A privacy-first project starts by asking simple questions: what data is truly needed, who should access it, where should it live and how long should it be kept?
These decisions shape the user experience, the database, the admin tools and the deployment plan.