During the height of the COVID-19 pandemic, SafePass began as a secure mobile application for storing encrypted vaccination documentation on the blockchain. But when news broke of a pending federal vaccination mandate for companies with over 100 employees, the problem space changed overnight. Employers across the country were about to become responsible for tracking not only the vaccination status of their workforce, but also weekly testing, exemption requests, and live proctoring of tests—all while maintaining HIPAA compliance and data security at scale.
So we built it.
In less than a month, our small team designed, built, tested, and deployed a national-scale infrastructure to support SafePass Corporate: a fully managed vaccine and testing compliance system. It supported real-time test tracking, live video proctoring, HIPAA-compliant data storage, and end-to-end employee management. By the time the Supreme Court struck down the mandate, our system was already live, deployed, and in use by several Fortune 100s.
We write more software than most teams many times our size. I’ve personally been coding daily for over 25 years—even in executive roles—and our team follows a development discipline that looks very different from typical enterprise dev shops.The key is this: we don’t write much code manually. Over 95% of our SQL, C#, and JavaScript code is generated and maintained by AI. Not hallucination-prone LLMs, but deterministic systems powered by Buffaly and our ontology engine. Long before ChatGPT was released, we’d already built AI-driven pipelines that:
One of our golden rules: application code is not allowed to touch the database directly. All interactions flow through stored procedures. No raw SQL, no dynamic LINQ, no entity framework magic. That decision alone gives us:
From this structure, the entire system becomes self-documenting, stable, and lightning-fast to iterate. When testing rules changed, we updated the ontology, and Buffaly re-generated the affected procedures, APIs, and logic trees. When workflows changed, we recompiled the system model, not the code.
Managing test results and vaccination records across thousands of employees is complex on its own. Add in:
...and you’ve got a serious compliance system. But because our platform is built on structured, semantically-aware rules rather than sprawling, handwritten business logic, we were able to implement every one of these features cleanly, with minimal fragility.
Yes, the mandate was ultimately blocked by the Supreme Court. But that doesn’t change what we accomplished: a real-time, national-scale medical compliance system, deployed in less than a month, live-tested with Fortune 100s, and built entirely on first principles that we still use today.
We’ve continued to rely on the same foundation—semantic rules, Buffaly, OGAR, and a pipeline that respects code as structure, not as artisanal craft. When new problems emerge, we don’t write more code. We evolve the model.
That’s how SafePass was built. And it’s still how we build today.
