Privacy
Updated 4 July 2026
This notice covers the clindesk.ai website and the surrounding services a ClinDesk customer touches, the subscription checkout, the license-verification call the desktop app makes, and the encrypted push relay that forwards notifications to the ClinDesk phone app.
By default, the ClinDesk desktop application processes patient data on your own computer. Patient names, phone numbers, message contents, and generated replies do not leave your computer in readable form unless you enable the secure cloud AI option described below. When the desktop app sends a notification to your paired phone, it first encrypts the full payload with a key only your computer and your phone hold, then hands the ciphertext to our relay, neither we nor Apple can decrypt it.
Who we are
The controller responsible for this website is ClinDesk LLC, 30 N Gould St, STE R, Sheridan, WY 82801, USA. Contact: emin@clindesk.ai.
What data we process
We keep this lean. There are no sign-up forms, no accounts, no tracking cookies. Data is processed only in the situations below:
1. When you load a page
Our hosting provider, Cloudflare, Inc., automatically receives technical data needed to serve the page: your IP address, user agent, the URL requested, timestamp, and basic HTTP headers. This is standard for any website and is kept only for short-term operational and security purposes.
2. Analytics
We use Cloudflare Web Analytics to understand which pages are visited and how the site performs. It is cookie-less and does not use cross-site identifiers. It collects anonymised page-view and performance metrics (e.g. page path, country, device type, Core Web Vitals).
You can read Cloudflare's documentation on this product at cloudflare.com/web-analytics.
3. When you email us
If you email us (for example to request beta access), we receive your email address and whatever you choose to include in your message. We use this only to reply to you. Email is delivered via Google Workspace (our email provider).
4. When you subscribe to ClinDesk
Subscription checkout and billing are operated by Paddle.com Market Limited as our merchant of record. When you purchase, Paddle collects and processes your email address, billing address, payment details, and tax information. We do not see your card details, Paddle handles the payment flow end-to-end and is PCI-DSS Level 1 certified.
We receive back from Paddle only what we need to keep your subscription working: your email, subscription status (active, past due, canceled), and the license key generated at checkout. See Paddle's own privacy notice at paddle.com/legal/privacy for full details.
5. When your desktop app verifies its license
The ClinDesk desktop app periodically contacts our license server at relay.clindesk.ai with your license key to confirm the subscription is active. The server returns a signed receipt containing your subscription status and the email address on the subscription. The server sees your IP address at the time of the call. No patient data is sent or received. This service runs on Cloudflare Workers.
5a. If you enable the secure cloud AI option
Secure cloud AI is optional and is intended for computers that do not meet ClinDesk's 32 GB memory requirement or cannot run the on-device AI reliably. If enabled, prompts, voice-note audio chunks, photos, and readable document pages are sent over authenticated HTTPS to ClinDesk's API relay and forwarded to OpenRouter for transient inference under a Zero Data Retention policy. Your conversations, memory, charts, media files, WhatsApp state, approvals, and drafts remain stored on your computer. The ClinDesk app stores clinic data locally on your device; ClinDesk LLC's cloud services, Cloudflare, and OpenRouter do not hold cloud copies of the secure cloud AI request or response.
OpenRouter routes these requests under Zero Data Retention (ZDR): the prompt and the model's response are not retained after the request and are not used to train models. You can read OpenRouter's Zero Data Retention documentation for details.
6. When the desktop app sends you an encrypted notification
If you pair the ClinDesk app on your iPhone or Android phone with your computer, your computer encrypts each notification with a key that only your two devices share, then posts the ciphertext to our push relay at relay.clindesk.ai. The relay forwards it to Apple Push Notification service (APNs) on iPhone, or Firebase Cloud Messaging (FCM) on Android, for delivery to your phone. Neither we, Apple, nor Google can decrypt the payload. The relay briefly sees your device push token (so APNs or FCM knows where to deliver) and the ciphertext size, and then forgets the message.
Cookies
We do not set cookies on this website.
Legal bases
Under the EU GDPR and applicable US state privacy laws, we rely on:
- Legitimate interest, to serve the site, keep it secure, and understand aggregate, non-identifying usage (analytics).
- Performance of a (pre-)contract or your request, when you email us about the product.
Recipients and transfers
We share personal data with the following processors and sub-processors, only as needed to operate ClinDesk:
- Cloudflare, Inc. (USA), hosts the marketing site and Web Analytics, the license-verification and push-relay worker at
relay.clindesk.ai, and serves app downloads from R2. - OpenRouter, Inc. (USA), provides transient cloud AI inference under a Zero Data Retention policy when you enable the secure cloud AI option. It receives only the request content needed to generate a response and does not retain it.
- Paddle.com Market Limited (UK, with US and EU entities), merchant of record for subscriptions; handles checkout, payment, tax, invoicing, and the customer billing portal.
- Apple Inc. (USA), delivers encrypted push notifications from your computer to your paired iPhone via APNs. Receives ciphertext only.
- Google LLC (USA), delivers encrypted push notifications from your computer to your paired Android phone via Firebase Cloud Messaging (FCM), receiving ciphertext only, and provides Google Workspace email delivery when you write to us.
These transfers outside the EU/EEA are covered by the providers' standard safeguards (e.g. standard contractual clauses, adequacy mechanisms where applicable).
Retention
- Server logs: short-term, as managed by Cloudflare.
- Analytics: aggregated, retained by Cloudflare according to their policy.
- Clinic records, conversations, memory, charts, media files, WhatsApp state, approvals, and drafts: stored locally by the ClinDesk app on your device. ClinDesk LLC's cloud services and Cloudflare do not hold cloud copies.
- Emails you send us: kept as long as needed to handle your enquiry, and then archived or deleted.
Your rights
You can ask us to access, correct, or delete personal data we hold about you, restrict or object to processing, and, where applicable, receive it in a portable form. You can also lodge a complaint with a supervisory authority (in the EU, your local data protection authority). To exercise any of these rights, email emin@clindesk.ai.
Automated decision-making
We do not use your personal data for automated individual decisions, including profiling, that produce legal effects concerning you or similarly significantly affect you. The clinical signals the desktop app generates (intake summaries, urgency flags) are heuristics shown to a clinician, who makes every decision; they are not used for any decision about you as a website visitor or subscriber.
Data breaches
In the unlikely event of a personal-data breach, we will notify the relevant supervisory authority and (where required by law) you directly, within the timeframes set by the EU GDPR (typically 72 hours for the authority where applicable) and any applicable US state laws. Because the desktop app processes patient data only on your own device, a breach of our services would not, by design, expose patient names, conversations, or summaries.
For clinics under the GDPR
If you are a clinic in the EU/EEA or UK and your supervisory authority requires a Data Processing Agreement, write to us at emin@clindesk.ai and we'll provide one. Note that, by design, ClinDesk does not transmit patient data to us, it is processed on your own computer. The personal data we do process on your behalf (license email, subscription status, anonymized push-relay traffic) is described above.
No sale of personal data
We do not sell your personal data, do not share it for cross-context behavioural advertising, and do not provide it to data brokers.
Security
The site is served over HTTPS. We do not collect sensitive data through the site.
Children
This website is aimed at medical professionals and is not directed at children.
Changes
We may update this notice as the site evolves. The "last updated" date above reflects the most recent change.