Research: trauma-informed/DBT design + brand findings#67
Conversation
Cited research report guiding the revival: SAMHSA trauma-informed principles, DBT/mindfulness/IFS/narrative/polyvagal embed guidance, AI-chatbot safety guardrails, FDA/FTC/HIPAA/GDPR landscape, node-ontology review, competitive landscape, and name/brand findings (recommends moving off 'TrauMapp'd'). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 8485fa9a6d
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| Consumer self-help app with no covered-entity link is **generally outside HIPAA**. But **FTC Health Breach Notification Rule** (updated 2024) explicitly covers health apps; FTC fined **GoodRx ($1.5M)** and acted vs **BetterHelp ($7.8M)** for sharing MH data. Your zero-sharing/no-ads/no-telemetry posture is the defense — make it true and provable. ([HHS health apps](https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access-right-health-apps-apis/index.html); [FTC HBNR 2024](https://www.ftc.gov/business-guidance/blog/2024/04/updated-ftc-health-breach-notification-rule-puts-new-provisions-place-protect-users-health-apps); [FTC GoodRx](https://www.ftc.gov/news-events/news/press-releases/2023/02/ftc-enforcement-action-bar-goodrx-sharing-consumers-sensitive-health-info-advertising)) | ||
|
|
||
| ### 4.3 GDPR / UK GDPR (real obligation, esp. cloud sync) | ||
| MH content = **Article 9 special-category** data → **explicit, granular, named, withdrawable consent** (not buried). Applies to any EU/UK resident regardless of company location; fines up to 4% global revenue. Local-first shrinks the surface; **the paid cloud-sync tier is where obligations attach** even with zero-knowledge E2EE. ([Art. 9](https://gdpr-info.eu/art-9-gdpr/); [ICO special category](https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/lawful-basis/special-category-data/what-are-the-rules-on-special-category-data/); [GDPR health consent](https://www.themomentum.ai/blog/gdpr-consent-requirements-health-data)) |
There was a problem hiding this comment.
For readers using this as the compliance checklist, this sentence overstates when GDPR/UK GDPR applies: Article 3 is based on an EU/UK establishment or offering goods/services to, or monitoring behavior of, data subjects who are in the Union/UK, not on “any EU/UK resident regardless of company location.” As written, a U.S.-only launch serving an EU citizen who is not in the EU is treated the same as targeting users in the EU, which can misdirect launch scoping and counsel review; please rephrase around location/targeting rather than residency.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Pull request overview
This PR adds a single research and strategy document covering trauma-informed design, evidence-based modalities, safety/ethics, regulatory landscape, node ontology, competitive analysis, and naming/brand recommendations for the project. It is a docs-only addition under a new docs/research/ directory and does not modify code, tests, or configuration. The report is explicitly framed as decision-support and is intended to inform downstream issues filed against existing epics.
Changes:
- Adds
docs/research/2026-05-30-trauma-dbt-brand-research.mdwith SAMHSA-anchored TID principles, modality-by-modality guidance (DBT/grounding/CBT/IFS/narrative/polyvagal), AI guardrails, regulatory notes (FDA/HIPAA/FTC HBNR/GDPR Art. 9), node ontology expansion proposals, competitor scan, and a naming recommendation to move off "TrauMapp'd". - Provides a prioritized P0/P1/P2 recommendation list intended to seed follow-up issues.
Preliminary (non-legal) clearance on the rebrand shortlist. Lead candidates: Mendmap (best clearance + domains) and Plotline (warmer dual map/story metaphor). Cairn and Constellate/Constella are HIGH trademark risk (crowded wellness + software; constella.app is a same-category app). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Skeptical verification of the chosen name. Result: CAUTION. Standout risk: 'Mendmap' is one letter/phoneme from 'mindmap' (the generic category term) - confusion + SEO drag for a mapping app. Plus a crowded 'Mend' mental-health field (letsmend, mend.com, mendapp.io) and mendmap.com already taken. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Software TM lane open + app stores clean, but: famous typeface owns SEO, Calluna Pharma (funded biotech) + live CALLUNA SPA mark, crowded wellness field, .com + @calluna handles all taken, resilience story obscure. Two dictionary picks (Mendmap, Calluna) now both CAUTION -> recommend the coined route (Velora). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Disqualifier: 'Velora by ieso' is a live VC-backed AI mental-health app on both app stores (same vertical, same name). Plus velora.com is a registered-mark holder, crowded across classes, beauty-coded, GitHub org taken. Three strikes (Mendmap/Calluna/Velora) -> recommend an availability-first naming approach or parking the name. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Inverted the method: pre-screened app-store/.com/GitHub/TM before proposing. Confirmed the space is a graveyard for pretty names (most coined tokens collide with live mental-health apps). Only 2 clean survivors: Wymber (top - soft/warm, all gates pass, only flag a defunct 'Wymbe') and Zevuli (fully invented, zero collisions). Quolm passes gates but bad tone (homophone of 'qualm'). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Best candidate found: no exact-match TM/product/app, handles open. But conditional: a defunct 'Wymbe' wellness app (one letter away, same category) still has a zombie Play listing with unverified live-TM status (decisive check), wymber.com is registered to a domainer, and 'WymBee' muddies search. Adoptable provisionally pending the Wymbe-TM check + securing a domain; Zevuli is the cleaner fallback. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Phase 5 deliverable — cited research report (
docs/research/2026-05-30-trauma-dbt-brand-research.md).Highlights
Research-informed issues are being filed against the existing epics.
🤖 Generated with Claude Code