Verifiable Health Credentials
Our framework for the future of privacy-preserving health verification — what we're building toward and why it matters.
The problem with self-reported status
Every platform that lets members display a sexual health status relies on self-reporting. There is no verification. Anyone can claim anything. This makes the information functionally worthless as a trust signal, and it puts members at risk.
SDLust's STI testing records are an improvement — members can upload actual test results, and other members can vouch that they were present for the test. But all of this data is stored on our servers. You're trusting us. We want to build toward a world where you don't have to.
What verifiable credentials are
A Verifiable Credential (VC) is a cryptographically signed digital document — issued by a trusted source like a clinic or lab — that proves a claim (e.g. "tested negative for chlamydia on 2025-04-01") without revealing any more information than necessary. The W3C has published an open standard for VCs that major technology companies and governments are beginning to implement.
The key properties:
- Issuer-signed. A credential is only as trustworthy as who signed it. A VC from Quest Diagnostics means something. A self-signed VC means nothing new.
- Holder-controlled. You hold your credential. You choose what to share and with whom. The issuer (the clinic) doesn't know where you presented it.
- Selectively disclosed. Advanced VCs can prove a claim ("I tested negative") without revealing the underlying data (the actual test results, the date, the clinic).
- Verifiable without the platform. The cryptographic proof can be checked against the issuer's public key. SDLust doesn't need to store your test result to verify you have one.
What we're building toward
Our goal is a system where:
- You get tested at a participating clinic or lab.
- The clinic issues a signed VC directly to your digital wallet (your phone, not our server).
- You choose to present that credential to SDLust, which verifies the signature.
- We display a verified health badge on your profile without ever storing your test results.
This is not science fiction — the infrastructure is being built now. LabCorp and Quest both have patient portals that export health records. Digital wallets (Apple Health, Android Health Connect) are gaining standardized APIs. The EU's European Health Data Space regulation is pushing this forward rapidly.
Where we are today
We are not there yet. Today, SDLust stores your STI records on our servers, protected by encryption and strict access controls. Our current system is meaningfully better than self-reporting, but it still requires you to trust us.
What we've committed to as we build toward VC support:
- Health data is stored in a separate, isolated data store — not intermingled with profile data.
- Our data model is designed so that health records can be migrated to a VC-based system without rebuilding from scratch.
- We will never sell health data to third parties, use it for advertising, or share it with insurers.
- You can export and delete your health records independently of your account via your Settings page.
How you can help
The fastest path to real VC support is clinic adoption. If your healthcare provider already offers digital health records through an app, ask them about W3C Verifiable Credentials or SMART Health Cards (a VC-compatible format already used for COVID vaccination records). The more demand exists, the faster labs and clinics will implement this.
If you're a developer, researcher, or healthcare technologist interested in collaborating on this infrastructure, we'd love to hear from you: healthtech@sdlust.com
Standards referenced: W3C Verifiable Credentials Data Model 2.0 · SMART Health Cards · HL7 FHIR