Location Consent Service
Component Detail
Description
Manages the lifecycle of mentor location consent records, including recording new consent decisions, checking current consent status, and revoking consent. Ensures no spatial data is read or written without a valid consent record in the database.
location-consent-service
Summaries
The Location Consent Service is the organization's primary safeguard against privacy violations related to mentor location data. It ensures that no mentor's geographic position is ever read, stored, or shared without an explicit, timestamped consent record on file. This directly reduces legal exposure under data protection regulations and demonstrates a commitment to mentor autonomy that strengthens trust and adoption of the platform. When a mentor revokes consent, their location data is immediately deleted — eliminating residual data risk.
For organizations operating across jurisdictions with strict privacy laws, this component provides the audit trail needed to demonstrate compliance and respond confidently to regulatory inquiries or internal governance reviews.
Location Consent Service has medium complexity but carries disproportionate risk to the project because every location-related feature depends on it being correct and thoroughly tested. It spans both mobile and backend execution contexts, which means coordination between the mobile and backend teams is required during development and testing. The revoke-and-delete flow needs explicit end-to-end testing to confirm that location data is actually purged from the database upon revocation — not just flagged. Privacy-related functionality typically attracts additional scrutiny from stakeholders and legal reviewers, so budget time for a dedicated privacy review pass.
Delays here will cascade to the Mentor Location Service and the map feature as a whole. Document the consent audit log schema early to avoid late-stage database changes.
Location Consent Service manages ConsentRecord lifecycle operations via the Mentor Location Repository, which handles the actual Supabase upsert and read operations. The hasConsented check must be called before any spatial read in the Mentor Location Service — enforce this contract at the service boundary, not via documentation alone. The revokeConsent flow must atomically call deleteLocation on the repository in the same transaction or with compensating logic to avoid a state where consent is revoked but location data remains. Implement getConsentRecord to return null rather than throwing on missing records to simplify upstream null-check patterns.
The audit timestamp should be server-generated (Supabase now()) rather than client-generated to prevent clock skew inconsistencies across devices. Consider caching hasConsented results with a short TTL to reduce redundant database reads on high-frequency map refreshes.
Responsibilities
- Record mentor consent grant or denial
- Check consent status before any location data access
- Revoke consent and delete stored location on request
- Audit consent events with timestamps
Interfaces
grantConsent(String mentorId) → Future<void>
revokeConsent(String mentorId) → Future<void>
hasConsented(String mentorId) → Future<bool>
getConsentRecord(String mentorId) → Future<ConsentRecord?>
Relationships
Dependents (2)
Components that depend on this component
Used Integrations (1)
External integrations and APIs this component relies on