Privacy Policy

1. Introduction

This Privacy Policy (“Policy”) describes how Therapy Companion LLC collects, uses, discloses, and protects personal information through the Therapy Companion platform available at therapycompanion.ai (the “Platform”).

Therapy Companion is a web-based therapy practice management platform that connects licensed therapists (“Therapists”) with their clients (“Clients”). Together, Therapists and Clients are referred to as “Users” or “you.”

By accessing or using the Platform, you acknowledge that you have read, understood, and agree to the practices described in this Policy. If you do not agree, you must discontinue use of the Platform.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Name, email address, and authentication credentials.
• Profile Information: Professional credentials (for Therapists), contact details, and preferences.
• Therapy Goals: Goals and objectives entered by Clients or on behalf of Clients by Therapists.
• Incident Reports: Records of incidents documented within the Platform.
• Check-Ins: Periodic self-assessments and status updates submitted by Clients.
• Session Notes: Notes recorded by Therapists during or after therapy sessions.
• Clinical Notes: Detailed clinical documentation maintained by Therapists.
• Homework and Assignments: Therapeutic exercises and tasks assigned to Clients.
• Appointment Data: Scheduling information, appointment history, and calendar data.
• Messages: Communications exchanged between Therapists and Clients through the Platform.
• Insurance Information: Insurance company details, policy numbers, group numbers, subscriber information, authorization numbers, and related insurance data.
• Compliance Records: Authorization tracking data, compliance task history, submission records, and deadline management data generated by the Platform’s Insurance Intelligence features.

2.2 Information Collected Automatically

• Usage Data: Pages viewed, features used, time spent on the Platform, and interaction patterns.
• Device and Browser Information: Browser type, operating system, device type, and screen resolution.
• Log Data: IP addresses, access times, referring URLs, and error logs.
• Cookies and Similar Technologies: See Section 9 below.

2.3 Information from Third-Party Services

• Authentication Data: Information received through Supabase Auth when you sign in via email/password or magic link.

3. How We Use Your Information

• Platform Operations: To provide, maintain, and improve the Platform and its features.
• Account Management: To create, authenticate, and manage your account.
• Therapy Support: To facilitate the therapeutic relationship between Therapists and Clients.
• Insurance Compliance: To provide insurance authorization tracking, compliance task scheduling, eligibility verification, document generation, and deadline management.
• AI-Assisted Features: To process and structure clinical notes and other content using artificial intelligence (see Section 5).
• Communications: To send transactional emails, appointment reminders, and Platform notifications.
• Security: To detect, prevent, and address fraud, unauthorized access, and other security concerns.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.
• Analytics: To understand usage patterns and improve the Platform experience.

4. Legal Bases for Processing

• Contractual Necessity: Processing required to provide the services you have requested.
• Legitimate Interests: Processing necessary for our legitimate business interests, where those interests are not overridden by your rights.
• Consent: Where you have provided explicit consent for specific processing activities.
• Legal Obligation: Processing required to comply with applicable laws and regulations.

5. Artificial Intelligence and Data Processing

The Platform incorporates AI-powered features using Anthropic’s Claude API to assist Therapists in structuring and organizing clinical notes and other content.

How AI Processing Works

• When AI-assisted features are used, relevant data (such as session notes or clinical content) is transmitted to Anthropic’s Claude API for processing.
• Anthropic processes this data in accordance with its own privacy policy and data processing terms.
• AI-generated output is returned to the Platform and stored within your account.

Important Disclosures

• AI features are tools to assist Therapists; they do not replace clinical judgment.
• We do not use your data to train AI models. Anthropic’s commercial API terms prohibit the use of API inputs for model training.
• Therapists are responsible for reviewing and verifying all AI-generated content before use in clinical practice.

5.1 AI-Assisted Medical Necessity Optimization

The Platform may use AI to review clinical session notes and suggest language to help ensure documentation includes elements commonly expected by insurance payers. This feature:

• Analyzes existing session data already stored within the Platform to generate suggestions
• Does not fabricate, invent, or insert clinical observations not reported by the Therapist
• Requires Therapist review and approval before any suggested language is incorporated into clinical documentation
• Is subject to Anthropic’s data processing terms as described above

6. How We Share Your Information

We do not sell your personal information. We do not share your information with third parties for their advertising purposes.

6.1 Service Providers

6.2 Therapist-Client Relationship

Information shared within the Platform between a Therapist and their Client is accessible to both parties as necessary for the therapeutic relationship.

6.3 Legal Requirements

We may disclose information if required to do so by law, regulation, legal process, or enforceable governmental request.

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

7. Data Retention

• Clinical Records: Retained for seven (7) years from the date of the last therapeutic interaction.
• Account Information: Retained for the duration of your account and a reasonable period thereafter.
• Usage and Log Data: Retained for up to twenty-four (24) months.
• Communications: Retained for the duration of the therapeutic relationship plus the applicable clinical record retention period.

8. Your Rights and Choices

8.1 All Users

• Access your personal information held by us.
• Correct inaccurate or incomplete personal information.
• Export your data in a portable, machine-readable format.
• Delete your account and associated personal information, subject to legal retention requirements.
• Withdraw Consent for processing activities based on consent.

8.2 California Residents — CCPA/CPRA Rights

If you are a California resident, you have additional rights including: Right to Know, Right to Delete, Right to Correct, Right to Opt Out of Sale or Sharing, Right to Limit Use of Sensitive Personal Information, and Non-Discrimination. We do not sell your personal information or share it for cross-context behavioral advertising.

8.3 Texas Residents — TDPSA Rights

If you are a Texas resident, you have rights under the Texas Data Privacy and Security Act including: Right to Access, Right to Correction, Right to Deletion, Right to Data Portability, and Right to Opt Out. We do not sell personal data, engage in targeted advertising, or profile users for decisions producing legal or similarly significant effects.

8.4 Colorado Residents — CPA Rights

If you are a Colorado resident, you have rights under the Colorado Privacy Act including: Right to Access, Right to Correction, Right to Deletion, Right to Data Portability, and Right to Opt Out of targeted advertising, sale of personal data, or profiling. To exercise these rights, contact us using the information in Section 13. You may appeal a denied request by contacting us with the subject line “CPA Appeal.”

8.5 Virginia Residents — VCDPA Rights

If you are a Virginia resident, you have rights under the Virginia Consumer Data Protection Act including: Right to Access, Right to Correction, Right to Deletion, Right to Data Portability, and Right to Opt Out of targeted advertising, sale of personal data, or profiling. To exercise these rights, contact us using the information in Section 13. You may appeal a denied request by contacting us with the subject line “VCDPA Appeal.”

9. Cookies and Tracking Technologies

• Strictly Necessary Cookies: Required for authentication, security, and core Platform functionality.
• Functional Cookies: Used to remember your preferences and settings.
• Analytics Cookies: Used to understand how the Platform is used and to improve performance.

We do not use advertising or third-party tracking cookies. We do not engage in cross-site tracking.

10. Data Security

We implement administrative, technical, and physical safeguards to protect your information, including encryption of data in transit (TLS/SSL) and at rest, authentication controls, role-based access controls, regular security assessments, and access logging and audit trails.

11. Children's Privacy

The Platform is not designed for or directed to children under the age of thirteen (13). Users between thirteen (13) and eighteen (18) may use the Platform only with verified consent of a parent or legal guardian.

12. Changes to This Policy

We may update this Policy from time to time. When we make material changes, we will update the “Last Updated” date and notify you via email or through a prominent notice on the Platform prior to the changes taking effect.

13. Contact Information

Therapy Companion LLC
Email: privacy@therapycompanion.ai
Website: therapycompanion.ai

For CCPA, TDPSA, or other privacy rights requests, please include “Privacy Request” in the subject line.

14. Insurance Intelligence Data Practices

The Platform maintains a database of insurance company information and general payer requirements to power Insurance Intelligence features. This information is compiled from publicly available sources, supplemented by user-reported information, periodically verified against primary sources, and is not guaranteed to be accurate, complete, or current.

Insurance Data Retention

• Client insurance records: Seven (7) years from the date of the last therapeutic interaction.
• Compliance submissions: Minimum of six (6) years consistent with HIPAA documentation retention standards.
• Eligibility verification results: Twenty-four (24) months.
• Insurance requirements data (non-client-specific): Retained indefinitely and updated periodically.

15. Supplemental Disclosures

15.1 HIPAA Notice

Upon achieving HIPAA compliance, we will enter into Business Associate Agreements (BAAs) with Therapist users who are Covered Entities. A separate Notice of Privacy Practices will be made available at that time.

15.2 International Users

The Platform is hosted and operated in the United States. If you access the Platform from outside the United States, your information will be transferred to and processed in the United States.