Headstone — Digital Legacy & Data Sovereignty Platform
Version: 0.1.0-founding
Status: Architecture Draft
Date: 2026-03-23
Classification: Founding Document
*"Every life is a library. LifeLine is the cataloguing system, the vault, and the reading room — all at once."*
Table of Contents
1. Philosophy & Design Principles
2. Core Architecture Overview
3. Core Data Categories & Schemas
4. Universal Metadata Model
5. Privacy & Consent Model
6. Decentralized Storage Architecture
7. Interoperability & Data Import
8. The Narrative Layer
9. Retroactive Reconstruction Workflows
10. Forward-Living Capture Workflows
11. Governance & Smart Contract Model
12. Identity & Key Management
13. Open Questions & Future Work
1. Philosophy & Design Principles
1.1 Core Tenets
Sovereignty First. The individual owns their LifeLine unconditionally. No company, government, or platform intermediary can revoke, modify, or access data without explicit consent. This is structural, not contractual.
Designed to Last. Every architectural decision must pass the 100-year test: Will this still be retrievable, readable, and meaningful a century from now? Proprietary formats fail this test. Open, redundant, content-addressed storage does not.
Sparse is Valid. A LifeLine with three photos and a birth record is as legitimate as one with forty years of wearable data. The model must never require completeness.
Consent is Granular, Not Binary. "Public or private" is insufficient. Every datum carries its own access policy, expressible across axes of relationship, time, purpose, and reversibility.
Accessible to Non-Technical Humans. The architecture can be complex; the interface must not be. A 78-year-old with no smartphone history should be able to participate fully.
AI Serves the Human, Not the Reverse. AI in Headstone is a tool for surfacing meaning, filling gaps, and suggesting connections — never for autonomous decisions about what a life means.
1.2 The Two Modes
| Mode | Character | Primary Actor | Time Horizon |
|------|-----------|---------------|--------------|
| **Forward-Living** | Passive, continuous capture | Sensors, apps, integrations | Present → Future |
| **Retroactive Reconstruction** | Active, curated import | Human, family, AI assistance | Past → Present |
Both modes produce records in the same data model. The source metadata differentiates them.
1.3 Non-Goals
- This is not a social network. Sharing is opt-in and purposeful, not the default.
- This is not a backup service. It is a meaning-layer on top of data, not raw storage.
- This is not a surveillance infrastructure. Passive capture requires explicit enablement per stream.
2. Core Architecture Overview
┌─────────────────────────────────────────────────────────────┐ │ LifeLine │ │ │ │ ┌──────────────┐ ┌──────────────┐ ┌───────────────┐ │ │ │ Identity │ │ Timeline │ │ Narrative │ │ │ │ Anchor │ │ (Events) │ │ Layer │ │ │ └──────┬───────┘ └──────┬───────┘ └───────┬───────┘ │ │ │ │ │ │ │ ┌──────▼──────────────────▼────────────────────▼───────┐ │ │ │ Core Data Categories │ │ │ │ Health │ Places │ Relationships │ Media │ Documents │ │ │ │ Financial │ Beliefs │ Digital │ Knowledge │ Legacy │ │ │ └──────────────────────────┬────────────────────────────┘ │ │ │ │ │ ┌──────────────────────────▼────────────────────────────┐ │ │ │ Universal Metadata + Consent Layer │ │ │ └──────────────────────────┬────────────────────────────┘ │ │ │ │ └─────────────────────────────┼───────────────────────────────┘ │ ┌─────────────────────▼──────────────────────┐ │ Decentralized Storage │ │ IPFS │ Arweave │ Blockchain Anchoring │ │ Encrypted Envelope │ Smart Contract Layer │ └────────────────────────────────────────────┘
2.1 The LifeLine as a Graph, Not a List
Conceptually, a LifeLine is presented as a timeline (linear), but structurally it is a directed graph:
- Nodes are data records (events, artifacts, relationships, etc.)
- Edges express relationships between nodes (causation, co-occurrence, continuation, contradiction)
- Clusters group nodes into meaningful periods or themes
- The Timeline is a projection of the graph onto a temporal axis
This allows rich, non-linear navigation while preserving the intuitive linear experience.
2.2 Core Identifiers
Every element in a LifeLine uses content-addressed identifiers (CIDs) where possible, ensuring:
- Immutability — the ID encodes the content
- Verifiability — anyone with the ID can verify the content hasn't changed
- Deduplication — identical content produces identical IDs
This page summarizes the full specification. See the full document for complete details.