Platform
VitaPass
Portable consent-bound identity for emotional context. VitaPass carries authority across system boundaries where prompts and memory cannot.
The Problem
What happens to consent when emotional context crosses system boundaries?
A person shares emotional context with a therapy app. Later, they switch to a different provider. How does the new system know what was consented to? How does it verify the context is authentic? How can consent be withdrawn?
Traditional approaches fail: API keys don't carry consent. OAuth tokens don't carry emotional context. Neither can be revoked by the subject after data leaves the original system.
What VitaPass Is
VitaPass is a portable authority rail for governed affective artifacts. It binds a persistent identity to emotional records, enabling consent-based sharing across AI systems while maintaining subject control.
Core invariants:
- This came from a human
- This was intentionally expressed
- This scope was approved
- This authority can be withdrawn
- This context travels intact
Think Visa/Stripe for emotional context: the person carries a portable identity (vp_id), and new services request scoped access through DeepaData (the network). The old provider is never contacted.
How VitaPass Works
Subject created at issuance
When you call /v1/issue with a subject_ref, a VitaPass identity (vp_id) is auto-created if it doesn't exist.
Scope requested
A relying party requests access via /v1/vitapass/request-scope. This creates a pending grant with an approval challenge.
Subject approves
The subject (via SDK widget) sees the scope request and approves via/v1/vitapass/approve.
Presentation generated
With an active grant, call /v1/vitapass/presentto get a signed JWT containing only the in-scope fields.
Relying party verifies
The presentation can be verified offline (JWT signature) or online via/v1/vitapass/verify(adds revocation check + ledger logging).
EU AI Act Connection
The EU AI Act (Article 5) prohibits inferring emotions without consent in certain contexts. VitaPass provides the consent infrastructure that makes emotional AI compliant.
Interpretation, not inference
DeepaData interprets what was voluntarily expressed. It does not infer hidden emotional states from biometrics or behavior patterns.
Consent travels with context
VitaPass scope grants encode exactly what was consented to. When emotional context crosses system boundaries, the consent proof travels with it.
Revocable by design
Subjects can revoke scope grants at any time. Future presentations are blocked. This is the "right to withdraw consent" built into the protocol.
API Endpoints
| Endpoint | Method | Scope | Purpose |
|---|---|---|---|
| /v1/vitapass/request-scope | POST | vitapass | Create a pending scope grant |
| /v1/vitapass/approve | POST | — | Subject approves with challenge token |
| /v1/vitapass/present | POST | vitapass | Generate presentation token |
| /v1/vitapass/verify | POST | vitapass | Online verification + revocation check |
| /v1/vitapass/revoke | POST | vitapass | Revoke a scope grant |
| /v1/vitapass/ledger | GET | vitapass | View presentation audit trail |
Example: Request Scope
curl -X POST https://www.deepadata.com/api/v1/vitapass/request-scope \
-H "Authorization: Bearer dda_live_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{
"vp_id": "vp-01HZ3G...",
"scope": {
"domains": ["core", "constellation"],
"certification_min": "basic",
"freshness_max_days": 30
},
"grant_type": "standing",
"purpose": "Therapy continuity - transferring emotional context"
}'Grant Types
Short-lived, single-use. Max 1 hour TTL. The grant expires after a presentation is generated. Use for one-time context sharing.
Permission persists, but tokens stay short-lived (max 1 hour). Allows repeated presentations without re-approval. Revocable at any time.
Scope Descriptors
When requesting scope, you specify exactly what fields the relying party needs access to.
{
"domains": ["core", "constellation"],
"fields": ["core.anchor", "core.spark"],
"certification_min": "basic",
"freshness_max_days": 30
}domains: EDM domains to include (if fields empty, all fields in these domains)
fields: Specific fields to include (dot notation: domain.field)
certification_min: Minimum certification level (basic, standard, full)
freshness_max_days: Only include artifacts created within this window