Legal
Last updated: January 1, 2026
Therapy Ally (“we,” “our,” or “us”) is committed to protecting your privacy and the privacy of your clients. This Privacy Policy explains how we collect, use, disclose, and safeguard information in connection with our Clinician Console and companion application.
We collect information you provide directly when creating an account, including your name, email address, professional credentials, and practice information. We do not collect or store personally identifiable information about your clients. Clinical interaction data is stored in de-identified form only.
We use the information we collect to provide, maintain, and improve our services; send you technical notices and support messages; respond to your comments and questions; and comply with legal obligations. We do not sell or rent your personal information to third parties.
Therapy Ally is designed with HIPAA compliance as a foundational principle. We maintain a Business Associate Agreement (BAA) with covered entities. All clinical data is encrypted at rest and in transit. We employ technical, administrative, and physical safeguards appropriate to the sensitivity of the information we handle.
Your data is hosted on SOC 2 Type II certified infrastructure. We use industry-standard encryption (AES-256 at rest, TLS 1.2+ in transit). Client conversation data is never stored as full transcripts. Only structured, de-identified summaries are retained and accessible through the Clinician Console.
Therapy Ally does not store full transcripts of client conversations. Clinicians receive structured summaries of key themes and moments. The AI system does not retain identifying information about clients and cannot correlate conversation data to named individuals. Clients retain full control over their data and may delete their account at any time.
We do not share your personal information with third parties except as necessary to provide our services (e.g., infrastructure providers under confidentiality agreements), when required by law, or with your explicit consent. We do not use client data to train AI models without explicit consent.
You may access, correct, or delete your account information at any time through the Clinician Console settings. You may also contact us to request a copy of your data or to exercise any applicable data rights under GDPR, CCPA, or other applicable laws.
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice in the Clinician Console. Your continued use of the service after changes become effective constitutes acceptance of the revised policy.
If you have questions about this Privacy Policy or our privacy practices, please contact us at privacy@therapyally.ai.