Privacy

Updated 4 July 2026

This notice covers the clindesk.ai website and the surrounding services a ClinDesk customer touches, the subscription checkout, the license-verification call the desktop app makes, and the encrypted push relay that forwards notifications to the ClinDesk phone app.

By default, the ClinDesk desktop application processes patient data on your own computer. Patient names, phone numbers, message contents, and generated replies do not leave your computer in readable form unless you enable the secure cloud AI option described below. When the desktop app sends a notification to your paired phone, it first encrypts the full payload with a key only your computer and your phone hold, then hands the ciphertext to our relay, neither we nor Apple can decrypt it.

Who we are

The controller responsible for this website is ClinDesk LLC, 30 N Gould St, STE R, Sheridan, WY 82801, USA. Contact: emin@clindesk.ai.

What data we process

We keep this lean. There are no sign-up forms, no accounts, no tracking cookies. Data is processed only in the situations below:

1. When you load a page

Our hosting provider, Cloudflare, Inc., automatically receives technical data needed to serve the page: your IP address, user agent, the URL requested, timestamp, and basic HTTP headers. This is standard for any website and is kept only for short-term operational and security purposes.

2. Analytics

We use Cloudflare Web Analytics to understand which pages are visited and how the site performs. It is cookie-less and does not use cross-site identifiers. It collects anonymised page-view and performance metrics (e.g. page path, country, device type, Core Web Vitals).

You can read Cloudflare's documentation on this product at cloudflare.com/web-analytics.

3. When you email us

If you email us (for example to request beta access), we receive your email address and whatever you choose to include in your message. We use this only to reply to you. Email is delivered via Google Workspace (our email provider).

4. When you subscribe to ClinDesk

Subscription checkout and billing are operated by Paddle.com Market Limited as our merchant of record. When you purchase, Paddle collects and processes your email address, billing address, payment details, and tax information. We do not see your card details, Paddle handles the payment flow end-to-end and is PCI-DSS Level 1 certified.

We receive back from Paddle only what we need to keep your subscription working: your email, subscription status (active, past due, canceled), and the license key generated at checkout. See Paddle's own privacy notice at paddle.com/legal/privacy for full details.

5. When your desktop app verifies its license

The ClinDesk desktop app periodically contacts our license server at relay.clindesk.ai with your license key to confirm the subscription is active. The server returns a signed receipt containing your subscription status and the email address on the subscription. The server sees your IP address at the time of the call. No patient data is sent or received. This service runs on Cloudflare Workers.

5a. If you enable the secure cloud AI option

Secure cloud AI is optional and is intended for computers that do not meet ClinDesk's 32 GB memory requirement or cannot run the on-device AI reliably. If enabled, prompts, voice-note audio chunks, photos, and readable document pages are sent over authenticated HTTPS to ClinDesk's API relay and forwarded to OpenRouter for transient inference under a Zero Data Retention policy. Your conversations, memory, charts, media files, WhatsApp state, approvals, and drafts remain stored on your computer. The ClinDesk app stores clinic data locally on your device; ClinDesk LLC's cloud services, Cloudflare, and OpenRouter do not hold cloud copies of the secure cloud AI request or response.

OpenRouter routes these requests under Zero Data Retention (ZDR): the prompt and the model's response are not retained after the request and are not used to train models. You can read OpenRouter's Zero Data Retention documentation for details.

6. When the desktop app sends you an encrypted notification

If you pair the ClinDesk app on your iPhone or Android phone with your computer, your computer encrypts each notification with a key that only your two devices share, then posts the ciphertext to our push relay at relay.clindesk.ai. The relay forwards it to Apple Push Notification service (APNs) on iPhone, or Firebase Cloud Messaging (FCM) on Android, for delivery to your phone. Neither we, Apple, nor Google can decrypt the payload. The relay briefly sees your device push token (so APNs or FCM knows where to deliver) and the ciphertext size, and then forgets the message.

Cookies

We do not set cookies on this website.

Legal bases

Under the EU GDPR and applicable US state privacy laws, we rely on:

  • Legitimate interest, to serve the site, keep it secure, and understand aggregate, non-identifying usage (analytics).
  • Performance of a (pre-)contract or your request, when you email us about the product.

Recipients and transfers

We share personal data with the following processors and sub-processors, only as needed to operate ClinDesk:

  • Cloudflare, Inc. (USA), hosts the marketing site and Web Analytics, the license-verification and push-relay worker at relay.clindesk.ai, and serves app downloads from R2.
  • OpenRouter, Inc. (USA), provides transient cloud AI inference under a Zero Data Retention policy when you enable the secure cloud AI option. It receives only the request content needed to generate a response and does not retain it.
  • Paddle.com Market Limited (UK, with US and EU entities), merchant of record for subscriptions; handles checkout, payment, tax, invoicing, and the customer billing portal.
  • Apple Inc. (USA), delivers encrypted push notifications from your computer to your paired iPhone via APNs. Receives ciphertext only.
  • Google LLC (USA), delivers encrypted push notifications from your computer to your paired Android phone via Firebase Cloud Messaging (FCM), receiving ciphertext only, and provides Google Workspace email delivery when you write to us.

These transfers outside the EU/EEA are covered by the providers' standard safeguards (e.g. standard contractual clauses, adequacy mechanisms where applicable).

Retention

  • Server logs: short-term, as managed by Cloudflare.
  • Analytics: aggregated, retained by Cloudflare according to their policy.
  • Clinic records, conversations, memory, charts, media files, WhatsApp state, approvals, and drafts: stored locally by the ClinDesk app on your device. ClinDesk LLC's cloud services and Cloudflare do not hold cloud copies.
  • Emails you send us: kept as long as needed to handle your enquiry, and then archived or deleted.

Your rights

You can ask us to access, correct, or delete personal data we hold about you, restrict or object to processing, and, where applicable, receive it in a portable form. You can also lodge a complaint with a supervisory authority (in the EU, your local data protection authority). To exercise any of these rights, email emin@clindesk.ai.

Automated decision-making

We do not use your personal data for automated individual decisions, including profiling, that produce legal effects concerning you or similarly significantly affect you. The clinical signals the desktop app generates (intake summaries, urgency flags) are heuristics shown to a clinician, who makes every decision; they are not used for any decision about you as a website visitor or subscriber.

Data breaches

In the unlikely event of a personal-data breach, we will notify the relevant supervisory authority and (where required by law) you directly, within the timeframes set by the EU GDPR (typically 72 hours for the authority where applicable) and any applicable US state laws. Because the desktop app processes patient data only on your own device, a breach of our services would not, by design, expose patient names, conversations, or summaries.

For clinics under the GDPR

If you are a clinic in the EU/EEA or UK and your supervisory authority requires a Data Processing Agreement, write to us at emin@clindesk.ai and we'll provide one. Note that, by design, ClinDesk does not transmit patient data to us, it is processed on your own computer. The personal data we do process on your behalf (license email, subscription status, anonymized push-relay traffic) is described above.

No sale of personal data

We do not sell your personal data, do not share it for cross-context behavioural advertising, and do not provide it to data brokers.

Security

The site is served over HTTPS. We do not collect sensitive data through the site.

Children

This website is aimed at medical professionals and is not directed at children.

Changes

We may update this notice as the site evolves. The "last updated" date above reflects the most recent change.