Your data

Your health record
stays with you.

Most privacy pages are a policy written by a lawyer. This one is a description of how the software is built. The difference matters: a policy can change with a memo, but an architecture has to be rebuilt. We chose the harder one on purpose.

The guarantee

No patient health data everreaches Trial Beacon’s servers. The matching engine runs in your browser, in memory, on data your browser fetched directly from your patient portal. When you close the tab, the data is gone.

The boundary

What crosses
and what doesn’t.

Your browser is the trusted container. Our server never sees the inside of it.

Leaves your browser →

Goes to Trial Beacon’s server.

  • Nothing from your MyChart account.
  • Nothing about your conditions, labs, or medications.
  • Nothing that could identify you as a patient.

The only thing our server receives is a request for public trial data (which trials exist, what are their criteria) — the same data anyone could fetch from ClinicalTrials.gov.

Stays in your browser ↺

Held in memory, then discarded.

  • Your demographics, conditions, labs, and medications — read directly from MyChart by your browser.
  • The match results — generated locally, shown only to you.
  • Any questions you ask about a specific trial with your data attached (we don’t offer this).

We don’t write your data to localStorage, sessionStorage, cookies, IndexedDB, or anything else with a longer memory than the current page load.

The lifecycle

Four steps,
beginning to end.

Every place your data exists during a Trial Beacon session, in order.

  1. Your browser · Your patient portal

    You authorize the connection.

    You click “Connect MyChart,” log in through Epic’s own site, and grant Trial Beacon permission to read your health data. This is the same OAuth flow you’ve seen when connecting a bank to a budgeting app — handled entirely between you and Epic.

  2. Your browser ↔ Epic

    Your browser fetches your record.

    Using the access token Epic issues, your browser — not our server — downloads your FHIR resources: conditions, observations, medications, demographics. The data travels from Epic to your tab. It does not pass through us.

  3. Your browser (in memory)

    The matching engine runs locally.

    We fetch the structured trial rules from our API (no patient data included in the request) and evaluate them against your record inside the page. The three-bucket result — met, not met, discuss — is computed on your device.

  4. Your browser

    You close the tab, and it’s gone.

    Your data is held in JavaScript memory for the session. When you close the tab, navigate away, or explicitly disconnect, the browser garbage-collects it. We have no copy. Nobody does.

What we do store

Public trial data,
nothing about you.

We run a Postgres database, because building a fast search over thousands of trials requires one. Here is what is in it:

Trial metadata
Title, phase, status, sponsor, cancer types, locations. Pulled weekly from ClinicalTrials.gov.
Structured eligibility rules
The free-text criteria from each trial, parsed into checkable rules by a language model. The model sees only the public trial text, never patient data.
Plain-language summaries
AI-generated explanations of what each trial involves. Again: generated from public trial text, not from your health record.

None of this data is about you. None of it was derived from your record. The trial database would look exactly the same whether a million people used Trial Beacon, or zero.

Your controls

What you can do,
at any time.

  • You can browse without connecting.

    The full trial database is searchable without any account, any login, or any health data.

  • You can disconnect and it’s immediate.

    A disconnect button is available whenever you’re connected. It revokes the session and clears your record from the page.

  • You never need to create an account.

    Trial Beacon has no user accounts, no profiles, no saved sessions across visits. There is nothing to log in to.

  • You can close the tab.

    That is also a disconnect. Your data has no persistence beyond the current page.

A final note

Privacy should be something you can verify, not something you have to take on faith. If you want to see how the matching engine is built, the source is open and the architecture is documented.

Questions about the data model or the security posture are welcome. For now, the simplest summary: the only thing Trial Beacon knows about you is whatever you ask us in a question about a trial — and even then, we never attach your record to the request.

Connect MyChartOr just browse trials →