A HIPAA-grade CRM for birth workers — a company I founded and built. Next.js + Supabase. Fourteen practices in private beta, none lost to a competitor.
The problem
Birth workers — doulas, midwives, perinatal counselors — run their whole practice on group chats, paper intakes, and Google Docs. HIPAA is the law. Compliance is impossible without infrastructure that no software vendor has shipped for this market. So practitioners either break the law, pay $200 a month for software designed for dentists, or hand-roll a system that breaks the first time a client churns.
Why it matters
In the United States, non-Hispanic Black women die from maternal causes at 44.8 per 100,000 live births — roughly 3.15 times the rate of non-Hispanic white women (14.2) — per the CDC's Maternal Mortality Rates in the United States, 2024 release. Doulas and midwives — disproportionately Black women themselves — are one of the most evidence-supported interventions against that gap. The data they collect on their clients is sensitive, high-stakes, and almost never properly protected. The market hasn't shipped for these workers because the market doesn't see them. So I shipped.
Approach
01. I talked to 22 birth workers before writing a line of code. Across four weeks of unpaid conversations. I asked what they used now, what they hated about it, what they'd never give up, and what they'd pay for. Three patterns emerged: every practitioner had been hacked or scared into thinking they had been; nobody wanted a "platform"; everybody wanted intake to stop being the thing that ate their Sundays.
02. I designed intake as one progressive flow, not a form wall. Existing tools dump fifteen pages of medical forms on a pregnant person at 1 a.m. I built a single conversational flow that adapts to the practitioner's preferences and saves on every step. Intake completion went from a self-reported 40% in beta-zero to a measured 91% in beta-one.
03. I built encryption at the row level inside Supabase RLS, then I paid for two security reviews. Row-level security policies are the difference between a CRM that says "HIPAA-compliant" on the homepage and one that actually is. I wrote the policies, then I hired two outside security reviewers — one who specializes in healthcare, one who specializes in Postgres — to break them. They did, twice. Then they didn't.
04. I shipped to a closed beta of fourteen practitioners. Free for the first year in exchange for weekly feedback calls. Eight of them are still active after six months. Six have referred a peer. Zero have churned to a competitor.
What it became
Outcome
Fourteen practices in the beta, eight still active weekly at six months. Average twelve clients each. The first HIPAA-compliant CRM built for the doula market. A paid beta opens in Q3.
It is the first piece of software that treats my practice the way I treat my clients.