Your data stays on your phone — what "device-first" really means

MediBrief keeps your medical records encrypted on your own phone, not on our servers. That single design choice is what we mean by “device-first,” and it changes everything about how your privacy works.

Most apps ask you to trust that they’ll guard the data they hold about you. We took a different path: we decided not to hold it in the first place.

What “device-first” means

When you use a typical health app, your records are uploaded to the company’s servers. The company can read them, analyse them, keep backups, and in the worst case lose them in a breach. Your privacy depends entirely on that company’s promises and its security.

Device-first flips the model. Your records are stored and encrypted on your phone. The app works with your data locally, on the device that’s already in your pocket. We don’t keep a copy.

Why we chose it

Health data is about as personal as data gets, so we designed around three ideas:

• No central honeypot. The biggest health-data breaches happen because one server holds millions of people’s records. If there’s no central pile, there’s nothing for an attacker to steal in bulk.
• We can’t misuse what we don’t have. We can’t read, sell, or profile your records, because they’re not on our side to begin with.
• Privacy by architecture, not by promise. You shouldn’t have to take our word for it. The design itself is the guarantee.

How it actually works

A few pieces fit together to make this practical:

• Encrypted on-device storage. Your records are encrypted on your phone, protected by your device’s biometric lock.
• Two zones. A no-login Emergency Card for the essentials someone might need in a crisis, and a separate, biometric-locked zone for your full records. They stay apart by design.
• Consent-based linking. When you bring in records through your ABHA, the sharing happens with your time-bound consent, and what you pull in lands on your device, not ours.
• A backup you control. You can keep an encrypted backup so a lost or replaced phone doesn’t mean lost records, without that backup ever being readable by us.

The honest trade-offs

Device-first isn’t magic, and we won’t pretend otherwise. Because your data lives on your phone, keeping your backup current actually matters; it’s how you recover if a device is lost or damaged. And some cloud-style conveniences take more careful design when there’s no server quietly holding everything. We think that’s a fair trade for real privacy, and we build accordingly.

What about AI?

You may have seen MediBrief mention plain-language summaries of your records. That feature is coming later, not live today. When it does arrive, it will be built to process health data within India, in line with ABDM’s data-localization rules. We won’t quietly ship your records to some default overseas server to do it.

In short

Your records, on your phone, encrypted, under your control. We’re built to align with India’s DPDP Act and ABDM rules, and device-first is how we mean it, not just how we say it.