open-chart
Get started
Encrypted in your browser. Read by you and only the people you choose.

Take ownership of your medical record.

Upload your labs, scans, and discharge notes. They’re encrypted in your browser before they ever reach our servers. Watch values trend across visits. Share specific records with new doctors using single-use links that even we can’t read.

Create your accountRead how the encryption works →

What you get

A health record that works the way you’d expect a 2026 app to work.

Encrypted before it leaves your device

Your password derives a key that lives only in your browser. We store sealed blobs we can't open. Only you — or someone you explicitly share a link with — can decrypt them.

AI that reads between the labs

Each upload is parsed for structured findings: HbA1c values, blood pressure readings, medication lists, abnormal flags. See trends across years in one chart with reference ranges.

Sharing built for referrals

Send a one-time-use link to a specialist. The decryption key lives in the URL fragment, never on our servers. Set it to expire. Revoke it anytime.

How it works

Four steps. Two minutes.

  1. 1

    Sign up

    Pick a password. Your browser derives a 256-bit master key from it using Argon2id. The key never leaves the device. We give you a one-time recovery code to print and store — it's the only way to recover the account if you forget the password.

  2. 2

    Upload a record

    Choose a lab PDF, an imaging report, a clinical note. Your browser encrypts it with a fresh per-file key, then uploads the ciphertext directly to our storage. The per-file key is wrapped under your master key and stored alongside the blob.

  3. 3

    Track findings

    An extractor reads the document and writes structured rows: code, value, unit, reference range, date. These power the trend dashboard. You'll see this is the one moment plaintext briefly touches our servers — we're explicit about it on the Security page.

  4. 4

    Share with a doctor

    Generate a link for a specific record. The decryption key lives in the URL fragment after the # — browsers don't send fragments to servers, so even we never receive it. Set the link to expire, cap the number of opens, revoke it from your dashboard anytime.

Honest about the trade-offs

We don’t pretend to be magic.

Building a useful health record means making careful trade-offs. We document each one in plain English. You should know exactly what we can see and what we cannot before you trust us with anything.

Read the security details →
What we cannot see

Your password. Your master encryption key. The contents of any record you've uploaded. The recipients of your share links.

What we can see

Your email. The structured findings extracted from your documents (so we can power trends). Timestamps of when you logged in, uploaded, downloaded, or shared. Hashed IP addresses for audit.

The one plaintext moment

During AI extraction, your browser sends the decrypted document to our extractor, which forwards it to an LLM and writes back only the structured findings. The plaintext is never stored on our servers and never logged. We're transparent about this because pretending otherwise would be dishonest.

Own your record. Free during the beta.

Sign up takes thirty seconds. The encryption work happens in your browser — we never see your password.

Create your account