A patient writing to a clinic on WhatsApp is telling them what hurts, what they took for it, what they’re afraid of. That conversation belongs in two places: between the patient and the clinic. Not on a third party’s server.
When we started building ClinDesk, the easiest path was the same one most AI clinic tools take: ship messages to a cloud, run a model, send replies back. Cheap, fast, and centralized. It also means the entire patient base of every clinic that signs up flows through one company’s infrastructure. We didn’t want to be that company, and our doctors didn’t want a tool that made them that company either.
So ClinDesk runs on the doctor’s Mac. The AI lives there. The patient history lives there. The drafts, the catalog, and the triage rules all live on disk, in plain files, in a folder you can open in Finder.
What that buys you, in practice:
- No accounts on our side. There is no ClinDesk database with your patients in it. There is no admin who could pull a report on your conversations.
- No vendor lock-in. If you stop using ClinDesk, your messages are still on your Mac. We have nothing to hand back to you, because we never had it.
- Compliance is simpler. Your data didn’t leave your control to begin with. The conversations Mexican federal law (LFPDPPP) protects stay on your device.
- Alerts to your phone are end-to-end encrypted. The Companion app on your iPhone or Android is the only thing that talks to a server, and that server can’t read what passes through it.
There’s a tradeoff, of course. Your Mac has to be on for ClinDesk to answer. We chose that tradeoff over the alternative.
If you’re a doctor evaluating tools, ask the vendor where the patient messages live. If the answer is “our cloud,” ask what happens to those messages if the company is acquired, breached, or shuts down. Then ask the same of ClinDesk.
The answer for us is short. They stay on your Mac.
All posts