Privacy & Trust UX
Fidus is built with privacy-first principles. Every UI element communicates data provenance, processing location, and user control. Trust is earned through transparency and user empowerment.
Core Privacy Principles
1. Transparency
Users always know where their data is processed, stored, and who has access. No hidden data flows.
2. User Control
Users decide what data to share, with whom, and for how long. Easy revocation of permissions.
3. Local-First
Sensitive data processed locally when possible. Cloud sync is optional and explicit.
4. Data Minimization
Only collect and process data necessary for the feature. No excessive data hoarding.
Privacy Badges
Every data-displaying UI element includes a privacy badge indicating data provenance and processing location:
Local Processing
Data processed on your device. Never leaves your machine. Highest privacy level.
Private Cloud
Data synchronized to your private, encrypted cloud storage. You control access.
External Service
Data from third-party services (Google Calendar, banks, etc.). Subject to their privacy policies.
AI Processing
Data analyzed by AI/LLM for insights. Choose local or cloud-based AI processing.
Privacy in UI Components
Opportunity Cards
Always include privacy badge in header showing data source:
Food: 475 EUR / 500 EUR
Inline Widgets
Badge in widget header or footer:
From Google Calendar
Forms
Privacy notice before submission:
Add New Transaction
🔒 This data stays on your device and is never shared.
Data Flow Transparency
Connection Indicators
Show when data syncs to external services:
Permission Requests
Clear, contextual permission requests:
Connect to Google Calendar
Fidus needs access to read and write calendar events to manage your schedule.
- ✓ View your calendar events
- ✓ Create new events
- ✓ Update existing events
- ✗ Access to other Google services
Local vs. Cloud Processing
Users choose where AI processing happens:
AI Processing Location
Privacy Settings
Granular Control
Users control privacy at feature level:
Calendar Sync
Sync with Google Calendar
Budget Alerts
Proactive spending notifications
Cloud Backup
Encrypted backup to cloud
Data Export & Deletion
Users can export or delete all data at any time:
Trust-Building Patterns
1. Progressive Disclosure
- •Start with minimal permissions
- •Request additional access only when needed
- •Explain "why" before asking
2. Contextual Privacy Info
- •Show privacy details when relevant
- •Tooltip on privacy badges explaining details
- •Link to full privacy policy
3. Visual Indicators
- •Lock icon for encrypted data
- •Cloud icon for synced data
- •External link icon for third-party services
4. User Empowerment
- •Easy disconnect from services
- •One-click data export
- •Clear data deletion process
Multi-Tenancy Privacy
Each tenant (user) has complete data isolation:
Tenant Isolation Guarantees
- ✓Data is never shared between tenants
- ✓Each tenant has separate encryption keys
- ✓API requests are tenant-scoped
- ✓Database queries are tenant-filtered
- ✓No cross-tenant AI analysis
Implementation Guidelines
For Developers
- •Always include privacy badge on data-displaying components
- •Use appropriate badge type (Local, Cloud, External, AI)
- •Implement tenant-scoped queries in all APIs
- •Add permission checks before data access
- •Log all data access for audit trail
- •Support data export in machine-readable format
For Designers
- •Include privacy badge in mockups
- •Design permission requests with clear explanations
- •Show data flow visually when relevant
- •Make privacy settings easily discoverable
- •Use consistent iconography for privacy indicators
Key Takeaways
- ✅ Every UI element shows privacy badge
- ✅ Users choose local vs. cloud processing
- ✅ Granular privacy controls per feature
- ✅ Easy data export and deletion
- ✅ Complete tenant data isolation
- ✅ Progressive disclosure of permissions
- ✅ Transparent data flow indicators