Privacy Policy — I'm Therapist

1. Introduction

Welcome to I'm Therapist ("we", "us", "our"). We operate the I'm Therapist platform, an AI-powered practice management and clinical support tool for mental health professionals (the "Service").

This Privacy Policy explains what information we collect when you use our Service, how we use that information, and the choices you have in relation to your data. We are committed to protecting your privacy and handling your data with care, transparency, and respect.

By creating an account or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with any part of this policy, please do not use the Service.

2. Information We Collect

We collect information in three ways: information you provide directly, information collected automatically when you use the Service, and information entered into the platform as part of your clinical practice.

Account Information: When you register, we collect your name, email address, professional credentials (if provided), and password. You may also optionally provide information about your practice, therapy modalities, and professional background.

Usage Data: We automatically collect certain information about how you interact with the Service, including pages visited, features used, time spent on the platform, browser type, device information, and IP address. This data is used in aggregate to improve the platform.

Client Data Entered by Therapists: As part of using the Service, you may enter information about your clients, including session notes, treatment plans, and clinical observations. This data is entered by you and remains under your control. We act as a data processor for this information (see Section 6).

Communications: If you contact us by email or through our contact form, we retain that correspondence to assist you and improve our support.

3. How We Use Your Information

We use the information we collect for the following purposes:

Platform functionality: To provide, operate, and maintain the Service, including generating AI-powered clinical questions and managing your practice data.
Platform improvements: To understand how therapists use the Service, identify areas for improvement, and develop new features. We use aggregated, anonymised data for this purpose.
Communications: To send you service-related notifications (e.g. account confirmation, security alerts), product updates, and — where you have opted in — marketing communications. You can unsubscribe from marketing emails at any time.
Support: To respond to your enquiries and resolve technical issues.
Legal compliance: To comply with applicable laws, regulations, and legal obligations.

We do not sell your personal data to third parties. We do not use your client data or session content to train AI models without your explicit, informed consent.

4. Data Storage and Security

All data is transmitted using TLS 1.3 encryption and stored at rest using AES-256 encryption. We use reputable cloud infrastructure providers with SOC 2 Type II certification and regular third-party security audits.

Access to your data within our organisation is governed by strict role-based access controls. Only personnel who need access to perform their job functions are permitted to access platform data, and all access is logged and audited.

We conduct regular security reviews and penetration testing to identify and address vulnerabilities. In the event of a data breach that affects your data, we will notify you in accordance with applicable law.

While we take extensive precautions, no method of transmission over the internet or electronic storage is 100% secure. We encourage you to use a strong, unique password and to contact us immediately at support@imtherapist.com if you suspect any unauthorised access to your account.

5. HIPAA Compliance

We understand that many of our users in the United States are subject to the Health Insurance Portability and Accountability Act (HIPAA). We are actively working through our formal HIPAA compliance programme and are committed to operating as a HIPAA-compliant Business Associate for therapists who require it.

We will enter into a Business Associate Agreement (BAA) with US-based therapists upon request. To request a BAA, please contact us at support@imtherapist.com.

Our security measures — including encryption in transit and at rest, access controls, audit logging, and incident response procedures — are designed to meet or exceed HIPAA's Technical Safeguard requirements.

6. Client Data

When you use I'm Therapist to manage client information, create treatment plans, or record session notes, you are the data controller for that information. You are responsible for ensuring you have the appropriate legal basis and consent from your clients to enter and process their personal data on the platform.

We act as a data processor for client data — we process it only on your instructions and in accordance with this Privacy Policy. We do not access, read, or use client data for any purpose other than providing and improving the Service.

As the data controller, you are responsible for complying with all applicable data protection laws in relation to your clients' personal data, including obtaining appropriate consent and responding to client data subject requests.

7. Data Retention

We retain your account information and clinical data for as long as your account is active, or as necessary to provide the Service. If you close your account, we will delete or anonymise your personal data within 30 days, unless we are required to retain it for legal compliance purposes (e.g. financial records).

You can request deletion of your account and all associated data at any time by emailing support@imtherapist.com. We will confirm the deletion within 30 days.

We strongly recommend exporting your clinical data before closing your account, as deletion is irreversible.

8. Your Rights

Depending on your location, you may have the following rights in relation to your personal data:

Access: The right to request a copy of the personal data we hold about you.
Correction: The right to request correction of inaccurate or incomplete data.
Deletion: The right to request deletion of your personal data.
Portability: The right to receive your data in a structured, machine-readable format.
Restriction: The right to request that we restrict the processing of your data in certain circumstances.
Objection: The right to object to processing based on legitimate interests.
Withdrawal of consent: Where processing is based on consent, the right to withdraw that consent at any time.

To exercise any of these rights, please contact us at support@imtherapist.com. We will respond to all requests within 30 days.

9. Cookies

We use cookies and similar tracking technologies to operate and improve the Service. Cookies are small text files stored on your device.

We use the following types of cookies:

Essential cookies: Required for the Service to function (e.g. authentication, session management). These cannot be disabled.
Analytics cookies: Used to understand how users interact with the platform (e.g. which features are used most). We use anonymised data only.
Preference cookies: Used to remember your settings and preferences (e.g. UI preferences).

You can control cookies through your browser settings. Disabling essential cookies may prevent the Service from functioning correctly.

10. Third Party Services

We use a limited number of third-party services to operate the platform:

Anthropic (Claude AI): We use Anthropic's Claude API to power the AI Question Generator and other AI features. Input data sent to the AI is used only to generate responses and is governed by Anthropic's API terms. We do not send identifiable client data to the AI without your action.
Cloud Infrastructure: We use industry-standard cloud providers for hosting, storage, and database services. All providers are contractually required to maintain appropriate security standards.
Email Services: We use a transactional email provider to send account notifications and communications. Your email address is shared with this provider solely for this purpose.

We do not use advertising networks or sell your data to any third-party for marketing purposes.

11. Children's Privacy

The Service is intended for use by licensed mental health professionals and is not designed for or directed at individuals under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with personal data, please contact us at support@imtherapist.com and we will take steps to delete that information.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email and/or by displaying a prominent notice on the platform at least 14 days before the changes take effect.

We encourage you to review this policy periodically. Your continued use of the Service after changes take effect constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us:

Email: support@imtherapist.com

We aim to respond to all privacy enquiries within 5 business days.

You also have the right to lodge a complaint with your local data protection authority if you are unsatisfied with our response.