Skip to content

Security & Safety

MPowerUP serves populations whose physical safety depends on the security of their tools — people experiencing houselessness, domestic violence, addiction recovery, and reentry. Security is not a feature layer added after launch; it is a foundational design constraint.


Design principles

  • Never lock out — always degrade gracefully. Full authentication gives full access; partial or failed authentication gives reduced but still useful access; no authentication gives emergency-only access. A user should never be blocked from getting help.
  • Device security serves the user, not the platform. Authentication protects the user from others accessing their data; it must not become a barrier between the user and safety.
  • The attacker is often known to the victim. For this user base the most likely attacker is an intimate partner, family member, trafficker, or institution — not a remote hacker. The threat model reflects this.
  • Privacy and security are inseparable. Metadata is as dangerous as content. Knowing who is in someone's Circle, when they message, and where they are can endanger them even when message content is encrypted.
  • Legal exposure is a security issue. Law-enforcement access, subpoenas, and mandated-reporting obligations are part of the threat model, not separate from it.

Pages in this section

For cross-cutting security that applies across all BNI projects, see BNI → Technologies → Security.