Data Practices · Privacy · Beta Phase
Plain language. No jargon. What goes where, what's stored, what isn't, and how to use the tool safely while it's in beta.
They work differently and have different data practices. It's worth understanding which one you're using.
When you type a message into the public concierge, it travels via an encrypted connection through a Cloudflare Worker (a secure intermediary server) to Anthropic's API — the same technology that powers Claude. The response comes back the same way.
Nothing is stored. When you close the browser, the conversation is gone. There is no database, no log, no record. The next person to open the concierge starts completely fresh, as will you if you return tomorrow.
Anthropic processes the messages to generate responses but does not use API conversations for AI training under their standard API data handling terms. Your messages are not used to train any AI model.
The client concierge stores your conversation history so it can remember what you've discussed across multiple visits. This is stored in a secure EU-based database (Frankfurt, Germany) operated by Supabase — a reputable infrastructure provider used by thousands of applications.
Your conversation is linked to a random session token stored in your browser — not to your name, email address, or any identifying information. Stephen cannot look up "what did client X say" without knowing their session token, which exists only in their browser.
If you clear your browser history, use a different browser, or switch devices, your conversation history becomes inaccessible — effectively deleted from a practical standpoint.
No password is required at present. Proper authenticated login is on the development roadmap and will be implemented before the tool moves out of beta for wider use.
Both concierges are most useful when you're specific about symptoms, history, and what you've tried. Here's how to get the most from them while staying sensible about personal data.
Think of the concierge like a knowledgeable clinical conversation — useful precisely because you can be specific and honest about what's happening. Treat it the way you'd treat a conversation in a consulting room, not a secure medical record system.
For those who want to know exactly what infrastructure is involved:
The intake forms on the client portal (detective-health.com/clients) submit directly to Stephen via Netlify Forms. This data goes only to Stephen's Netlify account and is handled under standard clinical confidentiality — the same way a paper intake form or an email would be.
The clinical analysis tools (blood chemistry analyser, GI-MAP interpreter, DUTCH tool and others) run entirely within your browser. The data you enter into these tools does not leave your device unless you are using the AI interpretation feature, in which case it passes through the same Anthropic API route described above.
When using the AI interpretation tools: enter marker values and patterns rather than your full name alongside a complete medical history. The clinical analysis is just as useful without combining identifying information.
Under UK GDPR you have the right to request deletion of any personal data held about you. For the client concierge, clearing your browser history removes your session token and makes your conversation history inaccessible. If you want the underlying data permanently deleted from the database, email hello@detective-health.com and it will be removed within 72 hours.
For intake form submissions, contact Stephen directly via Practice Better or email and any submission can be deleted on request.
This page will be updated as the concierge moves out of beta and proper authentication is implemented. The full Detective Health privacy policy covers the broader website.
Questions about data, privacy, or how any of this works?
hello@detective-health.com — Stephen reads every email.