Sewa
Privacy

Your medications never leave your browser unencrypted.

Sewa is built to handle sensitive health information without creating a record of it. Here is exactly what happens to your data, where it lives, and what we cannot see.

No accounts

No sign-up, no email, no password. There’s no profile to leak because there is no profile.

No persistent storage

Your medication list lives in browser memory and (optionally) localStorage. We don’t have a database of patients.

No tracking

No cookies, no fingerprinting, no analytics that record what you typed. Anonymous page counts only.

What gets sent where

The data flow, plain
Your browser
Sewa server
3rd parties
Medication names & doses
Stays here
Never stored
Never sent
Drug normalization queries
Run from here
Proxy only
Not logged
NLM RxNorm
(drug name → ID)
FDA label fetches
Run from here
Cache proxy
Anonymized by drug ID
FDA openFDA
(drug ID → label)
Plain-language explanation
Returned here
Pass-through
Zero-retention headers
Anthropic API
(drug IDs only, no names)
Constraint solving
100% here
No server involved
No third party
PDF generation
100% here
No server involved
No third party

The principle: queries that need third-party APIs use only normalized drug identifiers (RxCUIs), never the patient’s raw medication list. The medication text you paste never reaches an external service.

The data pipeline, step by step

Where each operation runs
In your browser
Step 01 · Parse
Extract medication list from your text
A local LLM call extracts structured data — drug name, dose, frequency, prescriber instructions.
Your text → structured list. Never persisted.
Edge proxy (transient)
Step 02 · Normalize
Match each name to RxNorm
Your browser sends each drug name through our edge proxy to NLM’s RxNorm API. The proxy adds rate-limit headers and forwards — nothing is logged.
Drug name (e.g., “Lipitor”) → RxCUI (e.g., 153165).
Public API (anonymized)
Step 03 · Fetch labels
Get FDA drug labels by ID
Once normalized, only the RxCUI is sent to openFDA. The patient’s medication text is never used.
RxCUI → label JSON. Cached server-side by RxCUI only.
In your browser
Step 04 · Check interactions
Cross-reference our two-tier dataset
Our curated rules (FDA / ONCHigh / CredibleMeds) and the DDInter v2.0 ingest both ship inside the app. Lookup happens on the server route handler against bundled JSON — neither tier hits DDInter, ONCHigh, or any other interaction database at request time. The DDInter ingest is frozen at v2.0; we do not call out to ddinter.scbdd.com from the runtime.
No external calls. RxCUI pairs checked locally.
In your browser
Step 05 · Solve
Constraint solver places doses
The scheduling algorithm runs entirely on your machine. No data is sent to a server.
Schedule computed locally. ~270 lines of code.
Edge proxy (transient)
Step 06 · Explain
Generate plain-language explanations
An Anthropic API call generates the “why this time” sentence per dose. The prompt contains RxCUIs and timing rules — no patient identifiers.
Anthropic ZDR header set. No retention, no training.

Third-party services we touch

Inventory
NLM RxNorm (US gov)
Drug name normalization. Receives drug names only.
Public API
FDA openFDA (US gov)
Drug label data. Receives RxCUIs only, never names.
No PII
Anthropic API (LLM)
Med list parsing + explanation generation. Zero-retention.
Transient
Vercel (hosting)
Serves the static site and proxies external APIs.
No PII
Plausible Analytics
Anonymous page-view counts. No cookies, no fingerprinting.
No PII
DailyMed (US gov)
Fallback label data. Same RxCUI-only access pattern as openFDA.
No PII

Common questions

FAQ
Is my medication list stored anywhere?
By default, no. Your medication list lives in browser memory for the duration of your session. If you choose to “save for later,” it’s stored in your browser’s localStorage — still only on your device. We do not operate a database of patient medication lists.
What if I share my schedule via link?
Shared links encode the schedule in the URL itself (in the URL fragment, which browsers don’t send to servers). You can also choose to encrypt the payload with a passphrase that you share separately. No server-side storage either way.
Is Sewa HIPAA compliant?
HIPAA doesn’t apply to Sewa because we are not a covered entity or business associate — we don’t have a relationship with your provider, we don’t transmit your data on their behalf, and we don’t store identifiable health records. The architecture is more restrictive than HIPAA requires for most operations: most patient data never reaches our servers at all.
What happens when you change something?
Significant changes to data handling are announced and dated here. The current version is v0.1.0, last updated Mar 14, 2026.