How Symetri Stores Patient Data
Everything Stays on Your Device
Symetri is a fully local app. There is no cloud server, no account sync, no external data transmission.Local only
Photos and case records are stored in your iPhone’s protected Documents directory. Nothing is uploaded to Symetri servers or any third party.
iOS encryption
All files use iOS Data Protection (completeFileProtection). Files are encrypted at rest and inaccessible when the device is locked.
Face ID lock
Symetri requires Face ID or passcode on launch and re-activates automatically when backgrounded.
Screen recording blocked
Symetri blocks iOS screen recording broadcast to external displays while active.
Patient Consent Fundamentals
Why Written Consent Matters
Even if a patient verbally agrees to photos, publishing them without documented consent creates legal liability. Written consent:- Protects your practice if the patient later claims they didn’t agree
- Specifies exactly what the photos can be used for
- Complies with HIPAA’s authorization requirements
- Is a professional standard expected by regulatory bodies in most jurisdictions
Minimum Consent Elements
A valid patient photo consent form should include:- Patient identification — name, date of birth, date of signing
- Description of the photos — body area, treatment, approximate dates
- Purpose statement — what the photos may be used for
- Scope of use — internal records vs. social media vs. marketing
- De-identification option — whether patient allows face to be shown or prefers eye blur
- Right to withdraw — patient can revoke consent for future use
- Patient signature and date
- Witness or practitioner signature
Consent Categories
Patients should consent to specific uses, not blanket permission:| Use | Requires Separate Consent? | Notes |
|---|---|---|
| Internal medical records | No | Covered by treatment consent |
| Staff training / education | Yes | Specify “internal educational use” |
| Social media | Yes | Specify platforms |
| Website gallery | Yes | Specify “clinic website” |
| Advertising / paid promotion | Yes — higher standard | Often requires separate authorization |
| Shown to other patients during consultation | Yes |
HIPAA Considerations (US Practices)
Are Patient Photos PHI?
Yes. Patient photographs are Protected Health Information (PHI) under HIPAA when associated with a patient’s identity and medical treatment — even if the photo doesn’t show the face.Publishing Before/After Photos
To publish a patient photo on social media or your website, you need a HIPAA-compliant Authorization specifying:- The information to be disclosed (the photos)
- Who can view it (the public)
- The purpose (marketing, education)
- An expiration date or event
- The patient’s right to revoke
De-Identification as an Alternative
HIPAA allows publishing photos without authorization if the image is de-identified. For facial photos, this typically requires:- Eyes obscured (use Symetri’s Eye Blur feature)
- No visible tattoos, birthmarks, or identifying features
- No name, date, location, or other metadata in the image
State Law May Be Stricter
Many US states have medical privacy laws stricter than HIPAA — California (CMIA), New York, Texas, and others. Always check state-specific law for your practice location.International Considerations
EU / UK (GDPR / UK GDPR)
EU / UK (GDPR / UK GDPR)
Patient photos are “special category” personal data requiring explicit documented consent for each specific purpose. Patients have rights to access, correct, and delete their data.Because Symetri is fully local with no cloud processing, deletion requests are satisfied by deleting the case from the app and removing any exported files from Photos and any platforms where they were published.
Australia
Australia
Patient photos are regulated by the Privacy Act 1988 and the Australian Privacy Principles. Health information requires explicit consent for secondary uses including social media.
Canada
Canada
PIPEDA (federal) and provincial health information laws apply. Photos used for marketing require patient consent separate from treatment consent.
Using Symetri’s Privacy Features
Eye Blur for Published Photos
For any photo where the patient has not consented to full face identification, enable eye blur before exporting.
Eye blur applies to both before and after images simultaneously, so the comparison remains fair and consistent.
Consent-Based Case Naming
Use a naming convention to flag consent status directly in the case name:| Case Name Suffix | Meaning |
|---|---|
- OK | Full consent — can post with face visible |
- EYES | Eye blur required before posting |
- NO | Records only — do not export for social |
Deleting Patient Data
If a patient revokes consent or requests deletion:
Symetri does not retain any copy — once deleted from the app and Photos, the data is gone.
Recommended Consent Workflow
Before the First Appointment
Send a photo consent form with your intake paperwork. Digital forms (DocuSign, PracticeBetter, etc.) create a timestamped record.At the Appointment
- Confirm the patient signed the consent form.
- Note which categories they consented to.
- Encode consent status in the case name (
- OK,- EYES, or- NO).
Before Posting
- Check the case name consent flag.
OK→ export with full branding.EYES→ enable eye blur, export.NO→ records export only, do not post.
Device Security Checklist
Summary
| Topic | Key Point |
|---|---|
| Data storage | Local only. Nothing leaves your device unless you export and share it. |
| Encryption | Full iOS Data Protection — files inaccessible when device is locked. |
| Face ID | Required on launch. Auto-activates when app is backgrounded. |
| HIPAA | Patient photos are PHI. Publication requires explicit written authorization. |
| Consent | Separate categories for records, social, website, and advertising. |
| De-identification | Eye blur + no other identifiers. High standard — consult your attorney. |
| Deletion | Delete case in app + delete from Photos + remove from any platforms published. |