How CTDashboard handles clinical trial data. Designed for IT security review and vendor qualification.
All clinical data lives in memory only. Nothing written to disk.
Standalone desktop app. No server, no account, no SaaS.
No analytics, no usage tracking, no crash reporting.
Installs to user profile. Works on locked-down corporate machines.
CTDashboard is a standalone Windows desktop application built on PyQt6. It runs entirely on the user's machine with no backend server, no database, and no cloud infrastructure. The application binary is distributed as a signed Windows installer.
Clinical data follows a strict in-memory-only path through the application:
The user chooses CSV, SAS XPT, Excel, or ODM-XML files from their local machine via a standard file picker dialog.
Source files are read using pandas (CSV/XPT/Excel) or lxml (ODM-XML). The original files are never modified, moved, or copied.
The detection engine identifies CDISC domains and maps source columns to canonical CDASH field names. All processing happens in memory.
Data is held in pandas DataFrames in application memory. Charts are rendered via Plotly in an embedded browser widget. Filters create temporary views – no data is copied or persisted.
All DataFrames and in-memory state are released. No clinical data remains on disk. The Python process terminates and memory is reclaimed by the OS.
CTDashboard writes a small number of non-clinical files to the user's machine. None of these contain patient data.
| File type | Location | Contains |
|---|---|---|
| Workspace files (.json) | User-chosen location | Source file paths, filter preferences, chart builder config, study settings. Explicitly marked "_compliance": "No clinical data". |
| Field mappings | ~/.pharmatech/ |
Column-to-field mapping overrides (column names only, no data values). |
| Reviewer notes | ~/CTDashboard/notes/ |
Free-text annotations by subject ID. Review commentary only – no clinical data copied from source files. |
| Study config | ~/.medmonitor/ |
Study name, enrollment target, lab alert thresholds, AE group definitions, vital sign limits. |
| Export files | User-chosen location | PowerPoint, PDF, or Word reports generated on demand. These contain summarized safety data (charts, tables) as chosen by the user. |
CTDashboard requires no internet connection for core functionality. The only network activity occurs in two optional features:
| Feature | Destination | Data sent | Required? |
|---|---|---|---|
| AI Patient Narratives | Anthropic API (api.anthropic.com) | Selected subject's clinical data (one subject at a time) for narrative generation. The API provider does not retain submitted data. | No. Entirely optional. Disabled by default. |
| Auto-update check | clinicaltrialdashboard.com | HTTPS GET request for version manifest (JSON). No clinical data or user information is sent. | No. Can be ignored. |
CTDashboard is built on well-established open-source Python libraries. All dependencies are bundled in the installer – no runtime downloads.
| Library | Purpose | License |
|---|---|---|
| PyQt6 | Desktop UI framework | GPL v3 / Commercial |
| pandas / numpy | Data processing | BSD 3-Clause |
| Plotly | Interactive charting | MIT |
| python-pptx | PowerPoint export | MIT |
| fpdf2 | PDF export | LGPL v3 |
| kaleido | Chart-to-image rendering | MIT |
| PyYAML | Configuration parsing | MIT |
| pyreadstat | SAS XPT file loading | Apache 2.0 |
| lxml | ODM-XML parsing | BSD 3-Clause |
| openpyxl | Excel file loading | MIT |
Full license attributions are included in the application install directory (THIRD_PARTY_LICENSES.txt).
For security questionnaires, vendor qualification, or data privacy inquiries, contact us.