No private data on the public site
The public website is for product overview, downloads, support and compliance only. It does not display patient names, IDs, doctor accounts, hospital accounts, treatment records or raw force data.
Compliance & Privacy
The public website is responsible for presentation and download, not for hosting any treatment privacy data.
The compliance page defines the boundary of the public site, download chain, privacy scope and public data range so clinicians, partners and deployment teams know exactly what the site is meant to do and what it is not.
Boundary Rules
Public Compliance
边界块
3
用公开表达说明官网能展示什么、不能展示什么,以及服务边界。
规则
3
把资料发布、信息范围与对外表达方式拆成显性的规则说明。
Core Boundaries
Define the boundary before the capability. That order matters most for a medical-related public website.
用清晰的模块说明公开站展示什么、不展示什么,以及用户在公开站能完成哪些操作。
Show
Open
产品、下载、FAQ 和联系支持属于公开展示范围。
Hide
Private
患者、医生、医院等敏感信息不会在官网公开。
Rule
Clear
通过结构化边界卡让官网表达更像规则体系,而不是提醒文字。
Business data stays in authorized terminals and backend interfaces
Actual measurement, patient management, doctor management, record synchronization and clinical advice remain inside the Android tablet business system and Django business APIs rather than being exposed through the public site.
Public downloads remain auditable
Packages continue to reuse Django `ApplicationPackage`, `PackageDownloadLog` and update configuration sources so version display, download behavior and logging remain traceable.
Transmission & Verification
A public delivery chain must be downloadable, verifiable, auditable and explainable.
官网与专属服务入口各自承担不同职责,公开页面仅呈现经过整理后的对外信息。
合规页的重点不是解释业务功能,而是明确公开边界和数据处理原则。
后续可继续补充流程图、信息边界图或合规模块示意图。
Public Data Boundary
用统一视觉容器表达公开内容、记录留存与敏感信息之间的清晰边界。
Public pages should prioritize HTTPS for downloads, instructions and support content to reduce leakage and tampering risks in transit.
Download pages must show version, release date, file size, MD5, SHA256 and system requirements so field teams can verify the file on site.
If checksums do not match, stop the installation immediately, download again and inspect proxies, caches or mirror nodes.
Responsibility Matrix
Use a responsibility matrix to completely separate the public website from the internal business system.
| 信息项 | 官网公开站 | 专属服务入口 |
|---|---|---|
| Public responsibility | Product overview, workflow, APK download, FAQ, compliance and changelog | Does not take over business login, patient management, doctor management or record query |
| Displayed data scope | Only non-sensitive explanatory content, abstract workflows, public releases and installation information | Processes protected data such as patients, doctors, hospitals and treatment records |
| Authentication | All pages are anonymous by default with no login or registration entry | Uses controlled accounts to access business capability and data interfaces |
| Download & audit | Django download APIs continue to record logs and download counts | Still handles admin review, package approval and version publishing workflows |