# In a regulated vertical, the data class is the product spec

- Category: product
- Author: Doru (https://indie.md/people/doru-bota/)
- Source: https://indie.md/journeys/doru-dentor/
- Canonical URL: https://indie.md/advice/design-for-the-data-class-from-day-one/

When Dentor stores diagnoses and dental images, it is handling special-category health data under Article 9 of the GDPR, which is prohibited by default and allowed only under strict conditions. For a vertical SaaS in a regulated space, that data class dictates the architecture before a single feature does: encryption, pseudonymization, access control, a DPIA, and a processor agreement are not add-ons, they are the schema. Find out which regulated data class you are touching before you design the first table, and let it shape the product from day one. Retrofitting compliance onto a finished app is far more expensive than building for it from the start.