I need a lean, functional MVP that lets users store and share their emergency contact information through a web interface. A PWA (Progressive Web App) User Management & Family Dashboard Hybrid (PIN + Token) NFC Bracelet Security Emergency Alert System (Email/SMS) Canadian Data Hosting & PIPEDA/GDPR Compliance Bilingual Support (English & French) FHIR Compliance All medical data stored/output in FHIR R4 format SMS Service Twilio Industry standard for programmable SMS. Email Service Resend Modern, API-first transactional email with great deliverability. Monitoring Sentry.io Error tracking and performance monitoring. Emergency Alert System Trigger: On successful POST /api/nfc/:uid/auth. Action: Query the medical profiles table for the user's emergency contacts. Process: For each contact, send an alert via Twilio (SMS) and Resend (Email). Message Content (Bilingual): "ALERT: [User's Name]'s MedID Secure was accessed on [Date] at [Time]. The access location was approximately [City from IP geolocation]. If this was not an emergency, please log in to deactivate the bracelet." Medication Interaction Checker Smart Profile Builder Practical Alerts (No sensors) Payment Integration Stripe subscriptions (Individual/Family/Enterprise) Emergency override protocols Compliance, Security, & Legal Implementation This is non-negotiable and must be built from day one. Data Hosting: All data must reside in ca-central-1 (Canada). Confirm Supabase and Vercel deployment region. Audit Logging: Every access to medical data, every login, every profile change must be written to the audit log table. User Consent & Disclaimers: During Sign-Up: The user must actively check a box to agree to your Terms of Service and Privacy Policy. On the Medical Profile Form: A clear disclaimer must be present: "You are solely responsible for the accuracy of this information. MedID Secure is an informational aid and is not a medical device. It does not diagnose, treat, mitigate, or prevent any disease or condition." On the NFC Landing Page: The page must display: "For emergency use only. Unauthorized access is prohibited." Data Deletion: A DELETE /api/profile endpoint must be built to fully anonymize a user's data across all tables to comply with the "Right to be forgotten." Data Export: A GET /api/profile/export endpoint must be built to return all user data in a structured format (JSON) for GDPR/PIPEDA compliance. Foundation Set up Next.js project with Typescript, Tailwind. Configure Supabase project in ca-central-1. Implement Supabase authentication (sign up, login, protected routes). Build basic user dashboard skeleton. User Core Build medical profile form with consent checkboxes. Implement emergency contacts management. Build the "Deactivate Bracelet" feature. Create the audit log system. We have to have Mitigation Strategies: to provide a QR code backup or something temporarily. NFC Core Build the /api/nfc/:uid endpoint flow (as described in the sequence diagram). Implement PIN hashing and JWT token generation/verification. Create the emergency responder UI page. Integrations & Polish Integrate Twilio and Resend for Real-time emergency alerts. And possibly location where accessed taped bracelet Implement data export and deletion endpoints. Perform rigorous security testing. Finalize bilingual content (English/French). Heath Integration (apple health/google fit) Deployment & Manufacturing Deploy to Vercel. NFC bracelet sample batch from manufacturer with UID&PIN spreadsheet Conduct end-to-end testing with physical bracelets. Development Priorities: 1. ✅ Mobile-responsive design 2. ✅ fast loading on slow connections 3. ✅ Offline capability for emergency info display 4. ✅ Browser NFC compatibility 5. ✅ Email/SMS alerts instead of push notifications & 1. Last-Known Location: Use the phone's GPS when the NFC is tapped 2. Wi-Fi Positioning: Can get approximate location without GPS hardware 3. SMS Location Requests: User texts "LOCATION" to bracelet, it replies with coordinates (only activates when needed)