My Lab Trends

Your data stays yours – always

We don’t store your lab results. Ever. Here’s exactly how that works, in plain English.

Try it – your data stays yours

💻 Your file never leaves your device

When you upload a CSV, TXT, or PDF, the entire parsing process happens inside your browser. The raw file is read by JavaScript running on your machine, the values are extracted, and the charts are drawn – all without sending a single lab value to our servers.

Even if you upload a PDF, the text extraction is done locally using a PDF library loaded in your browser, or optionally through a stateless Cloudflare Worker that discards the file immediately after processing. No logs, no storage.

No upload to our database. Your file stays with you.

📋 Google Sheets stay in your Drive

If you choose to connect a Google Sheet, we request the absolute minimum permission – the drive.file scope. This allows us to create new sheets and read the specific sheet you select, nothing else.

We never copy your sheet, we never store its contents, and we never cache your data. When you load a sheet, we read it on the fly, display your charts, and forget it. The sheet lives in your Drive, governed by your Google account, not ours.

We only touch the file you pick. Your other Drive files are invisible to us.

No database, no logs

My Lab Trends has no user database. There is no account creation, no password, and no server‑side storage of your health data. The only thing we persist (in your browser’s localStorage) is a reference to the sheet you last used – so you can reload it with one click next time. That reference is just a file ID and a title; it contains zero lab values.

Our Cloudflare Workers (like the sheet‑creation endpoint) are stateless pass‑throughs. They receive a request, forward it to Google’s API with your temporary token, and return the result. They retain nothing between requests – no IPs, no tokens, no payloads.

There is nothing to breach. We don’t keep your data, so it can’t be stolen.

🔒 Transparent and auditable

You can inspect exactly what happens with your data by looking at the network tab in your browser’s developer tools. You’ll see requests to Google’s APIs (for sheets) and to our /api/config endpoint (which only returns public OAuth credentials). You will never see a request that contains your lab values sent to our domain.

We also provide a full privacy policy and terms of service that mirror these commitments in legal language.

We invite you to check. Privacy isn’t a promise – it’s an architecture.
Start tracking – your data never leaves your control