Diagnostic Detectives — Secure Upload

This app provides a HIPAA/GDPR-aware patient file intake widget that can be embedded on any page of the Diagnostic Detectives storefront.

Quick setup

1. Open Online Store → Themes → Customize on the theme you want to add the widget to.
2. Navigate to the page template where the upload widget should appear (e.g. a /pages/secure-upload page or the contact page).
3. Click Add section (or Add block) and search for Secure Upload Widget.
4. Add it and configure the settings panel:
5. • Upload API base URL: https://upload-staging.diagnosticdetectives.com
   • Cloudflare Turnstile site key: 0x4AAAAAAC9jKSJa6OizY1rU
   • Privacy notice URL: point at your privacy policy page (required for GDPR)
   • Enable DICOM intake: leave OFF for Wave 0/1 (PDF / JPEG / PNG only)
6. Save the theme. The widget is now live on that page.

Operator dashboard

The operator admin dashboard lives at /admin/sessions — protected by WebAuthn (Touch ID or hardware key) + IP allowlist. Phase 5 of the spec covers it in detail.

Documentation

• specs/001-secure-upload/spec.md — feature specification
• docs/ARCHITECTURE.md — system architecture
• docs/RUNBOOK.md — operator procedures
• docs/SECURITY.md — threat model