TL;DR
Meridian by Purpledaisy is an offline health tracker and offline medical records vault for iOS. It utilizes local AES-256 encryption and Apple's VisionKit for text extraction, while local foundational models process the lab reports directly on the device, ensuring zero data leaves the phone. By bypassing cloud servers entirely, Meridian provides biometric-locked, FaceID-secured longitudinal health charts immune to SaaS data breaches and third-party data harvesting.
We all use them. Those little apps that track our sleep, our moods, and our cycles. But as two developers looking closely at this ecosystem, we noticed an uncomfortable truth: most of these apps aren't actually medical tools. They are data brokers disguised as healthcare.
Because direct-to-consumer apps operate outside the strict rules of HIPAA, they exist in a massive legal gray area. We were reading a UC network analysis recently that audited 25 popular therapy apps, and the findings were honestly pretty grim. Over two-thirds of them were actively hiding tracking software from their users.
What really pushed us to build something better was seeing that nearly half of those apps take your raw, sensitive journal entries and quietly funnel them to third-party AI models. We think we are working through trauma in a private digital space, but often, we are just providing free training data for corporate algorithms.
The risks to reproductive data are even higher. An evaluation in BMC Women's Health found that over 70% of menstrual tracking tools contain code that instantly shares your data with third parties the second your phone hits the internet. At this point, understanding cloud privacy isn't just about avoiding targeted ads. It is about physical safety.
The "Safe" Hospital Servers Are Struggling, Too#
A lot of people assume they are fine if they just avoid consumer apps, trusting that their data is safe on a hospital's secure servers. We really wish that were true.
The reality is that modern healthcare relies heavily on a fragile, outsourced supply chain of cloud vendors. Look at the intrusion into Navia Benefit Solutions earlier this year. A single exposed API allowed attackers to hang around in their systems for weeks, exposing the health data of over 2.6 million people.
Shortly after that, a vendor compromise hit NYC Health + Hospitals. The attackers actually walked away with raw biometrics, like patient fingerprints. If someone steals your credit card, you call the bank and get a new one. But if your fingerprint gets leaked, there is no reset button.
The Myth of "Anonymized" Data#
The standard defense from tech companies is usually that the data they broker is "anonymized." They argue that if they strip away your name and address, the records are harmless.
But true data anonymity is practically a myth now.
A landmark study looking at scrubbed hospital data from Maine and Vermont proved this. Researchers took legally de-identified clinical records and literally just cross-referenced them with local news stories about car accidents. They successfully re-identified roughly a third of the patients. Even with the strictest federal HIPAA redactions in place, unique matches were mathematically confirmed.
When you scale this up, the vulnerability gets worse. A recent JAMIA study modeled a dataset of 250 million individuals and found the re-identification rate skyrocketed. "De-identified data" is largely just a legal loophole designed to make us comfortable with our biology being commodified.
Taking It Offline#
Looking at this mess is exactly why the two of us decided to build Meridian.
As an indie team, we realized we cannot just patch a fundamentally broken cloud architecture. The only mathematically sound defense against supply chain hacks and algorithmic tracking is physical isolation. The safest environment for a medical record is a hard drive that never touches the internet.
Meridian is essentially an offline fortress for your health data on your phone. We charge a straightforward $4.99 a month (or $49.99 a year) so that we never have to monetize your data. In fact, we do not even use cloud servers.
Instead of uploading your PDFs to a remote server for text extraction, Meridian operates entirely on your device. It uses Apple's native VisionKit for text extraction and processes your paper bloodwork directly on your iPhone's Neural Engine via foundational models.
The trend charts it builds are stored exclusively on your phone, locked behind your FaceID. Even if the two of us stopped working on the app tomorrow, your clinical history would remain completely functional.
We built this because we were tired of trading our privacy for convenience. Stop scanning your medical records into cloud based notes apps. Ask your doctor for physical paper copies of your lab work, and process those pages locally on your own hardware. Keep your health data strictly on your phone, right where nobody else can touch it.
