Chorus Sign in

Privacy & Security

Data architecture, de-identification, and access controls.

Updated June 18, 2026

Patient data in Chorus is stored exclusively on your device. The server never receives or retains drug levels, dosing histories, simulation results, or workspace files — it holds only your account and its settings.

1. Local-First Architecture

All pharmacokinetic simulation runs within your browser as compiled WebAssembly (WASM). Patient demographics, dosing events, drug concentration observations, and simulation results are stored in a local folder you select using the browser's File System Access API. This data never leaves your computer.

Workspaces can be placed on a secured network drive for team use. In that case, the security of the shared folder is the responsibility of the network administrator, not Chorus.

2. What the Server Receives

Apart from your account itself — your login and a few non-clinical settings — the server receives nothing about your work, and cannot tell which patients you are working with.

No patient demographics, drug levels, dosing histories, simulation outputs, workspace file names, or any other clinical data are ever transmitted, logged, or stored server-side.

3. De-Identification Mode

Chorus is intended for de-identified data and runs in de-identification mode by default. An identified mode exists in account settings, but switching to it writes protected health information — dates and exact ages — to your workspace files, and falls outside the application's intended use. In de-identification mode:

  • Dates are displayed as relative time offsets (e.g., "Day 3, 14:00") rather than calendar dates. This addresses HIPAA Safe Harbor element (3), which requires removal of all date elements other than year.
  • Ages ≥ 90 are displayed as "90+" rather than as exact values. This addresses HIPAA Safe Harbor element (4), which requires aggregation of ages greater than 89 into a single category.

Chorus does not collect names, addresses, phone numbers, medical record numbers, Social Security numbers, or other identifiers covered by the remaining Safe Harbor elements — those categories are outside the scope of pharmacokinetic data entry by design.

4. No Tracking or Analytics

Chorus does not use behavioral analytics, third-party tracking scripts, or advertising networks. Session cookies are used only for authentication and are not used to track activity within your local workspace.

5. Email

Chorus sends only the email needed to operate your account — verification links and password resets.

6. Your Data Responsibilities

Because workspace files exist only on your device, you are responsible for their security, access controls, and backup. Deleting your Chorus account removes only your login credentials from the server; it has no effect on local workspace files.

If you use a shared or network-mapped workspace folder, ensure that folder-level permissions restrict access appropriately for your institution's data governance requirements.