Updated: April 22 2025
This Privacy Policy explains how Therassist (“we” or “us”) collects, uses, protects, and shares your information when you:
- Visit therassist.ai
- Communicate with this website through email, text, or other messages
- Use our services; and
- Create an account on, access, or use the Therassist software (the “App”).
Please read this policy carefully to understand our privacy policy and practices. By visiting our website, using our services, downloading, creating an account, or using the App, you agree to this privacy policy. If you don’t agree with it, please do not: access our website and services, or download or use the App.
Policy Updates
We may modify, alter, or update our privacy policy at any time, so we encourage you to review it frequently.
We will not provide individual notice to you of changes to our privacy policy, but when we make updates to it, we will update the date in this section. Your continued use of the website, services, and the App after we make changes is deemed to be acceptance of those changes.
What This Policy Covers
This policy applies only to data collected on this website, your use of our services, and through the App. It does not apply to:
- Information collected offline or on any other apps or websites we operate.
- Information collected by third-party services that may link to or from this website or the App.
Children Under 16
The website and the App are not intended for children under 16. We do not knowingly collect personal data from children under 16. If we learn we have received such data without parental consent, we will delete it. If you believe this may have happened, contact us at compliance@therassist.ai.
How We Collect and Use Your Information
Website
- Information You Provide
We may collect the following information that you provide when you fill out forms, subscribe, or contact us through our website:
- Personal details like your name, email, phone number, or other contact info.
- Account creation and login information.
- Payment information for subscription or service purchases.
- Customer support messages, survey responses, or feedback.
- Requests for service or product updates.
We use this data to respond to your requests, manage subscriptions, send service notices, and fulfil contractual obligations. We share it only with trusted service providers and business partners when necessary.
- Automatically Collected Information
We automatically collect technical and usage information including internet connection, operating system, browser type, usage details including searches you may conduct on our website, and IP address when you visit and interact with our website.
We use this data to improve website performance, recognize returning users, and analyze site traffic.
We collect it through cookies stored on your device when using our website. We don’t share it, and you may disable cookies in your browser.
We do not collect:
- Protected classification data (e.g., race, gender identity, religion)
- Commercial records (e.g., purchasing history)
- Biometric data
- Geolocation data
- Sensory data
- Employment or education records
- Inferences or profiling data
The App
1. Information You Provide
When you download, access, and use the App we may collect:
- Personal details like your name, email, phone number, or other contact info.
- Account creation and login information.
- Payment information for subscription or service purchases.
- Customer support messages, survey responses, or feedback.
- Requests for service or product updates.
2. Session Recordings and Transcripts
With your explicit consent, the App may record and transcribe therapy sessions using artificial intelligence (AI). These recordings and transcripts are never used for advertising or sold under any circumstances.
Audio or video recordings are stored in the App for up to 24 hours solely for the purpose of generating a transcript. Once the transcript is created, the original recording is deleted. In cases where a transcript is used to create a clinical note for your provider’s electronic health record (EHR), the data will be retained only until the note is created and transferred, and never beyond your selected maximum retention period. Transcripts are stored for a maximum of 72 hours and are then automatically deleted. You have the option to set a shorter retention period within the App.
If you give written consent, transcripts or other clinical data may be retained for longer than 72 hours, but only for specific, mutually agreed-upon purposes—such as treatment planning, clinician training, or improving App performance.
3. Automatically Collected Information
We collect technical and usage information when you interact with the App, including:
- Device type, operating system, browser, and IP address.
- Your use of features and time spent in the App.
- App performance, crash reports, and error data.
- Files stored on your device, but only if permission is granted.
The App may use cookies or similar tracking tools to collect this information. You can manage cookie preferences through your device settings. Disabling cookies may limit some App features.
4. Location Information
The App does not collect real-time GPS or precise location data.
How We Use Your Information on the App
We use your information to:
- Provide and maintain the App’s features, including transcription services.
- Notify you of account updates or subscription changes.
- Improve App performance and user experience.
- Personalize your experience and feature recommendations.
- Respond to your requests and support needs.
We may also contact you about new products or features. You can opt out of marketing messages at any time.
AI Use in Transcriptions
We use artificial intelligence to transcribe audio from therapy sessions. Transcripts are created for your benefit and may help summarize key points discussed. These are not used to diagnose or make medical decisions. All transcripts and recordings are stored securely. They are never shared with a third-party generative AI model and are not used to train any AI systems.
You are in control: you can choose to stop recordings or delete transcripts at any time.
Data Retention
We keep your data only as long as needed to provide services and meet legal requirements. You can request deletion of your data or account at any time by emailing compliance@therassist.ai.
How We Share Your Information
We do not sell your personal data.
We may share it:
- With service providers that help operate our website and App, under confidentiality agreements.
- If required by law, court order, or government request.
- To protect safety, legal rights, or in the event of a business merger or acquisition.
- With your explicit consent.
We may also share de-identified or aggregated data for analytics or research.
Your Choices and Controls
You have control over your information. You can:
- Review and update your account information on the website or in the App.
- Enable or disable session recording and transcription at any time in the App.
- Opt out of marketing emails by changing your settings or emailing compliance@therassist.ai.
- Delete your account in the App and all associated data by request.
Data Security
At Therassist, your privacy and data security are a top priority. Our security program includes technical, administrative, and physical safeguards that align to the National Institute of Standards and Technology (NIST) 800-53 cybersecurity framework. This framework provides federal standards for managing sensitive information and cybersecurity best practices.
The security program includes the following components:
- Encryption for online transactions involving personal information
- All session recordings and personal data are encrypted during transmission and storage.
- Access to your data is limited to authorized personnel.
- We follow industry technical, adminiData Encryption. Therassist encrypts your data both in transit, and at rest, using FIPS 140-2-compliant encryption methods. We use 256-bit AES encryption, a widely trusted industry standard, for protecting session recordings, transcripts, and personal information. Data exchanges occur over secure, encrypted HTTPS connections.
- Access Control. Access to systems containing personal or health-related information is restricted to authorized personnel who require it for services or support purposes. Role-based access controls and multi-factor authentication (MFA) are implemented across critical systems to manage access and support security protocols.
- Threat Detection and Monitoring. Therassist uses a combination of tools and practices to monitor for potential threats and suspicious activity. This includes:
- Identity and access monitoring
- Protections against phishing and malware
- Event log tamper detection
- Support from a 24/7 security operations center (SOC).
- Data Integrity. We use data integrity checks and safeguards to detect unauthorized changes. We also maintain secure, HIPAA-compliant backups of your data, and have disaster recovery protocols designed to restore system functionality in the event of operational disruptions.
- Risk Management and Staff Training. Therassist conducts annual risk assessments and penetration testing to identify and mitigate vulnerabilities. All staff receive regular training on HIPAA privacy and security requirements.
- Breach Response and Notification. We maintain a HIPAA-compliant incident response plan to address any unauthorized access, breach, or data loss. In the event of a breach affecting personal information, we will follow HIPAA breach notification requirements, including notifying affected individuals when required.strative, and physical security best practices to safeguard your information.
Access and Contact
To request access to your data, update it, or have it deleted, email compliance@therassist.ai. Deleting your data may require deleting your account.
You can also reach us at info@therassist.ai with general questions.
Accountability
We’ve appointed both a Privacy Officer and a Security Officer responsible for overseeing our data practices and compliance. If you have any concerns or complaints, please email compliance@therassist.ai.
State-Specific Privacy Rights
Residents of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia may have additional rights including to:
- Confirm whether we process their personal information.
- Access and delete certain personal information.
- Correct inaccuracies in their personal information, taking into account the information’s nature processing purpose (excluding Iowa and Utah).
- Data portability.
- Opt-out of personal data processing for:
- targeted advertising (excluding Iowa);
- sales; or
- profiling in furtherance of decisions that produce legal or similarly significant effects (excluding Iowa and Utah).
- Either limit (opt-out of) or require consent to process sensitive personal data.
The exact scope of these rights may vary by state.
Nevada provides its residents with a limited right to opt-out of certain personal information sales. Residents who wish to exercise this sale opt-out right may submit a request to compliance@therassist.ai. However, please know we do not currently sell data triggering that statute’s opt-out requirements.
To exercise your rights, or to appeal a decision, email us at compliance@therassist.ai.