted as a readable account-to-data link.

Separated planes

Identity-plane records and data-plane records are split so normal database reads do not reveal an ownership graph.

Defense-in-depth APIs

Sensitive handlers combine authenticated sessions, request-origin checks, body limits, abuse controls, and ownership verification.

Read the full zero-knowledge explanationRead the anonymity architecture

Data Flow

  1. 1
    The client authenticates or restores access through the anonymous account flow.
  2. 2
    The app resolves the user-held capability locally and presents a one-way proof when calling protected data-plane surfaces.
  3. 3
    The server verifies the active session and proves ownership without storing a readable identity-to-data link.
  4. 4
    Data-plane records are read or written under anonymous storage locations rather than identity-keyed locations.
  5. 5
    Identity-plane metadata remains limited to account and entitlement state, not clinical payloads.

Integrations

GPT Actions

OAuth authorization-code flow, one-time codes, hashed tokens, and professional action scopes.

Live Context

Anonymous context grants that remain session-bound and ownership-checked.

Provider callbacks

Payment and subscription callbacks are isolated from browser-request assumptions and guarded by provider verification.

Operating Principles

Raw answers should remain client-side unless a narrow safety/legal exception explicitly applies.
No API should return identity details and clinical data in the same response.
State-changing browser surfaces should require request-origin protection and bounded body parsing.
Professional and enterprise account resolution should come from authenticated identity, not client-supplied account IDs.
Payment flows should preserve the blind-bridge model instead of writing direct identity links into clinical records.
    Rilev Docs | Platform, APIs, Privacy Architecture | Rilev