Operating Environment

Web App — React/Next.js
Mobile iOS/Android Apps — Device-bound identity, hardware-backed keys, biometric gated access
Backend — Node.js/FastAPI (verification and coordination only; not a data owner)
S3 object storage — AWS S3 or S3-compatible storage; content-addressed by hash, encrypted at rest
Cloud hosting — AWS
Databases — PostgreSQL, Redis, Elasticsearch (operational data only; no sensitive personal content)

Design & Implementation Constraints

Strong privacy requirements
Shariah-compliance validation
Global accessibility
Secure cryptographic storage