Privacy explained

How OpenRx handles data, in plain English.

This page exists so you can understand the product without reading a legal maze. OpenRx is designed to help people coordinate care, screening, medication access, and provider matching without turning every click into a hidden data transaction.

demo-first workflowswallet optionalminimal-context AI routing
Short version

In demo mode, the app uses sample patient data and does not need a personal account.

We do not sell your data to advertisers, insurers, pharmacies, or data brokers.

We only send the minimum context needed to answer a question or complete a workflow.

Wallet connection is optional and used as a pseudonymous profile identifier, not as your name.

You can use the product without creating a permanent identity in the app shell.

OpenRx is a personal health workflow tool, not a hospital, insurer, or clinician.

Trust posture

We built OpenRx to reduce healthcare friction, not to monetize patient exposure.

The design principle is simple: use the minimum information needed to move a workflow forward, keep the user in control of when identity becomes persistent, and avoid hiding sensitive behavior behind vague copy.

Default mode

Demo-safe exploration is a first-class path. The product should be understandable before you trust it.

Persistent mode

When you connect identity, the app should explain what is being stored, why, and what still stays out.

What stays local in demo mode
The interface can run on seeded demo records without requiring personal health information.
Care Plan tasks saved in demo mode stay in this browser and contain concise next-step summaries, not a full medical record.
Your session behavior is meant to be explorable before you commit any persistent identity.
Clearing local browser state removes the temporary client-side session context used for demo flows.
What changes if you connect a wallet
Connected wallet mode stores profile preferences against a pseudonymous wallet address.
Optional USDC tips on Base record only a payment transaction. Prompts, recommendations, names, insurance IDs, and patient identifiers are not written on-chain.
Wallet-linked preferences are meant for continuity of care coordination, not public disclosure.
What we do not do

Sell patient data to third parties

Hand your information to insurers for underwriting

Share your workflow history with employers

Use your prompts as ad-targeting inventory

Store full insurance IDs or Social Security numbers by design

Treat product analytics as a substitute for care consent

Workflow analytics
We track workflow events such as chat started, answer generated, source opened, care plan created, provider saved, tip completed, and red-flag safety triggered.
Events use a temporary pseudonymous session identifier and a small allowlist of status/category fields.
We do not log clinical prompts, names, phone numbers, medical-record numbers, insurance IDs, Social Security numbers, or full addresses in product analytics by default.
How AI is routed

Safety layer first, provider second

OpenRx routes AI requests through a safety and workflow layer before they reach any model provider. The exact provider behind a workflow may change over time as reliability, safety, and cost settings change, so we do not treat any one model vendor as permanent product infrastructure.

Minimum context only

We only send the prompt and the smallest amount of structured context needed for the task. We do not intentionally include Social Security numbers, insurance IDs, or wallet addresses in model requests.

Retention is provider-dependent

Where a provider offers no-training or reduced-retention controls, OpenRx is configured to prefer them. Provider-side policies can still differ by workflow, so we avoid promising that every provider behaves identically.

What the assistant cannot do

Diagnose conditions or replace a licensed clinician

Log directly into payer portals or hospital systems on your behalf

Interpret every workflow as a permanent medical record

Guarantee that a provider, insurer, or trial site will accept your case

Clinical boundary

OpenRx is not your doctor.

OpenRx is a personal coordination and decision-support product. It can help you organize questions, surface likely next steps, and reduce friction across care workflows. It does not replace a licensed clinician, hospital, or health plan, and it should not be treated like a legal medical record.

Your rights in the product

Use it without a full profile

You can explore much of OpenRx in demo mode before connecting a wallet or saving preferences.

Disconnect and minimize

You can disconnect the wallet-linked profile path and reduce what is associated with your session.

Ask how a workflow uses data

We owe you plain-language explanations of what a workflow needs and what leaves the browser.