Built around confidentiality
The therapeutic relationship depends on trust, and trust starts with knowing your clients' information is safe. TherapyVault.ai is designed from the ground up to protect the confidentiality of everything in your practice.
99.99%
Uptime
0
Incidents (12mo)
98/100
Audit Score
Standards we meet
SOC 2 Type II
Rigorous security practicesGDPR Compliant
Your data rights, fully protectedNHS DSP Toolkit
Aligned with NHS data standardsISO 27001
International information security standardBACP Standards
Meets BACP ethical and professional requirementsICO Registered
Registered with the UK data protection authorityHow we keep your data safe
Multiple layers of protection, so you never have to worry
Access Control
Secure sign-in
- Protected login with strong authentication
- Automatic session timeouts to prevent unauthorised access
- Enforced password strength requirements
Who can see what
- Only you can access your client data
- Every action is logged for accountability
- Full audit trail of all data access
Where your data lives
UK data centres
- Stored only in UK data centres
- Built to stay online, even if something goes wrong
- Backup systems to keep your data safe
Network protection
- Constant monitoring for threats
- All data encrypted when sent between you and us
- Round-the-clock security oversight
Data Protection
Encryption
- Your data is encrypted when stored
- Your data is encrypted when being transferred
- Backups are encrypted too
Data stays in the UK
- All data remains in UK data centres
- Fully GDPR compliant
- Regular automated backups
Meeting the standards that matter to you
6
GDPR Compliance
- See all your stored data anytime
- Request full data deletion
- Export and take your data with you
- Clear consent management
- Privacy built in from the start
- We only collect what we need
8
Healthcare Standards
- Clinical and personal data kept separate
- Full audit trail of all activity
- Strict access controls
- Clear data retention policies
- Confidentiality built in
- Aligned with professional body standards
- Client consent tracking
- Secure messaging
7
UK Regulations
- UK Data Protection Act compliant
- Registered with the ICO
- Aligned with BACP, UKCP, and BPS
- Data stays in the UK
- Up to date with current UK law
- UK-only data storage
- UK legal framework
We never stop protecting your data
Daily
Automated security updates and threat scanning
Weekly
Security reviews by our team
Quarterly
Independent security testing and audits
Annually
Full compliance review and certification renewal
Common questions about security
All your data is stored in secure UK data centres. It never leaves the UK. This means your practice is fully covered by UK data protection law, and your clients' information stays under UK jurisdiction at all times.
Session recordings and notes are encrypted both when stored and when being transferred. Only you (and anyone you specifically authorise) can access them. Think of it as a digital locked filing cabinet that only you hold the key to.
Only you and anyone you explicitly grant access to. Our team cannot view your clinical data unless you give written permission for a specific support request. Every access is logged, so there is always a clear record of who viewed what and when.
We have a clear incident response plan in place. If anything were to happen, we would notify you promptly as required by GDPR, explain exactly what occurred, and support you through the resolution. To date, we have had zero security incidents.
We follow UK clinical record retention guidelines. You stay in control and can request deletion of your data at any time, subject to any legal requirements to retain certain records. We will always be transparent about what is kept and why.
TherapyVault gives you straightforward tools to record and manage client consent for recordings and data processing. Every consent record is timestamped and stored securely. Clients can withdraw consent at any time, and the system keeps a clear record of all changes.
We use multiple layers of protection: continuous monitoring, regular security testing, and ongoing compliance checks. Our team is trained specifically in handling sensitive health data. We treat your clients' information with the same care you do.
Zero Security Incidents Since Launch
Since day one, there have been no data breaches or security incidents. We work continuously to keep it that way, because your clients' trust depends on it.