For doctors & healthcare teams

Use AI on patient documents without breaching confidentiality.

You shouldn't have to strip every patient identifier out of a referral letter by hand before pasting it into ChatGPT or Claude — and then put them all back afterwards. That's what we do for you, automatically, before anything leaves your computer.

No card required. You land straight in a simple chat — drop a file and ask.

What the AI actually sees
Eleanor VossPatient 1
DOB 14 Mar 1962Date 1
MRN 4471-0088Record X
St. Aldric's ClinicFacility A
The answer you download has the real names put back. ✓ The AI never saw them.

How it works

Three steps. No setup, no training, nothing to install. If you can attach a file to an email, you can use this.

1

Drop your file

Drag in the referral letter, discharge summary, clinic letter or report you're working on. Before anything leaves your computer, dates of birth, patient identifiers, emails and phone numbers are swapped for neutral placeholders automatically. Patient and clinician names are caught by a name-detection model that runs on your device too — and if it isn't ready yet, the send is held rather than risk a name slipping through.

2

Ask your question

"Summarise this discharge summary for the GP." "Turn these notes into a referral letter." "Explain this report in plain language for the patient." The AI does its work seeing only the placeholders — never who the patient actually is.

3

Download the answer

The reply comes back with the real names restored — automatically, exactly where they belong. No find-and-replace, no un-renaming, no copy-paste gymnastics. Just the finished answer.

We can't leak your patient data — we don't have it. The swap happens before your file leaves your machine, and we keep nothing afterwards: no copies of your documents, no copies of the answers. There is simply nothing on our side to breach, subpoena or lose.

Dates of birth, patient identifiers and contact details are caught deterministically, every time. Free-form patient and clinician names use a small name-detection model that also runs on your device; recall is strong on common names but not perfect (unusual or non-Latin names can be missed). For your most confidential files, install the desktop app — it tokenises the file itself entirely on your own machine before anything is sent to the AI, keeps your API key and logs local, and stores tokens in an encrypted vault.

Built for people bound by medical confidentiality

Doctors, nurses and healthcare teams carry one of the oldest confidentiality duties there is — and one of the most regulated, from GDPR's special-category rules to HIPAA. These are the guarantees that make AI compatible with that duty.

Nothing is stored

Your documents and the answers pass through and are gone. Zero retention — verified, not just promised.

Works with your files

PDF, Word, Excel, CSV, plain text — the files you already work in, no conversion or special format needed.

A signed receipt, every time

Each request produces a tamper-proof receipt showing what happened and what was protected. Keep it in the patient record as evidence of your diligence.

Confidentiality-friendly by design

Because patient identities never reach the AI provider and nothing is retained, using AI this way sits comfortably alongside GDPR, HIPAA and medical secrecy obligations. See the details — including the paperwork your data-protection officer will ask for.

Sound familiar?

The workarounds people use today are slow — and fragile.

The manual rename. "Patient A", "Clinic X", find-and-replace before pasting — then reversing it all in the answer, hoping you didn't miss one instance on page 14.

The retyped summary. Typing an anonymised version of the document by hand because uploading the real one feels wrong. Half an hour gone before the AI has even started.

The quiet rule-break. Pasting the real thing and hoping it's fine. It's the fastest option — and the one that can cost a patient's trust — or your registration.

The blanket ban. The firm forbids AI entirely, and the productivity gain everyone else is getting goes to your competitors instead.

Not in healthcare? There's a page for you too.

The duty of confidentiality isn't unique to medicine. If people trust you with their private affairs, this is built for you too.

Common questions

Plain answers, no fine print surprises.

Which AI does the answering?

The leading AI models — the same ones behind ChatGPT, Claude, Gemini and others. The difference is what they're allowed to see: with us in between, they get your question and a version of your document with all the identifying details replaced by placeholders. They do the thinking; they just never learn who it's about.

How do the real names get back into the answer?

The swap list — which real name maps to which placeholder — is created on your device and used to restore the answer on the way back to you. It's applied automatically, so the document you download reads exactly as if the AI had seen the real names all along.

What if I need to prove I handled a document properly?

Every request comes with a signed, tamper-proof receipt: a small certificate recording when the request happened and that the protections were applied. You can verify it independently, months later, and keep it in the patient record.

Do you keep a copy of my files?

No. We keep no copies of your documents, your questions or the answers. Once your download completes, it exists only on your machine. That's the point: we can't leak what we don't have.

Is this appropriate for patient data?

Health data is the most protected category there is, and that's exactly the situation this is built for: the identifying details are replaced on your device, the AI provider only ever sees placeholders, and we keep no copy of your content in the clear — no documents, no answers. Every request produces a signed receipt you can keep with the record. The documentation your data-protection officer will want — privacy policy, DPA, BAA — is linked from the trust centre and the footer of this page.

Is this hard to set up?

No. Create a free account and you land directly in a simple chat. Drop a file, ask your question — that's the whole workflow. Prefer to stay in the tools you already use? After you register, you can install a small browser add-on for Chrome or Firefox and keep using ChatGPT, Claude, Gemini or Grok as you do today — names, emails and account numbers are anonymised inside your browser before anything is sent, and the add-on downloads from your account page. (If your firm has an IT team that wants to connect it to internal systems, there's a full technical setup for them too, but you never need to touch it.)

Try it on a real letter — today.

Free to start, no card required. Drop a document, ask your question, and see the answer come back with the names where they belong.

Questions first? Write to hello@cloakapi.io — a human answers.