TherapyVault.ai
TherapyVault.ai
FeaturesPricingAboutContactSecurity

Privacy Policy

Your privacy is our priority
Version 1.0
Last Updated: August 1, 2025

1. Introduction

TherapyVault.ai ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our therapy session management platform.

We understand the sensitive nature of mental health data and have implemented industry-leading security measures to protect your information in compliance with GDPR, UK Data Protection Act 2018, and healthcare data regulations.

2. Information We Collect

2.1 Information You Provide Directly

Account Information

  • Full name and professional title
  • Email address and phone number
  • Practice address and registration details
  • Professional credentials and certifications
  • Billing and payment information

Client Information (processed on your behalf)

  • Client names and contact details
  • Session recordings and transcriptions
  • Clinical notes and assessments
  • Treatment plans and progress reports
  • Outcome measures and questionnaires

Usage Information

  • Session scheduling data
  • Platform interaction logs
  • Communication preferences
  • Support ticket content

2.2 Information Collected Automatically

Technical Data

  • IP address and device information
  • Browser type and version
  • Operating system details
  • Access times and dates
  • Pages viewed and features used

Cookies and Tracking

  • Session cookies for authentication
  • Preference cookies for user settings
  • Analytics cookies (with consent)
  • Security cookies for fraud prevention

3. How We Use Your Information

3.1 Primary Purposes

Service Delivery

  • Providing therapy session management tools
  • Processing and transcribing recordings
  • Generating AI-powered insights
  • Managing client documentation
  • Facilitating secure communications

Account Management

  • Creating and maintaining your account
  • Processing payments and subscriptions
  • Providing customer support
  • Sending service notifications

3.2 Legal Basis for Processing

We process your personal data based on:

  • Contract: To fulfill our service agreement with you
  • Consent: For optional features and marketing communications
  • Legitimate Interests: For service improvements and security
  • Legal Obligations: To comply with applicable laws and regulations

4. Data Sharing and Disclosure

4.1 We DO NOT Sell Your Data

We never sell, rent, or trade your personal information or client data to third parties for marketing purposes.

4.2 Limited Sharing Scenarios

We may share information only in these circumstances:

Service Providers

  • Cloud infrastructure providers
  • Payment processors
  • Email service providers
  • Technical support tools

Legal Requirements

  • Court orders or legal proceedings
  • Government or regulatory requests
  • Protection of rights and safety
  • Fraud prevention and security

Business Transfers

  • In case of merger or acquisition
  • During sale of company assets
  • As part of bankruptcy proceedings

All third parties are contractually bound to protect your data with the same standards we apply.

5. Data Security

5.1 Technical Safeguards

Encryption

  • AES-256 encryption at rest
  • TLS 1.3 for data in transit
  • End-to-end encryption for sensitive data
  • Encrypted backup systems

Access Controls

  • Multi-factor authentication
  • Role-based access permissions
  • Regular access audits
  • Session timeout policies

5.2 Organisational Measures

Security Practices

  • Regular security assessments
  • Employee data protection training
  • Incident response procedures
  • Business continuity planning

Compliance Certifications

  • SOC 2 Type II aligned
  • ISO 27001 aligned
  • GDPR compliant
  • NHS Data Security Toolkit aligned

6. Data Retention

6.1 Retention Periods

Active Accounts

  • Account data: Duration of service + 7 years
  • Session recordings: 7 years (configurable)
  • Transcriptions: 7 years
  • Clinical notes: 7 years minimum (UK requirement)

Deleted Accounts

  • Immediate deletion of recordings
  • 30-day grace period for data recovery
  • Anonymised analytics retained
  • Legal records kept as required

6.2 Data Deletion

You can request deletion of your data at any time, subject to:

  • Legal retention requirements
  • Legitimate business needs
  • Technical limitations
  • Ongoing investigations

7. Your Rights (GDPR)

7.1 Data Subject Rights

You have the right to:

  • Access: Request copies of your personal data
  • Rectification: Correct inaccurate information
  • Erasure: Request deletion ("right to be forgotten")
  • Portability: Receive data in machine-readable format
  • Restriction: Limit processing of your data
  • Object: Oppose certain types of processing
  • Withdraw Consent: For consent-based processing

7.2 Exercising Your Rights

To exercise any of these rights:

  1. Contact our Data Protection Officer
  2. Provide identity verification
  3. Specify your request clearly
  4. Receive response within 30 days

Email: privacy@therapyvault.ai

8. International Transfers

8.1 UK Data Residency

All primary data processing occurs within UK data centres. We do not transfer personal data outside the UK/EEA unless:

  • You explicitly request it
  • It's necessary for service delivery
  • Appropriate safeguards are in place

8.2 Transfer Safeguards

When transfers are necessary:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Binding Corporate Rules
  • Your explicit consent

9. Children's Privacy

Our service is not intended for individuals under 18. We do not knowingly collect personal information from children. If you believe we have collected data from a minor, please contact us immediately.

10. Cookie Policy

10.1 Types of Cookies

Essential Cookies

  • Authentication and security
  • Service functionality
  • User preferences

Analytics Cookies (with consent)

  • Usage patterns
  • Performance metrics
  • Error tracking

10.2 Managing Cookies

You can control cookies through:

  • Browser settings
  • Our cookie preferences centre
  • Third-party opt-out tools

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, new features, or legal requirements. We will notify you of significant changes via email or platform announcement with 30-day advance notice.

12. Contact Information

Data Protection Officer

For privacy-related inquiries:

Data Protection Officer
Email: dpo@therapyvault.ai

Supervisory Authority

You have the right to lodge a complaint with:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk
Phone: 0303 123 1113

TherapyVault.ai
TherapyVault.ai

AI-powered therapy session management for UK professionals

Product

FeaturesPricingSecurityPayment Security

Company

AboutContact

Legal

Privacy PolicyTerms of ServiceGDPR ComplianceData ProcessingAI Ethics

© 2025 TherapyVault.ai. All rights reserved. UK Data Residency • GDPR Compliant • SOC 2 Aligned