Private AI for your medical records: how Cellar reads them, and what stays private
Updated June 2026
Cellar uses AI to read and organize your records, not to advertise or profile you: a document is decrypted only briefly in your assigned region, sent to a third-party AI model under binding no-training terms, then stored encrypted again. You can turn AI reading off, and Cellar is precise that this is not zero-knowledge.
AI is what lets Cellar read a lab PDF and turn it into a trend instead of a file you store. Cellar uses it for that and nothing else: a document is decrypted only briefly in your assigned region, sent to a third-party AI model under binding no-training terms, then stored encrypted again. We never use your records to train AI, run no ads, and keep no analytics. You can turn AI reading off at any time, and Cellar still stores your documents. This is precise, compliant processing, not zero-knowledge; we explain that distinction plainly.
Not for: This is compliant processing, not zero-knowledge or operator-blind: a third-party AI model in your assigned region does process documents to read them. Cellar does not claim otherwise.
What the AI does, and does not, do
The AI reads each document you add and pulls out the dates, values, providers, and medications, so your records become a timeline you can search rather than a stack of files. It does this under binding no-training terms, so your records are never used to train or improve any model.
It does not advertise to you, build a profile, or feed analytics, because Cellar runs none of those. The company's business is a subscription, not your data.
You can turn it off
AI reading is optional. You can turn it off at any time, and Cellar still stores your documents securely; it simply does not read and organize them for you while it is off.
The third parties that process data are listed publicly, by region, on the subprocessors page.
Why this is not zero-knowledge
To read a document, Cellar has to decrypt it, so Cellar is not an architecture where the operator is technically incapable of access. We say this plainly rather than reaching for labels like zero-knowledge or end-to-end encrypted. What protects your records is encryption everywhere, no staff path to plaintext, and your ability to export or erase everything at any time.
Common questions
Does a third-party AI read my records?
Yes, under binding no-training terms, to read and organize the documents you add. The providers are named on the subprocessors page.
Can I turn AI off?
Yes, at any time. Cellar still stores your documents; it just does not read them while AI is off.
Do you train AI on my records?
Never. Documents are processed under binding no-training terms, and your records are not used to train or improve any model.
Is this zero-knowledge?
No. Cellar has to decrypt a document to read it, so it is not zero-knowledge or end-to-end encrypted, and it does not claim to be. See the zero-knowledge guide for the full explanation.
Bring your records into one place
Cellar reads your labs, scans, and visit notes into one private, source-linked timeline you can search and share with any doctor. Encrypted, and never used to train AI.
Start your record$200 a year with a 14-day free trial. Viewing your records is never paywalled.