Account and access creation
The anonymous account flow creates account metadata without requiring real-world identity fields for the core individual experience.
Back to docs
Rilev Data Lifecycle
A technical map of what gets created, what stays separated, what is derived, and which boundaries matter when data is shared, retained, or deleted.
Assessment scoring
Raw answers are intended to remain client-side. The server receives derived or aggregated outputs needed for reports, trends, and continuity.
Separated storage
Identity-plane records and data-plane records are stored separately. Sensitive data is addressed by capability-oriented identifiers.
Derived insights
Reports, trends, and check-ins are derived from stored scores or user-directed workflows rather than from an identity-first record.
Minimization and disclosure
The product should avoid collecting fields it does not need, and professional or enterprise sharing should remain explicit and scoped.
Deletion boundaries
Deletion and retention behavior must account for user data, operational records, legal/safety exceptions, provider records, and aggregate-only reports.
Lifecycle principle
The strongest privacy control is often non-collection. Rilev's lifecycle starts with minimizing identity data, then preserving separation as assessment data becomes scores, reports, trends, and aggregate signals.
Some operational records may exist outside the anonymous data plane, such as payment processor records, webhook delivery metadata, or safety/legal records. Those boundaries should be named clearly rather than hidden.