TIP-070 -Enhancing Menstrual Health Privacy: Embody's Inner Circle and TACo Integration

Enhancing Menstrual Health Privacy: Embody’s Inner Circle and TACo Integration

TIP Number and Title: TIP-070

Vote Type: Token Holder Governor Bravo

DAO Elected Representative Sponsor: Will

*Note: After great feedback from the DAO, we’d like to clarify and add that the development of a reusable chat infrastructure will be at the core of this proposal. The proposed work will be open source and reusable.

Project Summary

Our team is excited to propose the integration of TACo (Threshold Access Control) into Embody, the most privacy-forward and comprehensive period tracking app ever built. This integration is especially crucial in the wake of the U.S. Supreme Court’s decision to end the constitutional right to abortion in 2022, which has heightened menstruators’ concerns about the security of data collected by period-tracking tools and its potential misuse. More specifically, we are looking to build the Inner Circle feature, an online community space where menstruators can securely discuss and share their experiences. Through the integration of TACo, Embody’s Inner Circle not only gains the advantage of its robust security features but also actively contributes to the advancement of the TACo ecosystem. Our application serves as a tangible real-world implementation that can provide valuable feedback and user experience insights to the TACo/Threshold DAO community, thereby assisting in refining and enhancing the technology for future applications.

The team at Embody is requesting $189,000 to achieve the following key milestones.

Milestone 1 - UX/UI Design, Technical Architecture, and TACo testnet integration
Milestone 2 - Development and TACo mainnet integration
Milestone 3- Public release of Inner Circles, available on app stores and marketing

Background

In the wake of newly activated state laws and uncertain legal boundaries in the United States, women are searching for a safe space to gather online to discuss the problems that they face related to women’s health and connect with each other without concerns about data privacy and societal stigmas. This gap underscores the need for Inner Circle, a social network within Embody (an encrypted, local-first, open-source period tracker) designed for intimate, small-group interactions where women can share, learn, and connect on their health and topics that resonate deeply with them.

Our project’s overarching objective is to redefine menstrual health by creating the most privacy-forward period tracking application, ensuring that every individual has the tools to understand and manage their menstrual health without compromising their personal security and privacy. This initiative aims to address the growing concerns about data misuse while empowering users with unique insights into their bodies and creating a safe community for sharing experiences with their trusted circle.

Our goal is to design and develop an Inner Circle feature utilizing a decentralized network, accessible via our Embody app, which will provide a supportive and secure community space for women to openly share and discuss their menstrual health and how it affects their day-to-day lives. We aim to integrate TACo (Threshold Access Control) to leverage its end-to-end encrypted data sharing and communication capabilities, protecting Embody users from a centralized authority that might unilaterally deny service or, in the worst-case scenario, decrypt/view/share private user data without consent. It is the only access control layer available to web 3 developers that can offer an end-to-end encrypted access control service, through a live, well-collateralized, and battle-tested decentralized network of nodes. The TACo integration will ensure that users can share and communicate while retaining complete control over their data’s integrity and confidentiality.

From the outset, Embody has been designed with privacy and decentralization at its core. This means every feature, integration, and decision is made with the goal of avoiding centralized control or points of vulnerability. That’s why the integration with TACo makes the most sense to us.

Additionally, we believe this will be a powerful partnership with TACo as we become one of the first use cases showcasing TACo’s usability and applicability beyond its conventional domains and in an environment where the stakes for compromising trust are exceptionally high—exceeding even the risk faced by adopters who rely on TACo for seed phrase recovery and inheritance.

We are currently in beta, and we’re encouraged by the organic growth we’ve seen so far. Without dedicated marketing campaigns, we have already achieved over 250 downloads and attracted more than 1,700 blog subscribers. It’s a promising sign as we gear up for more structured marketing efforts post public launch, especially with the introduction of inner circle.

What sets Embody apart from Competitors?

Privacy has traditionally been conceded in favor of convenience, with most apps collecting data from users from the start, making it impossible to guarantee it won’t be compromised and released by hackers, sold to third parties, or used as evidence in court.

We are well aware of existing period tracker applications such as Clue, Flo, Stardust, and 28. However, none of them are private by default, where the user has full control over their data. With Embody users don’t have to select an “anonymous mode” or turn on a special setting. Their actions are always private. And unlike other period trackers, our technology is open source so anyone can verify our security guarantee. We have built our business model around security from day one.

Additionally, no other application currently provides all of the following features: symptom logging, personalized analytics, 4-phase focus, and a social component.

Market Strategy & Fit

Our period tracker app occupies a unique and lucrative niche at the intersection of wellness and women’s health. With 2/3 of the US population embracing wellness apps, amounting to a $2.7 billion market, and 1/3 of US women relying on period tracking apps, representing a $1.2 billion market, our app taps into a substantial market opportunity. By seamlessly integrating menstrual health tracking into the broader realm of wellness, we are positioned to address the comprehensive well-being needs of millions.

A recent survey of over 1,150 women highlighted that 59% prioritize transparency in data usage, and 57% prioritize data security over cost and ease of use when choosing a menstrual health app. We meet these growing security concerns that other apps often fail to address.

Our target audience includes menstruators who value privacy and security in digital health tools, particularly those in regions with restrictive reproductive rights.

We will focus on expanding our user base through targeted marketing campaigns and partnerships with women’s health organizations including top organizations and advocacy groups that are helping women get access to reproductive health care, particularly those in the 24 US states that have banned abortion. Additionally, we plan to partner with Hey Jane (a telehealth startup providing patients with medication abortion) and De Lune (a menstrual wellness brand that offers innovative, all-natural relief supplements for period pain and other PMS symptoms), along with with other organizations as revenue sharing partners, leveraging their established networks and expertise to enhance our market reach.

Given the growing awareness and openness around menstrual health, and the specific need for privacy-focused solutions, there is significant market demand for an app like Embody. In a Product-Market Fit (PMF) survey, we observed compelling evidence of the significant impact and value our product holds in the market. A notable 46.79% of our users reported they would be “very disappointed” if they no longer had access to our product, a figure that notably exceeds the 40% benchmark commonly associated with a strong product-market fit.

Embody will initially adopt a freemium model, providing essential period tracking features and inner circle at no cost to ensure accessibility for all users. By Q3 of 2024, we plan to transition to a premium subscription model, priced at $10 per month or $65 annually. Our premium content will include guided meditations tailored to different phases of the menstrual cycle, customized fitness routines that adapt to hormonal changes, and nutritional guides to optimize health and well-being. Additionally, we will offer interactive tools for period trend analysis, providing users with actionable insights into their menstrual health.

To encourage upgrades to the premium version, we will implement a strategic marketing approach, showcasing the tangible benefits of the advanced features. This will include targeted promotions, free trials, and exclusive content previews. We will also continue to leverage user feedback to continuously enhance the premium offerings, ensuring they remain aligned with the evolving needs and preferences of our users.

Impact

This project sets a new standard in tech: women’s data is not a product to be sold, shared, or used against them in a court of law. Women are the owners of their intimate health data, and they can safely learn more about their bodies and connect with other menstruators in a safe environment.

Milestones and Timeline:

Milestone 1 - UX/UI Design, Technical Architecture, and TACo testnet integration
The Embody team will create a technical document to outline the architecture behind Inner Circles along with high-fidelity designs, with feedback from early users of the Embody app. The Inner Circles feature will allow a user to create a circle of up to 5 friends, allowing those in the circle to share and view each other’s menstrual cycle. The Circle receives a daily prompt that helps users build a deeper understanding of how menstruators are affected by their cycles. Responses, which are ephemeral and disappear after 24 hours, are shared with the group, providing a point of connection for the users in the Circle.

Activities:

1. Develop Technical Requirements document to outline the architecture behind Inner Circles and the TACo integration
2. TACo testnet integration
3. Perform user research to inform design & early functionality
4. Develop Figma mockup for Inner Circle
5. Gather user feedback on the designs
6. Iterate on designs based on user feedback

Deliverables: Requirements document, complete UX/UI Design, user research report & iterations made
Timeline: 3 months
Budget: $40,500

Milestone 2 - Development and TACo mainnet integration
Technical implementation of the Inner Circles feature in beta and test with early users

Activities:

1. TACo mainnet integration
2. Implement Inner Circles functionality based on designs from Milestone 1
3. User testing & bug resolution

Deliverables: fully functional version of the Inner Circles feature with TACo integration, testing report & bug fixes, , marketing plan
Timeline: 5 months
Budget: $70,500

Milestone 3- Public release of Inner Circles, available on app stores.

Activities:

1. Final round of QA
2. Release on app stores
3. Marketing campaign

Deliverables: QA report, app store release
Timeline: 1 month
Budget: $78,000

Outcome

*Enhanced data security. By leveraging TACo’s decentralized and end-to-end encrypted framework, the Inner Circle feature will offer unparalleled data security and privacy while minimizing the trust users need to place in any single entity.

*User empowerment. Users will have more control over their data, deciding who can access their shared content. With transparent and verifiable security measures and open source ethos, users will have increased trust in the platform’s commitment to their privacy. It’s worth noting that both TACo and Threshold have been open source since their inception, and even TACo’s roadmap is open source, ensuring that all limitations and discussions are auditable.

*Community support. Inner Circles allows women dealing with challenging health or political issues to gather in a safe space to talk about the issues they collectively face.

*Scalability. TACo’s decentralized nature ensures that as the Inner Circle community grows the system remains resilient and efficient for scaling

By integrating TACo, Embody not only benefits from its robust security features but also contributes to the evolution of the TACo ecosystem. Our application serves as a real-world implementation that can provide valuable feedback to the TACo / Threshold DAO community, helping refine and enhance the technology for future applications. Additionally, the FemTech ecosystem, with its unique challenges and requirements, presents an ideal opportunity to showcase how TACo’s technology can be adapted to protect and empower users in nontraditional spaces.

Who is Involved:

Embody is currently being incubated by Thesis. Thesis is a crypto venture studio behind Taho, Fold, tBTC, and Keep, a key contributor to Threshold.

The Embody team is led by founder Anna Hall and includes experts in engineering, design, strategy, growth, and advisory roles, with members including Liz Shinn, Carolyn Reckhow, Dani Bonilha, and Claire Seidler, each bringing specialized skills from product development to strategic growth and design.

Budget Summary

Our budget is structured around specific milestones, denominated in USD because our costs and liabilities are in USD. We ask to either A) be paid an amount of T that corresponds to the USD value of the milestone at the time of each payment, or B) that the Integrations Guild allocate the amount of T necessary to cover the entirety of the USD denominated budget and immediately swap it into USD or USDC and hold in escrow, to be released upon completion and acceptance of each milestone.

Project Links:

https://twitter.com/EmbodySpace

I don’t mean to be obtuse, but I’m not sure I find the value in the DAO funding a private company to implement one of its services. What’s the ROI here? Are we expecting to accrue fees from TACo equal to or greater than the requested funding? What does that timeline look like?

Happy to be convinced otherwise.

similarly curious what the roi is here…

threshold pays $189k for embody to use TACo. Seems the intended return is exposure to show TACo being used.

i also struggle to see why embody would need to use TACo, instead of traditional e2e encryption methods, especially considering it doesn’t seem to be a web3 application. Aside from the juicy grants that web3 projects can provide - is there any good reason not to use traditional and long established encryption methods?

Hey Farthing! Thanks for your question.

Founder here - the primary reason that the DAO would benefit from funding this feature is the opportunity to test a largely unused piece of technology to solve a real world problem. ROI would be long term.

We’re solving a normal, human problem that will help people understand what Threshold can do in the real world, and we think that’s valuable.

This is kind of like liquidity mining in DeFi. TACo doesn’t have any applications built on it today. You have a cold start problem. We want to be the first application, and an open source reference for customers of the network down the road.

Appreciate the feedback and hope that helps!

Hey Zilayo! Great question.

Embody is trying to solve decentralized group chat without servers. In small groups Inner Circles can just be peer to peer. In larger groups, we need a way to use group keys or other access control to remove the need for a server.

As far as I know, that’s what TACo was built for!

Thanks for putting together such a well thought out proposal, I appreciate the details and milestone approach. The benefits I see for the DAO

• taco being used in production is good for battle testing taco.
• having a friend team to co develop a case study for taco.
• having a live dapp paying fees (even if small) will formalise how taco fees work.

I think it would make sense for the DAO to have part of the 3rd milestone payment including case study material being co-developed.

Without dedicated marketing campaigns, we have already achieved over 250 downloads and attracted more than 1,700 blog subscribers.

How long has the app been live and how many of the downloads are active users?

This is a great summary.

the U.S. Supreme Court’s decision to end the constitutional right to abortion in 2022, which has heightened menstruators’ concerns about the security of data collected by period-tracking tools and its potential misuse

Are there examples of this occurring that you can share?

Thank you for a detailed and compelling proposal! One of TACo’s missions is to protect vulnerable populations from surveillance, particularly where the consequences of leakage (via negligence, court order or business model) are acute. The vulnerable population in question here is enormous; whether those residing in US states which have introduced post-Roe bans/restrictions, or indeed the ~500m women worldwide who cannot choose to get an abortion legally. I’m learning that the digital surface for gathering prosecutorial evidence continues to expand – via shopping records, geofence warrants, and popular period trackers. So Embody, powered by a decentralized e2e encryption integration, can provide an essential alternative to the latter, plus hopefully educate users on the risks they accumulate via their broader online activities. Hence, this integration could bring significant legitimizing, demonstrative and disseminative value to TACo, and decentralized e2ee in general.

With regard to the case for integration versus alternatives; it appears to me that the hypersensitivity of the underlying data – conversation topics that in some jurisdictions would be incriminating – makes cloud key management (and their backdoors) an entirely unfeasible option. As was touched upon in @PmsFtw’s presentation, trustworthy e2ee protocols like Signal are not designed to be integrated into other applications. Moreover, I expect Embody will require generalizable access control –i.e. agnostic to the underlying data payload – whether it’s an image, menstrual calendar, or some other reproductive health data.

@zilayo is absolutely right that Embody’s archetypal end-user is not a crypto native. Along with one of our other adopters Holonym, this means access conditions will have to be verified using non-EVM/blockchain state, albeit for v different reasons. Although this major extension aligns with our 2024 roadmap, it is a departure from the genesis access condition model and will require ideation, R&D and bandwidth from NuCypher, Embody, Holonym and others to solve. Critically, it’s not possible to fully complete a TACo Testnet integration (part of Milestone 1) until we have a viable design and implementation for this. We will do our best to enable this new class of conditionality within the first few months, but worth reiterating the note right at the end of @shamidzade’s proposal; that milestones will need to be completed before the next tranche is approved and released, and therefore phase 2 could be delayed.

Overall, I’m keen for TACo support Embody’s objectives, and would dedicate the necessary efforts on our side to make the use case technically feasible without compromising on trust. As discussed, decentralized access control is vital to protecting Embody’s users, so we would support their integration regardless of whether they succeed in securing a grant.

A correction: if everything goes to plan, Embody would likely be the 5th or 6th paying adopter –we already have two established projects who have completed a DKG initialization and are now renting TACo nodes (who are enforcing DRM for tokenized media and gatekeeping a seed phrase recovery flow).

Thank you @shamidzade and @PmsFtw for this detailed proposal.

I initially shared the position that the cost to the DAO is quite high with no clear path to ROI in the traditional sense. However, I have concluded that this is not as straight forward as no immediate ROI == not the right fit for Threshold. I think the use case is fantastic. After speaking to a trusted member of the DAO, I see a lot of benefits for both Embody and Threshold in this proposal.

I read the argument that Embody users aren’t web3 native, and while that may be true, I think that is a positive for this proposal. Expanding use cases to beyond web3 is the ultimate path to widespread adoption, and as @arj pointed out above, the need for backdoor-less encryption is growing. Further, privacy is a pillar upon which crypto was founded, and I cannot think of something more private than healthcare data, especially reproductive health related data.

There are many ways this cost to the DAO could be viewed, perhaps as an advertisement expense? In any case, the best approach is to ask questions to keep the conversation flowing.

Am I correct in my understanding that we’re talking about (when out of beta) a centralized app, using centralized payment providers for subscriptions, hosted in centralized infrastructure, provided for download in centrally controlled and gatekept app stores, operated and marketed by a centralized group, who will utilize TACo for the encryption keys to group chats?

And Threshold DAO is supposed to fund this all for some marketing buzz?

The only way I’d support this is if you were actually creating a decentralized app AND had a plan for how Threshold DAO could profit, beyond just “marketing”.

Sorry, you’re extremely fuzzy on the implementation details and your website isn’t saying much either.
How will TACo will be integrated within your application? And how exactly are you planning to solve decentralized group chats? Who will host the data? Who will be running the nodes of this system? Will the menstruating women be running the nodes from their phones? desktop? How will the peer to peer system be incentivized, what type of communication protocol will be used, how will anonymity be ensured?

I have a million questions after reading this proposal.

Worst of all, there’s no profit incentive built in for Threshold DAO, it’s basically a charity request for funding development of a private companies app.

Make this about something truly decentralized, anti-fragile, ungovernable, permissionless and profit driven, and it might be something worth supporting.

I share the same sentiment as Agoristen.

Re Agoristen’s remarks:

I think a world where everything is decentralized, while a nice idea, is at best a possibility decades from now. I think Threshold/TACo needs to embrace centralized applications that partially apply decentralized technologies. Not everything needs to be decentralized. In order for TACo to really become fruitful it needs to be available to as big of a market as possible.

However, I still don’t like the idea of an organization funding a private for-profit company to implement its own tech with an ROI of “exposure”. We already have several other companies utilizing or building upon TACo with funding out of their own pocket. Would this set a precedent for others to ask for funding? If it does, is the DAO going to continue providing grants? If it decides that this is a one-off, will this turn projects away if they’re declined a grant? If so, do we care? I understand that a serious team/project/business wouldn’t be deterred if declined a grant, but I think any sort of disincentive to implement TACo needs to be avoided.

Rather than a straight up approval or rejection, could we explore some sort of, at least partial, reimbursement? Possibly milestone-based? How can we make this a more equitable deal?

@Agoristen , thanks for sharing your thoughts. To address your concerns:

1. It’s my understanding that TACo (and the Threshold DAO) is still exploring different business models and finding product market fit. In this case, we would be a long-term paying customer, renting nodes to support Inner Circles.
   Moreover, we’ll expose TACo to a broader audience and customer base. The opportunity to partner with a healthcare-adjacent industry is a thoughtful move for you all, considering the way your tech could support the growing desire for proper protection of personal health data.

2. I’m not sure I would disregard us as a ‘centralized company’. Our app is local-first, without any servers, and the only thing keeping us from being fully open-source is deciding on the right license - we’re thinking GPL. At that point, anyone could build the app and side-load on any platform. We’d be happy to open-source as part of the first grant milestone.
   As to the hows - part of what is exciting about this proposal is working closely with TACO to answer all of these questions in a way that is mutually beneficial. Were you at the treasury guild meeting where I presented the visuals for what Inner CIrcles would look like? Would be happy to share those slides again.

3. Partnering with Embody - a much-needed app that provides real-world protection from an oppressive government, is an incredibly powerful statement of the DAO’s commitment to a privacy-focused, self-sovereign decentralized future.

I was not, feel free to share the slides.

Given the depth and breadth of viewpoints expressed, I believe it would be highly beneficial for the community to have a more detailed understanding of your proposal @PmsFtw. Therefore, I would like to invite you to present your slide deck to the DAO in a call scheduled for either Tuesday or Wednesday, at your convenience. Following your presentation, we would like to have an open discussion with the community. This will provide an opportunity for members to ask questions, seek clarifications, and further explore the nuances of your proposal.

We hope this session will enable a richer and more informed dialogue, helping us collectively navigate the complexities of this proposal. Please let us know your availability for the proposed dates, and we will make the necessary arrangements.

Looking forward to a constructive and enlightening discussion.

@MrsNuBooty that sounds great! We’d love the opportunity to answer any questions from the wider Threshold community. Can we do tomorrow (1/23) at noonET? Our whole team can make it at that time.

We will see you all on Discord at noon!

Event Invite: Embody Call on Tuesday, January 23rd at 12 PM Eastern Time

Thanks to the DAO for the call this afternoon and for your thoughtful feedback.

To provide some more context about Nico’s observation about a real-world use case in the community call this afternoon — a few of the largest apps we saw in studies were Flo, Clue, and Apple Health. I will also say that the 15 women that I’ve talked to in 30-45m user study sessions as well as conversations in our community on WhatsApp, every single one had used multiple period tracking apps.

All users also expressed frustration with these apps, in terms of both their data privacy and how much personalized insight they got out of taking time to log their symptoms. Embody tackles both of those pain points!

As Shaan laid out so eloquently on the DAO call today, and many (included I) seemed to agree with, the way to make this proposal more palpable is scoping down proposal. Down to something akin to “privacy / encrypted messaging as a service”. That is, a layer built on top of TACo, which is offered for other developers to build on and utilize in their own applications.

Embody could be the first implementation of this service.

Having just the for-profit Embody app by itself use TACo is not really pulling in enough value to Threshold Network / DAO to justify the subsidizing. But if you tweak the proposal by focusing on how you’ll be building this into a piece of technology / abstraction that can then be used by other teams that want to build on Threshold, then you’re really starting to provide significant value to the protocol.

That is because the value largely lays in how many developers are using and building apps on top of it. By shoe-horning something so revolutionary as decentralized chat into a women-only for-profit app, you’re missing out on the big picture stuff of what we’re building here and severely limiting growth.

Just like DeFi has spurred massive innovation with its composability, so can Threshold Network benefit enourmously from having an encrypted messaging layer built and usable for other developers.

A lot of the concern is whether funding a for-profit app is within the interest of the T DAO, I don’t think it is.

But a layer for developers to utilize, such as encrypted messaging? That’s way more aligned with the growth and interest of Threshold Network and T DAO.

I like the idea of building a decentralised chat implementation based on TACo. However, I’d like to see a comparison with existing services such as https://matrix.org/ . What will our implementation offer that isn’t already available? Should we be looking at integrating with Matrix and improving their encryption model?

For this grant size, that is something more in-line with what I would also like to see. It provides immediate value both directions.

I would also note that the “message” need not be constrained to text chat (e.g. the “message” is just data in some form, which could be used to build text chat)

This as well