Introduction

therapyCRM ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

This policy applies to all users of therapyCRM, including healthcare providers, their clients, and visitors to our website.

Information We Collect

Information You Provide

• Account Information: Name, email address, phone number, professional credentials, and practice information
• Profile Information: Professional biography, specialties, languages, education, and certifications
• Client Information: Information about your clients that you choose to store in our system (with their consent)
• Communication Data: Messages, notes, and other communications within the platform
• Payment Information: Billing address and payment method (processed securely through our payment provider)

Information Collected Automatically

• Usage Data: Features used, pages visited, actions taken within the platform
• Device Information: IP address, browser type, operating system, device identifiers
• Cookies: Session cookies and preference cookies to enhance your experience
• Log Data: Access times, pages viewed, errors encountered

How We Use Your Information

We use the collected information for the following purposes:

• Provide, maintain, and improve our services
• Process transactions and send related information
• Send administrative information, updates, and security alerts
• Respond to your comments, questions, and customer service requests
• Monitor and analyze usage patterns to improve user experience
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations and enforce our terms of service

HIPAA Compliance

For healthcare providers using therapyCRM to store Protected Health Information (PHI):

• We maintain appropriate administrative, physical, and technical safeguards
• We sign Business Associate Agreements (BAAs) with covered entities
• We limit access to PHI to authorized personnel only
• We conduct regular security assessments and audits
• We maintain audit logs of all PHI access and modifications
• We provide breach notification as required by HIPAA

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information only in the following circumstances:

Service Providers

We work with trusted third-party services that help us operate our platform:

• Amazon Web Services (AWS): Cloud infrastructure and storage
• Microsoft Azure: Email delivery services
• Strip Payment Processors: Secure payment processing, and PCI Compliance
• Analytics Services: Usage analytics (anonymized data only)

Legal Requirements

We may disclose information when required by law, such as:

• To comply with a subpoena, court order, or legal process
• To protect our rights, property, or safety
• To investigate fraud or security issues
• To enforce our Terms of Service

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information becomes subject to a different privacy policy.

Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access with multi-factor authentication available
• Regular Security Audits: Periodic security assessments and penetration testing
• Secure Infrastructure: Hosted on AWS with enterprise-grade security
• Employee Training: Regular security and privacy training for all staff
• Incident Response: Documented procedures for security incidents

Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

• Active Accounts: Data retained while account is active
• Closed Accounts: Essential records retained for 7 years per healthcare regulations
• Session Records: Video recordings retained for 90 days (configurable)
• Backups: Secure backups retained for 30 days
• Marketing Data: Removed upon unsubscribe request

Your Rights and Choices

Access and Correction

You have the right to:

• Access your personal information
• Correct inaccurate or incomplete information
• Request a copy of your data in a portable format
• Delete your account and associated data (subject to legal requirements)

Communication Preferences

• Opt out of marketing communications at any time
• Manage notification preferences in your account settings
• Unsubscribe from emails using the link in each message

Cookie Management

You can control cookies through your browser settings. Note that disabling cookies may limit functionality.

California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know whether personal information is sold or disclosed
• Right to say no to the sale of personal information
• Right to equal service and price

We do not sell personal information to third parties.

International Data Transfers

Our servers are located in the United States. If you access therapyCRM from outside the US:

• Your information will be transferred to and processed in the US
• By using our service, you consent to this transfer
• We use appropriate safeguards for international transfers

Children's Privacy

therapyCRM is not intended for individuals under 18 years of age, unless initiated by a guardian or parent, for healthcare related services. If you become aware that a child has provided us with personal information, please contact us.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new policy on this page
• Updating the "Last Updated" date
• Sending email notification for material changes

Contact Information

If you have questions or concerns about this Privacy Policy, please contact us:

Data Protection Officer

For privacy-related inquiries, you may also contact our Data Protection Officer at dpo@therapycrm.com