Policy
Our Commitment to Healthcare Privacy
Dermi is built on a foundational commitment to healthcare privacy, reflected in every design decision from local-first architecture to zero data monetization.
September 4, 2025
2 min read
Privacy in healthcare technology is often described as a feature. At Dermi, it is treated as a foundational design principle that shapes both the technical architecture of the platform and the contractual commitments that govern it. This article outlines how patient data is handled within Dermi Atlas, with pointers to the legal documents that authoritatively describe each commitment.
Local-First Architecture
The most significant privacy decision in any software platform is where data is stored. Dermi Atlas Professional is deployed on infrastructure owned and operated by the healthcare practice. Patient images, records, and metadata remain on local storage and are not transmitted to Dermi servers or third-party cloud providers as part of normal clinical operations.
This is not a premium tier or an optional configuration. It is the default and only architecture for clinical deployments, so the practice remains the sole custodian of its patient data.
Zero Telemetry on Patient Data
Dermi Atlas Professional does not include analytics, telemetry, or usage tracking on patient records or clinical images, and no behavioral analytics are applied to how clinicians interact with patient records.
Software-Licensing Model
The Dermi commercial model is based on software licensing rather than the resale or secondary use of patient data. The handling of personal data, including any restrictions on secondary use, is governed by the Dermi Privacy Policy.
Transparency in Design
Privacy commitments are only meaningful when they can be verified. Dermi Atlas is designed to be transparent in its operations:
- The self-hosted architecture can be audited by the practice's own IT team.
- Network traffic can be monitored to verify that no patient data leaves the local environment.
- Audit logs provide a record of system activity for compliance verification.
- All communication channels use TLS encryption, which can be independently verified.
Architecture Plus Policy
The local-first architecture is a foundational design decision rather than a configurable feature. Changing it would require redesigning the platform. This structural choice is what allows the controls described above to operate without dependence on remote services. The contractual commitments that accompany it, and any future updates to them, are set out in the Dermi Privacy Policy.
Healthcare practices trust Dermi with a critical part of their clinical workflow. That trust depends on transparent technical architecture paired with the contractual commitments set out in the legal documents linked above.
Was this article helpful?
Your feedback helps us improve our content
Read more news
Stay up to date with our latest announcements