LeptonX never receives, stores, processes, or transmits patient medical data. This is not a policy commitment — it is an architectural fact. This page explains what that means in practice.
Last updated: May 19, 2026
Most privacy policies begin with a description of how a company collects, stores, processes, and protects your personal data. This one begins differently.
LeptonX does not collect, receive, store, process, manage, transmit, or ever need to destroy any patient medical data. Not in the cloud. Not on our servers. Not temporarily. Not in anonymized form. Not ever.
All medical record ingestion, indexing, retrieval, and AI inference occurs exclusively on hardware owned by and located in the physical premises of the patient. LeptonX provides the software and the intelligence architecture. The patient provides — and retains sole custody of — the data.
The most important conversations about your health happen between you and your physician. Maya helps you arrive at them prepared.
Privacy is the means. The conversations are the end. LeptonX is built so the means never compromises the end.
You cannot be breached for data you never held. LeptonX has structurally eliminated the category of liability that defines the medical AI industry. Every obligation created for medical data custodians — HIPAA, GDPR, CCPA, state health data privacy laws — is an obligation LeptonX structurally cannot have.
For absolute clarity, LeptonX never collects, accesses, or processes any of the following:
All of the above resides exclusively on your own device and is never transmitted to LeptonX or any third party.
LeptonX collects a limited set of non-medical information necessary to operate its business. This data never includes any health information.
When you visit our website, we may collect:
We do not use tracking pixels, behavioral advertising, or third-party analytics that sell or share visitor data. We do not sell, rent, or share visitor information with any third party for marketing purposes.
For patients who opt in, LeptonX offers an optional cloud-based settings synchronization service. This service stores only the following:
| What the Cloud Stores | What the Cloud Never Sees |
|---|---|
| Voice speed and persona preferences | Medical records of any kind |
| Custom pronunciation lexicon entries | Lab results, diagnoses, or treatment history |
| RAG retrieval parameters you've tuned | Wearable health data |
| Wearable device mappings and format rules | Your name, date of birth, or any identifier |
| Notification and UI layout preferences | Your queries or conversation history |
| A random UUID — never your name or identity | Anything clinically meaningful |
The only thing LeptonX stores in the cloud is the shape of your preferences — never the substance of your health. A complete breach of our cloud settings infrastructure would reveal nothing about any patient's medical history.
This service is entirely optional. You can decline cloud settings sync with no loss of product functionality. All on-device processing — record retrieval, voice interaction, pattern search — operates fully on your device regardless of this setting.
When you initiate a software update (updates are always patient-initiated, never automatic), your device may transmit:
No health data, no patient identity, and no query history is ever included in update telemetry. Update checks occur only when you initiate them — LeptonX never pushes updates to your device without your explicit action.
You may optionally opt in to share anonymized, non-medical product usage telemetry to help improve the platform. If enabled, this may include:
This telemetry is stripped of all identifying information before transmission. Differential privacy techniques with ε ≤ 1 are applied locally on the device before any data leaves. IP addresses are discarded at the ingestion layer. Random telemetry tokens are regenerated periodically and are never mapped to patient identity.
This telemetry is off by default. You must explicitly opt in. Opting out has no effect on product functionality.
LeptonX's architecture is specifically designed so that LeptonX does not meet the definition of a Covered Entity or Business Associate under HIPAA, because LeptonX never creates, receives, maintains, or transmits Protected Health Information on behalf of a covered entity or individual.
This is not a loophole or a technicality. It is the core architectural principle of the company. The most private system is one that never communicates with the outside world. LeptonX builds that system.
That said, LeptonX voluntarily aligns its security practices with recognized frameworks including:
LeptonX does this not because it is required — but because voluntary alignment with the highest standards reflects the company's commitment to trust and transparency.
All your medical data resides exclusively on hardware owned by and physically located on your own premises. LeptonX does not operate data centers, cloud storage, or remote processing infrastructure for patient data.
Your device is the data center. It sits in your home, under your roof, on your terms. You control:
LeptonX cannot remotely access, read, modify, delete, or interact with the data on your device. The system is designed with no backdoor, no remote management capability, and no silent data transmission.
When you authorize your LeptonX device to connect to Epic MyChart, the authorization occurs directly between your device and the Epic FHIR API. LeptonX provides the software that enables this connection. LeptonX never sees, proxies, or intermediates the FHIR data transfer. Your OAuth2 access token, refresh token, and retrieved medical records remain exclusively on your device.
The LeptonX website (leptonx.org) loads fonts from Google Fonts. This is a standard web practice. Google's privacy policy governs their handling of any data associated with font delivery. No medical or patient data is involved.
LeptonX does not display advertisements. LeptonX does not sell, license, or share any user data — medical or otherwise — with advertisers, data brokers, insurance companies, employers, pharmaceutical companies, or any other third party. This is a permanent, structural commitment, not a policy that can be changed at the discretion of management.
LeptonX does not retain your medical data because it never possesses it. If you wish to delete your local records, you can do so at any time by deleting the data from your own device. No request to LeptonX is necessary because LeptonX has no copy to delete.
Information submitted through our website contact forms is retained only for the purpose of responding to your inquiry. You may request deletion of your contact information at any time by emailing privacy@leptonx.org.
If you have enabled optional cloud settings sync, you may request deletion of your synced preferences at any time. Upon request, your settings profile (identified only by a random UUID) will be permanently deleted within 30 days.
For the limited non-medical data LeptonX does handle (website operations, contact forms, optional settings sync), we implement:
For device-side security, LeptonX devices implement:
LeptonX does not knowingly collect personal information from children under 13. Our products are intended for adult patients or for use by authorized adult caregivers. If we learn that we have inadvertently collected personal information from a child under 13 through our website, we will delete it promptly.
LeptonX's architecture is inherently compliant with international data residency requirements because patient data never leaves the patient's physical premises. There is no cross-border data transfer of medical information to comply with because no transfer occurs.
For the limited non-medical data associated with our website and optional services (Section 3), data may be processed in the United States. By using our website, you consent to this processing. If you're in the EU, you have rights under GDPR to access, correct, and delete your personal data — contact privacy@leptonx.org to exercise these rights.
We may update this privacy policy to reflect changes in our practices or applicable law. Material changes will be posted on this page with an updated "Last updated" date. Our fundamental architectural commitment — that LeptonX never possesses patient medical data — is not a policy position that can be changed. It is a structural property of the system's design.
LeptonX LLC
Privacy Inquiries: privacy@leptonx.org
General Inquiries: contact@leptonx.org
Website: www.leptonx.org
If you have questions about this privacy policy, our data practices, or the architectural design of our privacy protections, we welcome your inquiry. We believe transparency is a competitive advantage, and we are happy to explain any aspect of our approach in detail.
Most privacy policies are written to describe how a company handles the tension between using your data and protecting it. LeptonX does not have that tension. We built a system where the question "what happens to my data?" has the simplest possible answer: it stays exactly where it is. On your device. In your home. Under your control. Always.