Technical Architecture

Web3-Powered Metabolic Health Terminal

AskSally Terminal leverages cutting-edge Web3 authentication and blockchain technology to provide secure, personalized AI health consultations while maintaining the highest privacy and data protection standards.

Authentication & Access Control

AskSally Terminal implements a robust Web3 authentication system that allows users to securely access our platform using their blockchain wallets. This approach eliminates traditional username/password vulnerabilities while providing cryptographic verification of user identity.

Web3 Authentication Flow

1. When a user attempts to log in, our system generates a unique message tied to their wallet address

2. The user signs this message using their private key through their Web3 wallet

3. Our backend verifies the signature cryptographically to authenticate the user

4. Upon successful verification, the system issues a JWT token that authorizes subsequent requests. This authentication method utilizes public key encryption and blockchain wallets to identify users without tracking or collecting personal information, unlike centralized services.

Token-Gated Access

Access to our terminal is controlled through a token-staking mechanism:

• Users must lock a specified amount of our tokens in a smart contract to gain access

• The system interacts directly with the blockchain to verify token balances and membership status

• Smart contracts manage subscription status, allowing users to subscribe or unsubscribe

• After a predetermined cooldown period, users can claim their tokens back through the platform This token-gating ensures that only committed users can access AskSally Terminal while creating a sustainable ecosystem around our native token.

Data Architecture & Privacy

We’ve designed our system with privacy as a foundational principle, implementing a strict separation between personal identifiers and health data.

Dual-Safe Data Model

Our architecture employs a “dual-safe” approach to data storage:

• Identity Safe: Stores authentication and personal identification information

• Health Data Safe: Contains anonymized health information and lab results

This separation ensures that even if one system were compromised, the data couldn’t be meaningfully linked to specific individuals.

Lab Results Processing

When users upload lab results, our system:

1. Converts the data into a machine-readable format

2. Strips personally identifiable information

3. Transforms the data into embeddings that our AI can analyze

4. Maintains strict access controls so users can only access their own data

AI Analysis Engine

Our AI Agent provides personalized health insights based on user conversations and uploaded lab results, utilizing a hybrid approach to knowledge retrieval and generation.

RAGCache Architecture

We implement a sophisticated hybrid of two complementary AI approaches:

• Retrieval-Augmented Generation (RAG): Pulls relevant information from our evidence-based medical knowledge base to ground AI responses in verified medical literature

• Cache-Augmented Generation (CAG): Efficiently processes information for faster responses while maintaining accuracy

This hybrid approach allows our system to deliver responses that are both quick and medically accurate, with CAG handling most standard queries and RAG engaging for complex cases requiring deeper knowledge access.

Evidence-Based Knowledge Base

Our AI operates on an evidence-based knowledge base, meticulously curated by our medical research team. This foundation comprises:

• Medical articles specifically selected and reviewed by our Medical Research team.

• Peer-reviewed scientific literature, ensuring the inclusion of rigorously validated research findings.

• Structured medical knowledge, guaranteeing that all responses are firmly rooted in established medical science.

Security Measures

Conversation Guardrails

To protect user privacy during AI interactions:

• Implemented censoring mechanisms that automatically detect and remove personal identifiers from conversations

• Maintained anonymity throughout the AI interaction process

• Applied strict context boundaries to prevent information leakage

Network Security

Our platform utilizes enterprise-grade cloud security infrastructure:

• DDoS protection

• Edge computing capabilities for faster response times

• Encrypted data transmission at all points

Web3 Integration

The web3 component of our architecture serves multiple purposes:

• Authentication: Secure, cryptographic verification of user identity

• Access Control: Token-based gating of premium features

• Subscription Management: Smart contract handling of membership status (subscribe, unsubscribe, claim, balanceOf, getMembership)

This integration creates a trusted system where users maintain control of their digital assets while gaining access to AskSally Terminal.

Wallet Security

Our commitment to robust security is evident in our use of:

• Foundation of Trust: We utilize a SOC 2 Type II certified SDK, demonstrating a core commitment to secure development and operational practices.

  • The SOC 2 Type II SDK we utilize complies with SOC 2 standards and undergoes regular security audits conducted by independent third-party specialists, including the well-regarded cybersecurity firm Cure53.

• Enhanced Key Security: Our security is further bolstered by TSS-MPC key management, ensuring advanced protection for critical cryptographic keys.

  • No Single Points of Failure: High availability

  • Advanced Recovery: Secure wallet restoration

  • Server-Side Security: Enhanced backend controls

  • Multi-Chain Compatible: Works with major blockchains

• Layered User Protection: We implement advanced MFA options, providing robust and additional layers of security to safeguard user accounts.