MedMemory's architecture for local-first, private health AI queries
MedMemory combines a local SQLCipher database, Gemini Vision for document ingestion, and Anthropic's Model Context Protocol to let Claude query personal health records without uploading them. The…
MedMemory combines a local SQLCipher database, Gemini Vision for document ingestion, and Anthropic's Model Context Protocol to let Claude query personal health records without uploading them.
The Answer Up Front
MedMemory is a blueprint for developers building privacy-first AI applications. It demonstrates a compelling alternative to the standard cloud-based RAG architecture, especially for sensitive data like personal health records. If you're a developer exploring local-first AI patterns or the Model Context Protocol (MCP), this project is a valuable case study. You should skip it if you're a non-technical user looking for a polished, installable application; this is a technical proof-of-concept, not a consumer product. The bottom line: MedMemory is a clear signal that powerful, private AI tools can run on-device by composing existing technologies in clever ways.
Methodology
This v0 review is based on the founder's technical blog post, published on July 4, 2026. We are analyzing MedMemory as an architectural pattern, not a finished product. The tool has no version number specified.
- Source Signal: The analysis is based entirely on the founder's post, "I Built a Privacy-First Health Record MCP Server That Runs Entirely on Your Machine," available at
https://dev.to/priyanshu_goel_a1bb476dad/i-built-a-privacy-first-health-record-mcp-server-that-runs-entirely-on-your-machine-18ki. - What's Covered: This review covers the project's stated architecture, the rationale for choosing SQLCipher, Gemini Vision, and Anthropic's MCP, and the code snippets provided by the author.
- What's Not Covered: This review does not include independent performance benchmarks, hands-on installation, or testing against a corpus of real-world medical documents. All descriptions of functionality and ease of implementation are based on the founder's claims. We will re-evaluate if the project is open-sourced or a testable artifact becomes available.
What It Does
MedMemory is a self-hosted server designed to let a user query their personal health records using natural language, with the guarantee that the records never leave their local machine. It achieves this through three distinct layers.
Local, encrypted storage
All data is stored in a local SQLite database. To ensure privacy, the database is encrypted using SQLCipher, which implements AES-256 encryption. The founder, Priyanshu Goel, reports that migrating from a standard SQLite implementation to an encrypted one required changing only three lines of code: an import statement and two PRAGMA lines to configure the connection. This positions SQLCipher as a true drop-in replacement for projects requiring on-disk encryption without significant refactoring.
Ingestion from messy documents
To get data into the system, MedMemory processes user-uploaded documents like prescriptions and lab results. Recognizing that these are often messy scans or photos, the project uses Google's Gemini Vision. The founder notes that initial attempts with Tesseract OCR failed on real-world documents. Gemini Vision is used for both its optical character recognition (OCR) and its ability to extract structured data from the recognized text, which is then inserted into the encrypted database.
Queries via the Model Context Protocol
The core of the interaction logic is Anthropic's Model Context Protocol (MCP). Instead of sending document contents to Claude, MedMemory exposes a set of tools (functions) that Claude can call. When a user asks a question in the Claude Desktop app, the model uses the tool descriptions to decide which local function to execute. For example, a tool get_vaccination_status is described in its docstring as the correct tool for questions about vaccination history. The founder emphasizes that writing effective docstrings is the primary skill for building with MCP.
What's Interesting / What's Not
MedMemory is more significant as an architectural pattern than as a specific tool. Its primary value is in demonstrating an alternative to the dominant "upload-to-RAG" pipeline for building AI applications on personal data.
The most interesting component is the use of MCP. It reframes the interaction from a knowledge retrieval problem (finding relevant text chunks) to a tool-use problem (calling the right API). This approach gives the developer more control over how data is accessed and structured, and it keeps the raw data from ever entering the model's context window. This is a fundamentally more private design.
The choice of SQLCipher is also notable for its pragmatism. Full-disk encryption is one solution, but application-level database encryption is more portable and self-contained. The founder's claim of a three-line change highlights that robust, standard encryption can be a low-friction addition to an existing stack, not a major engineering hurdle.
What's not here is a product. The blog post describes a server for a technical user to run themselves. There is no user interface for managing documents, no installer, and no discussion of error handling or edge cases. The system is also tightly coupled to the Anthropic ecosystem, specifically requiring the Claude Desktop client to interact with the MCP server. It's a proof-of-concept, not a general-purpose, multi-model solution.
Pricing
MedMemory is described as a personal project and is not offered as a commercial product. As a self-hosted application, the direct costs would be any API fees for Gemini Vision during the document ingestion phase. The cost of using the Claude model would depend on the user's Anthropic plan. (Pricing snapshot: July 4, 2026).
Verdict
MedMemory is an excellent, clearly-articulated blueprint for the next wave of local-first AI applications. For developers focused on user privacy and data sovereignty, its architecture offers a compelling alternative to cloud-centric models. By combining a locally encrypted database (SQLCipher), a powerful multi-modal input model (Gemini Vision), and a structured tool-use protocol (MCP), it solves a real problem without demanding users trust a third-party server with their most sensitive data. While it is not a consumer-ready product, its value as a technical demonstration is high. Developers building for sensitive verticals should study this pattern.
What We'd Test Next
If a testable version of MedMemory becomes available, our first step would be to verify the document ingestion pipeline. We would build a test suite of diverse medical documents, including poorly scanned PDFs, angled photos of prescription bottles, and documents with complex tabular data, to assess the true accuracy and robustness of the Gemini Vision-based extraction. We would also measure the friction of the initial setup for a developer to quantify the actual effort required to get the server running. Finally, we would design a set of complex, multi-step queries to test the limits of Claude's ability to correctly chain tool calls within the MCP framework.
The investor read
MedMemory itself is a project, not a company, but the architecture is the signal. This pattern (local encrypted DB + multi-modal ingestion API + local tool server for a cloud LLM) represents a clear threat to AI SaaS startups whose only moat is a cloud-hosted RAG pipeline for sensitive enterprise or consumer data. It points to a growing market for privacy-preserving, local-first software. An investable company in this space would need to productize this architecture into a polished, easy-to-install application that abstracts away the complexity of running a local server. The bet is that a meaningful segment of users will prioritize data sovereignty over the convenience of a pure-cloud solution, especially in verticals like healthcare, legal, and finance.
Every claim ties to a primary source. See our methodology.