Phase 2 — Technical Spec

Custom BLE Hardware · Cloud-Free Architecture

Draft — Aaron Smythe Prepared 17 May 2026 · info@theaiconsultant.co.uk

Phase 1 (B500 + Tuya SDK) validates the product concept. Phase 2 proves the cloud-free path is viable — a custom BLE device triggering an SOS event in the phone app without routing through Tuya Cloud. This removes the PRC jurisdiction, account termination risk, and GDPR Chinese data routing issues identified in the legal review.

Two workstreams run in parallel so neither waits on the other. Both feed the same decision at the end: which hardware path goes to launch.

Two parallel workstreams
Track A · Phase 1 carry-over

B500 + Tuya IoT App SDK

Hardware: KKM B500 (sent by Aaron)

Stack: Tuya IoT App SDK — Development Edition, registered May 2026

Proves: Full Tuya flow — BLE → Tuya Cloud → app → SOS action. Does the SDK integration work? Is latency acceptable?

⚠ Tuya Cloud dependency is baked into the B500 firmware. This track validates the concept, not the commercial architecture. Can't be used with TuyaOpen — B500 firmware is locked.
Track B · Phase 2 primary

XIAO ESP32S3 Sense + Native ESP-IDF

Hardware: Seeed Studio XIAO ESP32S3 Sense (~£11)

Stack: Espressif ESP-IDF + phone BLE library. No Tuya SDK. No cloud.

Proves: Direct BLE → phone → SOS without any cloud in the middle. Aaron owns the full stack. Removes every legal flag from the Tuya compliance review.

✓ If this works, Stage 3 is a custom PCB with ESP32 chip. No Chinese cloud dependency ever.
Hardware — XIAO ESP32S3 Sense

Amazon UK →  ·  Seeed Studio direct (Germany warehouse)

Dimensions21 × 17.8mm — postage stamp footprint
ChipESP32-S3 dual-core Xtensa LX7 at 240MHz
BLEBluetooth 5.0 / Bluetooth Mesh
Deep sleep14–34 μA — months on a coin cell in sleep
BatteryBuilt-in LiPo charge management (3.7V)
MicrophoneBuilt-in digital mic — no external hardware needed for voiceprint
AI / NNHardware neural network acceleration — runs ESP-Skainet keyword spotting on-device
Price$13.90 / ~£11 · 10+ units: $12.70 each
TuyaOpenSupported (ESP32-S3 board definition in repo) — can run either TuyaOpen or native ESP-IDF
Full BOM+ 500mAh LiPo (~£4) + tactile button (~£1) + LED = ~£16 total prototype cost
Software architecture — Track B
On-device firmware (ESP-IDF)
[Button GPIO] → 2–3s hold detection → BLE advertisement broadcast → LED confirmation flash → return to deep sleep after 10s
Phone app (Flutter / React Native)
[BLE Central scanner] → detects ESP32 UUID → parses event payload → SOS trigger flow → alert emergency contacts

The device is a BLE Peripheral — normally in deep sleep, wakes on button interrupt, broadcasts a custom advertisement packet (device ID + event type), then sleeps again. No Wi-Fi, no cloud, no Tuya SDK on the device. The phone is the internet gateway. BLE libraries are mature on both Flutter (flutter_blue_plus) and React Native (react-native-ble-plx).

Keyword trigger — Phase 2 investigation
On-device keyword spotting via ESP-Skainet — no voiceprint data ever transmitted

The XIAO ESP32S3 Sense has a built-in microphone and hardware neural network acceleration. This directly supports the silent keyword trigger Aaron described — and does it in a way that eliminates the Tuya biometric consent requirements entirely.

Why it's cleaner than Tuya's voiceprint: ESP-Skainet runs the keyword detection model on the device itself. The voiceprint never leaves the hardware — no upload to any cloud, no biometric data in transit, no consent flow complexity. GDPR position is simple: the data never exists as a record anywhere.

What to test in Phase 2:

Won't be production-ready in Phase 2, but will confirm whether the feature is viable at this hardware cost point before committing to custom PCB design.

Phase 2 success criteria
TestPass condition
BLE trigger → phoneSOS event received within 3 seconds of button hold completing
Battery lifeDevice runs >30 days on 500mAh LiPo in normal sleep/wake pattern
Accidental trigger rejectionSingle press (<2s) does not trigger SOS — meets Tuya Compliance §I.4 standard
RangeBLE maintained at 10m through one internal wall
Keyword detection (stretch)>85% detection rate in quiet room, <5% false positive rate
Track A comparisonBoth flows documented — latency, reliability, UX differences noted
Hardware to order now
ItemSourcePriceDelivery
XIAO ESP32S3 Sense Amazon UK · Seeed Studio (Germany warehouse) ~£11–14 1–5 days
500mAh LiPo battery Pimoroni / Amazon UK ~£4 1–2 days
Tactile button assortment Amazon UK ~£3 1–2 days
Breadboard + jumper wires Amazon UK / already have ~£3 1–2 days
Total ~£21

Also: chase Aaron on B500 dispatch for Track A. Both likely arrive on similar timelines — run in parallel rather than sequentially.

Indicative timeline
Week 1
Hardware arrives. Flash ESP-IDF test firmware. Confirm BLE advertisement visible on phone BLE scanner.
Week 2
Build button hold logic + BLE payload structure. Integrate BLE trigger in phone app — basic SOS action fires.
Week 3
Battery life measurement. Range test. Accidental trigger testing. Track A (B500 + Tuya SDK) integration running in parallel.
Week 4
Keyword detection experiment with ESP-Skainet (stretch). Compare Track A vs Track B side by side. Document findings for Phase 3 decision.
Why this path sidesteps the GDPR problem
ESP32 native = no Chinese data routing = clean GDPR position

The legal review identified Chinese data routing as the core GDPR risk on the Tuya path — location data, emergency contacts, and SOS events all flowing through Tuya's Chinese cloud infrastructure, with Tuya explicitly disclaiming all liability and PRC law governing any dispute.

The ESP32 native route removes this entirely. The data flow becomes:

[Device] → BLE → [Phone] → [Your backend, hosted in UK/EU] → [Emergency contact]

No Chinese infrastructure touches the data at any point. You choose where the backend lives, you control the data, you write the privacy policy. GDPR compliance becomes a standard exercise — lawful basis for processing location data, a proper privacy policy, UK ICO registration when you cross the threshold. Complex, but manageable. Not the same as trying to justify routing UK users' emergency contact data through servers in China under PRC law.

What disappears from the legal risk register if Track B works:

What remains: standard UK GDPR compliance (lawful basis, privacy policy, ICO notification at commercial scale). This is normal software product compliance, not the exotic Chinese-cloud problem.

Phase 3 — indicative manufacturing costs

⚠ These figures are indicative estimates based on current Chinese manufacturing rates for similar IoT devices. Actual quotes will vary depending on final PCB complexity, component choices, and enclosure spec. Treat as ballpark for planning — not production quotes.

The route: design a PCB → assemble at JLC PCB in China (no minimum order, components sourced from their LCSC warehouse) → off-the-shelf ABS enclosure → battery + ring-pull hardware. No ODM relationship needed at small quantities.

One-time costs
PCB design (freelancer, Fiverr/Upwork)£200–400
Custom injection mould (not needed until 500+ units)~£2,000
Per-unit components (est.)
ESP32-C3 module~£1.20
Other components + PCB + assembly~£1.00
500mAh LiPo battery~£1.30
Enclosure (stock ABS)~£0.80
Ring-pull lanyard + jack~£0.50
Logo (pad print or vinyl)~£0.15
QuantityEst. run costEst. per unitNotes
10 units~£160~£16Setup costs dominate — useful for pre-production testing only
50 units~£280~£5.60Sweet spot for MVP / investor demo run. Stock enclosure + vinyl logo.
100 units~£440~£4.40Pad-printed logo viable. Early customer pilots.
500 units~£1,400~£2.80Custom injection mould now worth it (~£2k tooling, one-time)
1,000 units~£2,400~£2.40Mould amortised, full custom branding
The comparison that matters
Tuya commercial SDK licence ~£4,000 Cloud access only. No hardware. Chinese data routing. Ongoing dependency.
50-unit ESP32 first run (incl. PCB design) ~£480–680 50 physical branded devices. Own the stack. No ongoing fees. Clean GDPR position.
100-unit ESP32 run (PCB design already done) ~£440 £4.40/unit. Investor demo quality. Ready for early user testing.
End of Phase 2 — decision point
If Track B works ✓

Proceed to custom PCB

ESP32-S3 (with mic) or ESP32-C3 (cheaper, no mic) PCB design. Espressif-ecosystem ODM factories — well-trodden path. Target unit cost £3–6 at 1,000+ units. No Tuya dependency. No GDPR exposure from hardware layer.

If Track B has issues

Tuya-cloud path for launch

Fall back to Track A (Tuya SDK) for commercial launch with documented migration plan. Phase 1 legal mitigations still apply — GDPR opinion, account termination contingency, voiceprint consent flow.