Standards we meet
PCI DSS
Payment card industry compliance256-bit SSL
Bank-level encryption on every connectionSOC 2
Enterprise-grade security practicesUK Data Residency
All data stored in UK data centresPayment Processing by Stripe
We use Stripe, one of the world's most trusted payment processors, to handle all payment transactions. Stripe is used by Amazon, Google, Shopify, and millions of businesses worldwide.
Your card details never touch our servers
Payment information goes directly from your browser to Stripe's secure servers using encrypted connections
PCI DSS Level 1 Service Provider
Stripe maintains the highest level of payment card industry compliance
Bank-level security
Stripe uses the same encryption technology as major financial institutions
Frequently Asked Questions
PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.
By using Stripe, we qualify for the simplest level of PCI compliance (SAQ A) because:
Card data is collected directly by Stripe, not by our servers
We don't store, process, or transmit cardholder data
Stripe handles all security requirements on our behalf
We only store non-sensitive payment information that Stripe provides after processing:
Last 4 digits of your card
Card brand (Visa, Mastercard, etc.)
Card expiration month and year
This information falls outside of PCI compliance scope and is safe to store. We never have access to your full card number, CVV, or PIN.
Your therapy data is protected with industry-leading security measures:
UK data residency — All therapy data is stored exclusively in UK-based AWS data centres
Encryption at rest — All data is encrypted using AES-256 encryption
Encryption in transit — All connections use TLS 1.2+ encryption
Access controls — Only you can access your client data, with JWT-based authentication
Regular security audits — Our infrastructure undergoes regular security assessments
SOC 2 (System and Organization Controls 2) is an auditing procedure that ensures service providers securely manage data to protect the interests and privacy of their clients.
TherapyVault.ai is SOC 2 ready, which means our infrastructure meets rigorous standards for:
Security — Protection against unauthorised access
Availability — System uptime and reliability
Confidentiality — Protection of sensitive information
Privacy — Proper collection, use, and disposal of personal information
We maintain comprehensive security documentation that is available upon request. This includes:
Security architecture documentation
Data protection and privacy policies
Incident response procedures
Compliance certifications and attestations
For enterprise customers or organisations requiring detailed security reviews, please contact us at security@therapyvault.ai
Have More Security Questions?
Our security team is here to help. We take the protection of your data seriously and are happy to answer any questions you may have.
Contact Security TeamTrusted by Leading Payment Platforms
We use Stripe, the same payment platform trusted by Amazon, Google, and millions of businesses worldwide. Your payment information is encrypted and processed with bank-level security. TherapyVault.ai never sees or stores your full card details.