Last updated: July 3, 2026
In short
- Clino keeps your health data on your iPhone or iPad by default. iCloud sync is optional and off until you turn it on.
- Clino has no servers and no account. When you turn on sync, your data is mirrored only to your own private, encrypted iCloud — we never receive or hold it.
- The on-device AI runs on your device and never sends your records to any server or cloud AI service.
- In-app purchases are handled by Apple: we do not see or hold your payment data.
- This website uses no analytics, no advertising and no tracking cookies — only a cookie that remembers your chosen language.
1. Who we are
Clino is developed by Alfredo Di Forti, an individual developer established in Italy (European Union), who acts as the data controller for this website and for the limited data described below. You can reach us at clino.support@icloud.com. Given the small scale and nature of this processing, we have not appointed a Data Protection Officer, as one is not required.
2. Scope
This policy covers two separate things that we keep deliberately distinct: the Clino app (what happens on your device) and this marketing website (clinoapp.app). Most of what people expect from a privacy policy — collection, servers, tracking — simply does not apply to the app, because the app keeps everything on your device by default.
3. The Clino app
Clino is an app for iPhone and iPad (iOS and iPadOS); it is not a Mac app. Everything you enter — symptoms, visits, exams, pathologies, medications, treatments, attachments, personal information (such as name, date of birth, anthropometric data like height and weight, blood type, allergies and family medical history), calendar, reminders and notes — is stored on your device by default. Clino has no user accounts and runs no servers or backend of its own: your data is never sent to, processed by, or stored on any Clino server.
iCloud sync is optional and turned off until you choose to enable it. When you turn it on, your data is mirrored to your own private iCloud database, where it is encrypted and synced across your own Apple devices signed in to the same Apple ID; Apple acts as the storage provider, and Clino still never receives or holds your data.
The on-device AI assistant runs locally using Apple Intelligence and an on-device index of your diary; your records are processed on your device and are not sent to any cloud service or external AI provider. Likewise, any AI-generated summary for PDF export is produced entirely on your device. PDF export is initiated by you, and the resulting file is shared only through the standard iOS share sheet that you control.
If you enable reminders, Clino schedules notifications (for medications, appointments, check-ups or diary entries to complete) locally on your device through iOS: their content stays on your device and is not sent to any server. When iCloud sync is on, Apple may send silent technical notifications to your device to trigger background updates; these contain none of your clinical data.
Clino requests very few system permissions, and only when they are needed for a feature you actually use: access to the camera and photos, if you choose to attach images to your entries or to set a profile photo, and notifications, if you enable reminders. We do not request access to your location, your contacts, the microphone, the calendar or the system reminders, and we collect no advertising identifier.
4. In-app purchases and subscriptions
Clino is free to download and offers some optional premium features through in-app purchases, in the form of a subscription and a one-time unlock. All payments and purchase management happen entirely through Apple's App Store: it is Apple that processes the transaction, not Clino. We do not collect, receive or hold any payment data — we never see your card details, your Apple ID credentials or your purchase receipts. Your entitlements to premium features are verified cryptographically on your device through Apple's StoreKit; we run no receipt-validation server, and no purchase data is sent to a Clino backend. Apple may process data relating to your purchase in accordance with its own privacy policy, over which we have no control.
5. This website and the data we actually process
The website is a showcase for the app. At launch it uses no analytics, no advertising and no third-party tracking, and therefore sets no tracking or advertising cookies. The only cookie that may be set is a strictly necessary functional cookie named NEXT_LOCALE, which remembers the language you selected; it carries no identifier used for tracking. Our hosting provider, Vercel, acts as our processor and may handle standard technical server logs (such as your IP address and request metadata) to deliver, operate and secure the site. We rely on our legitimate interest in delivering, operating and securing the website (Article 6(1)(f) GDPR) for these server logs, and on the functional cookie being strictly necessary to provide the language preference you choose. When you email us, we process your message on the basis of our legitimate interest in responding to your enquiry (Article 6(1)(f) GDPR). We do not use this data to build profiles and we do not sell it.
6. App Store data
When you download Clino from the Apple App Store, Apple may collect data according to Apple's own privacy policy, over which we have no control. Any analytics Apple makes available to us as the developer is provided only in aggregate, anonymized form, is handled by Apple rather than by Clino, and does not identify you.
7. Your GDPR rights
For the limited website data described in section 5, you have the rights granted by the GDPR: to access it, to ask us to correct or erase it, to restrict or object to its processing, and where applicable to data portability. You can exercise these rights, free of charge, by emailing clino.support@icloud.com. You also have the right to lodge a complaint with a supervisory authority — in Italy, the Garante per la protezione dei dati personali (www.garanteprivacy.it). Your in-app health data is different: we never receive or hold it, on our servers or anywhere else, so it is not part of these requests. You control that data entirely yourself — on your device, and, if you turn on sync, in your own iCloud — including a one-tap option in the app to delete all of it from iCloud and from your synced devices. The next section explains how.
8. Your in-app data is in your hands
You stay in full control of your health data. By default it lives only on your device, where you can view, edit or delete entries at any time, and you can export all of it as a file from inside the app whenever you want. If you turn on iCloud sync, the encrypted copy lives in your own private iCloud, which you manage with your Apple ID; the app also gives you a "Delete all data from iCloud" action that erases all your data and all profiles from iCloud and from every synced device (this is irreversible, and may take a few minutes to reach your other devices). Deleting the app removes the copy stored on that device. We cannot access, export or delete this data on your behalf, because we never hold it — the controls are all in your hands. This is by design, and it is the strongest privacy guarantee we can offer.
9. Profiles for your family
Clino lets you keep up to five separate profiles — for yourself and for the people in your care. Each profile keeps its own symptoms, visits, exams, pathologies, medications, treatments, attachments, calendar, assistant and notifications fully separate, under a name, a color and an optional photo you choose. The same rules — on-device by default and optional encrypted iCloud sync — apply to every profile, and you remain responsible for using a profile only for yourself or for someone in your care. Any Home-Screen widgets show only shortcuts and the name of the profile you select; they do not read or display your clinical data.
10. Data retention
Your in-app data is retained on your device until you delete it or remove the app. If you turn on iCloud sync, an encrypted copy is also kept in your own iCloud until you turn sync off, delete the relevant entries, or use the in-app "Delete all data from iCloud" action; an optional encrypted backup may also be kept on your device until you remove it. We hold none of this on our own infrastructure. For the website, we do not retain personal data beyond the standard, time-limited technical server logs held by our hosting provider, and we keep email correspondence only as long as needed to handle your request.
11. Children
Clino is not directed to children and does not knowingly process children's personal data. The app is intended for a general audience interested in organizing their own health information or that of someone in their care.
12. International users
By default your in-app data stays on your device, so no international transfer takes place. If you turn on iCloud sync, your encrypted data is stored and synced through Apple's iCloud; Apple acts as the storage provider and handles any related transfers under its own terms and safeguards, over which we have no control. Website server logs may be processed in the regions where our hosting provider operates; where such processing involves a transfer outside the European Economic Area, it is covered by the safeguards our provider applies under the GDPR.
13. Security
Keeping your data with you removes entire categories of risk: Clino runs no servers, so there is no central database for us to lose or for an attacker to breach, and we never see your data. By default your data stays on your device, protected by the device and its system protections (iOS Data Protection encryption). When you turn on iCloud sync, your data is encrypted and mirrored to your own private iCloud; routing information — such as record and profile identifiers, dates and the type of entry (for example symptom, visit, exam or pathology), and, for attachments, the file name and some technical codes — remains cleartext metadata, while the actual clinical content — your symptoms, visits, exams, pathologies, medications, treatments, notes, attachments and personal information — is kept in encrypted form. If you enable Apple's Advanced Data Protection in your iOS settings, your iCloud data becomes end-to-end encrypted so that not even Apple can read it; this is a system-level choice you make, and Clino cannot enable or verify it. No method of storage is ever completely secure, so we encourage you to protect your devices with a passcode, biometric lock and the latest software updates.
14. Medical disclaimer
Clino is not a medical device and does not provide diagnoses, medical advice, treatment or clinical monitoring. It is a tool to help you organize and communicate your own health information. Always consult a qualified healthcare professional for any medical decision.
15. Changes and contact
We may update this policy as the app and website evolve, and we will revise the date shown when we publish a change. If you have any question about this policy or the website data described above, email us at clino.support@icloud.com.
This document was written in English. In case of any discrepancy, the English version prevails.