IMEI protection
Production should encrypt full IMEIs, display only masked values and keep searchable indexes controlled.
Trust by design
The safe version of a stolen phone registry.
This project only works if it protects privacy, avoids false accusations and keeps sensitive workflows controlled.
Role-based access
Citizens, shops, admins, authorities and operators should see different data based on permissions.
Audit logs
Every sensitive view, status change, certificate and escalation should be logged.
Evidence review
Reports start as pending. Verified status requires proof and admin review.
No public doxxing
Shops see status and recommended action, not owner details or private location data.
Lawful recovery
GPS, network events and operator workflows require official authority process and clear governance.
Production backend checklist
- Supabase or dedicated backend with row-level security
- Encrypted evidence storage
- Admin review queue
- Certificate QR verification
- Rate limits and abuse prevention
- Data retention policy
- Terms, privacy policy and consent flow