Policy
Our Commitment to Healthcare Privacy
Dermi is built on a foundational commitment to healthcare privacy, reflected in every design decision from local-first architecture to zero data monetization.
August 21, 2025
4 min read
Privacy in healthcare technology is often described as a feature. At Dermi, it is treated as a foundational principle that shapes every aspect of the platform, from technical architecture to business model. This article outlines the specific commitments that guide how patient data is handled within Dermi Atlas.
Local-First Architecture
The most significant privacy decision in any software platform is where data is stored. Dermi Atlas Professional is deployed on infrastructure owned and operated by the healthcare practice. Patient images, records, and metadata remain on local storage. No patient data is transmitted to Dermi servers, third-party cloud providers, or any external system.
This is not a premium feature or an optional configuration. It is the default and only architecture for clinical deployments. The practice is the sole custodian of its patient data.
Zero Telemetry on Patient Data
Dermi Atlas does not collect analytics, telemetry, or usage data related to patient records or clinical images. There are no tracking pixels in the application, no anonymous usage statistics derived from patient data, and no behavioral analytics based on how clinicians interact with patient records.
No Data Monetization
The Dermi business model is based on software licensing. Patient data is never monetized, aggregated, de-identified for resale, or used for any purpose other than serving the practice that created it. There are no secondary data markets, no research partnerships that involve patient data access, and no advertising models that rely on patient information.
Transparency in Design
Privacy commitments are only meaningful when they can be verified. Dermi Atlas is designed to be transparent in its operations:
- The self-hosted architecture can be audited by the practice's own IT team
- Network traffic can be monitored to verify that no patient data leaves the local environment
- Audit logs provide a complete record of system activity for compliance verification
- All communication channels use TLS encryption, which can be independently verified
Long-Term Commitment
These privacy commitments are not temporary policies that might change with a new product release or business strategy. They are architectural decisions built into the foundation of the platform. Changing them would require rebuilding the product from scratch. This is by design: privacy commitments backed by architecture are more durable than those backed only by policy.
Healthcare practices trust Dermi with a critical part of their clinical workflow. That trust is earned by building a platform where privacy is not just promised but structurally guaranteed.
Was this article helpful?
Your feedback helps us improve our content
Read more news
Stay up to date with our latest announcements