Privacy-First Mental Wellness Transformation for MySanctuary with CIL
Client
MySanctuary
Industry
HealthTech
Services
Cybersecurity and Resilience, Analytics and Machine Learning, Technology Consulting & Product Development, Cloud Platform Operations
AWS KMS
AWS Nitro Enclaves
Amazon Bedrock
Amazon Comprehend
Amazon Rekognition
AWS Lambda
Amazon EventBridge
Amazon S3
Amazon DynamoDB
Amazon SQS & Amazon SNS
Overview
Cecure Intelligence Limited (CIL) partnered with MySanctuary to develop the world's first truly private, AI-powered journaling platform. By architecting a multi-layered machine learning system utilising Amazon Bedrock and on-device processing, CIL enabled the platform to provide deep emotional pattern recognition, personalised growth insights, and critical safety alerts, all while maintaining an absolute Zero-Knowledge Encryption architecture where unencrypted user content is never visible to the server
The Challenge
The platform needed a solution that could deliver deep, AI-powered personal growth insights from highly sensitive, multi-modal journaling data (text, audio, video) while maintaining absolute user privacy and complying with strict child protection regulations.
The main engineering challenges were:
Zero-Knowledge Architecture: Ensuring that unencrypted user content is never visible to the service provider. This required implementing complex client-side end-to-end encryption (E2EE) using envelope encryption, where content encryption keys (CEKs) are generated on the device and protected by a user's master key, which the system never accesses in raw form.
Resolving the "Privacy-Intelligence Paradox": Delivering sophisticated AI pattern recognition, sentiment analysis, and growth recommendations without compromising the zero-knowledge guarantee. This necessitated a hybrid approach utilising on-device processing and secure enclaves (AWS Nitro Enclaves) for isolated server-side AI processing, where clients generate ephemeral processing keys, data is decrypted in memory, and the decrypted data is immediately purged after the insight is generated.
Child Safety & Guardian Oversight: Balancing strict user privacy rights with the need to protect vulnerable minors (ensuring COPPA and AADC compliance). This involved building asynchronous content-safety scanning pipelines for text and media using AWS Comprehend and Rekognition, verifiable parental consent flows, and granular usage controls that alert guardians to risks (such as self-harm or toxicity) without exposing the child's entire private journal.
The main engineering challenges were:
Zero-Knowledge Architecture: Ensuring that unencrypted user content is never visible to the service provider. This required implementing complex client-side end-to-end encryption (E2EE) using envelope encryption, where content encryption keys (CEKs) are generated on the device and protected by a user's master key, which the system never accesses in raw form.
Resolving the "Privacy-Intelligence Paradox": Delivering sophisticated AI pattern recognition, sentiment analysis, and growth recommendations without compromising the zero-knowledge guarantee. This necessitated a hybrid approach utilising on-device processing and secure enclaves (AWS Nitro Enclaves) for isolated server-side AI processing, where clients generate ephemeral processing keys, data is decrypted in memory, and the decrypted data is immediately purged after the insight is generated.
Child Safety & Guardian Oversight: Balancing strict user privacy rights with the need to protect vulnerable minors (ensuring COPPA and AADC compliance). This involved building asynchronous content-safety scanning pipelines for text and media using AWS Comprehend and Rekognition, verifiable parental consent flows, and granular usage controls that alert guardians to risks (such as self-harm or toxicity) without exposing the child's entire private journal.
The Solution
CIL implemented a cloud-native, serverless framework on AWS, using a zero-knowledge architecture designed for absolute data privacy, secure AI processing, and strict oversight by a guardian.
End-to-End Envelope Encryption Pipelines: Using Python-based AWS Lambda functions and AWS KMS, CIL implemented a robust client-side encryption architecture. Every journal entry is encrypted on the user's device with a unique Content Encryption Key (CEK), which is then encrypted using the user's master key. The server stores only encrypted content blobs in Amazon S3 and metadata in Amazon DynamoDB, ensuring the system can securely route and store data without ever possessing the keys to read it.
Privacy-Preserving AI: To deliver sophisticated pattern recognition and growth recommendations without compromising privacy, the system uses isolated processing environments. When insights are requested, the client temporarily re-encrypts its data with an ephemeral processing key and sends it. The server decrypts the content strictly in memory, runs private machine learning models via Bedrock, encrypts the resulting insight, and immediately wipes its memory to prevent any persistent data exposure
Asynchronous Safety & Guardian Routing: To protect vulnerable minors while respecting their privacy, CIL applied decoupled, asynchronous content safety pipelines. As journal entries or media are uploaded, event-driven triggers via Amazon EventBridge and SQS initiate safety scans using AWS Comprehend and AWS Rekognition. If harmful content (e.g., self-harm, toxicity, explicit imagery) is detected, the system generates deterministic safety alerts and routes them to verified guardians via Amazon SNS, enabling crucial oversight without granting unrestricted access to the minor's entire private journal.
End-to-End Envelope Encryption Pipelines: Using Python-based AWS Lambda functions and AWS KMS, CIL implemented a robust client-side encryption architecture. Every journal entry is encrypted on the user's device with a unique Content Encryption Key (CEK), which is then encrypted using the user's master key. The server stores only encrypted content blobs in Amazon S3 and metadata in Amazon DynamoDB, ensuring the system can securely route and store data without ever possessing the keys to read it.
Privacy-Preserving AI: To deliver sophisticated pattern recognition and growth recommendations without compromising privacy, the system uses isolated processing environments. When insights are requested, the client temporarily re-encrypts its data with an ephemeral processing key and sends it. The server decrypts the content strictly in memory, runs private machine learning models via Bedrock, encrypts the resulting insight, and immediately wipes its memory to prevent any persistent data exposure
Asynchronous Safety & Guardian Routing: To protect vulnerable minors while respecting their privacy, CIL applied decoupled, asynchronous content safety pipelines. As journal entries or media are uploaded, event-driven triggers via Amazon EventBridge and SQS initiate safety scans using AWS Comprehend and AWS Rekognition. If harmful content (e.g., self-harm, toxicity, explicit imagery) is detected, the system generates deterministic safety alerts and routes them to verified guardians via Amazon SNS, enabling crucial oversight without granting unrestricted access to the minor's entire private journal.
The Result
CIL’s implementation delivers a secure, scalable AI layer that connects deep personal reflection with actionable intelligence, successfully resolving the "privacy-intelligence paradox":
99% Improvement in Insight Velocity: The AI-driven engine reduced the time to generate psychological pattern recognition from hours of manual review to under 2 seconds per entry.
60% Reduction in Compute Overhead: By utilising ARM64-based AWS Lambda functions, the system optimized costs, maintaining memory usage at only 15–40% of allocated capacity.
High-Performance Security Scaling: The architecture enforces 100,000 PBKDF2 iterations for client-side key derivation, yet maintains a high-performance initial load time of only 2.1 seconds.
Safe Guardian Oversight: Decoupled content safety pipelines deliver real-time well-being alerts (e.g., self-harm detection) while strictly preserving the young user's right to a private developmental space.
99% Improvement in Insight Velocity: The AI-driven engine reduced the time to generate psychological pattern recognition from hours of manual review to under 2 seconds per entry.
60% Reduction in Compute Overhead: By utilising ARM64-based AWS Lambda functions, the system optimized costs, maintaining memory usage at only 15–40% of allocated capacity.
High-Performance Security Scaling: The architecture enforces 100,000 PBKDF2 iterations for client-side key derivation, yet maintains a high-performance initial load time of only 2.1 seconds.
Safe Guardian Oversight: Decoupled content safety pipelines deliver real-time well-being alerts (e.g., self-harm detection) while strictly preserving the young user's right to a private developmental space.
Conclusion
CIL created an audit-ready Generative AI journaling app. The solution demonstrates that high-performance machine learning can effectively deliver deep psychological insights while meeting stringent privacy and child protection compliance requirements, including global standards such as COPPA, AADC, HIPAA, and GDPR, for the digital wellness sector.
Meet a few of our clients
Cecure Intelligence Limited is trusted by the most innovative and tech-forward companies who focus on customer experience without compromising on business goals.
Vodafone Group
Outscope IT
GBG PLC
Bank of Ireland
Vantage Towers
Jously
Leika Microsystems
Want similar results for your business?
Our team is ready to help you achieve your goals. Let's discuss how we can transform your operations.
