Therassist, Inc. Privacy Policy
Last updated: February 14, 2026
This Privacy Policy explains how Therassist, Inc. ("we" or "us") collects, uses, protects, and shares your information when you:
- Visit therassist.ai
- Communicate with us through email, text, or other messages
- Use our services
- Create an account on, access, or use the Therassist software (the "App")
Please read this policy carefully to understand our privacy practices. By visiting our website, using our services, or using the App, you agree to this Privacy Policy. If you do not agree, please do not access our website or services, or use the App.
Policy Updates
We may modify, alter, or update this Privacy Policy at any time. We will notify customers via email when we make material changes to this Privacy Policy. We will also update the "Last updated" date at the top of this page. We encourage you to review this policy periodically, but you can rely on us to notify you of significant changes. Your continued use of the website, services, and the App after changes are made constitutes acceptance of those changes.
What This Policy Covers
This policy applies only to data collected on this website, your use of our services, and through the App. It does not apply to:
- Information collected offline or on any other apps or websites we operate.
- Information collected by third-party services that may link to or from this website or the App.
Children Under 16
The website and the App are not intended for children under 16. We do not knowingly collect personal data from children under 16. If we learn we have received such data without parental consent, we will delete it. If you believe this may have happened, contact us at compliance@therassist.ai.
How We Collect and Use Your Information
Website
1. Information You Provide
We may collect the following information that you provide when you fill out forms, subscribe, or contact us through our website:
- Personal details like your name, email, phone number, or other contact info.
- Account creation and login information.
- Payment information for subscription or service purchases.
- Customer support messages, survey responses, or feedback.
- Requests for service or product updates.
We use this data to respond to your requests, manage subscriptions, send service notices, and fulfill contractual obligations. We share it only with trusted service providers and business partners when necessary.
2. Automatically Collected Information
We automatically collect technical and usage information including internet connection, operating system, browser type, usage details including searches you may conduct on our website, and IP address when you visit and interact with our website.
We use this data to improve website performance, recognize returning users, and analyze site traffic.
We collect it through cookies stored on your device when using our website. We do not share it, and you may disable cookies in your browser.
We do not collect:
- Protected classification data (e.g., race, gender identity, religion)
- Commercial records (e.g., purchasing history)
- Biometric data
- Geolocation data
- Sensory data
- Employment or education records
- Inferences or profiling data
The App
1. Information You Provide
When you download, access, and use the App we may collect:
- Personal details like your name, email, phone number, or other contact info.
- Account creation and login information.
- Payment information for subscription or service purchases.
- Customer support messages, survey responses, or feedback.
- Requests for service or product updates.
2. Session Recordings and Transcripts
With your explicit consent, the App may record and transcribe therapy sessions using artificial intelligence (AI). These recordings and transcripts are never used for advertising or sold under any circumstances.
Recordings: Audio or video recordings are used solely for the purpose of generating a transcript. Recordings are deleted typically immediately after the encounter, and always within 24 hours of creating the de-identified transcript. Exception: When a practice configures its Zoom account settings to retain recordings for a longer period, recordings are kept according to that practice's discretion and Zoom configuration. Therassist does not control Zoom-level retention settings configured by the practice.
Transcripts: Once a transcript is generated, we create a de-identified version (see "What De-Identification Means" below) and delete the original transcript. Original transcripts are deleted typically immediately after processing, and always within 24 hours of creating the de-identified version. De-identified transcripts may be retained only as long as they are useful for improving our services.
AI Model Validation: With your explicit written consent, we may temporarily retain some recordings to validate the accuracy of our AI models. These recordings are retained only for as long as necessary to complete the validation process and are deleted promptly thereafter.
Protected Health Information (PHI): We do not otherwise retain Protected Health Information. Outside of the limited, temporary processing described above, PHI is not stored in our systems.
You are in control: you can choose to stop recordings or delete transcripts at any time.
What De-Identification Means
De-identification is the process of removing or transforming information so that it can no longer be used to identify a specific individual. When we de-identify transcripts, we strip out all personally identifiable information including names, dates of birth, addresses, phone numbers, email addresses, and any other data that could reasonably be used to identify a patient or therapist. The resulting de-identified data cannot be linked back to any individual and is no longer considered Protected Health Information (PHI) under HIPAA. We use de-identified data solely to analyze patterns, improve our AI models, and enhance our services.
3. Automatically Collected Information
We collect technical and usage information when you interact with the App, including:
- Device type, operating system, browser, and IP address.
- Your use of features and time spent in the App.
- App performance, crash reports, and error data.
- Files stored on your device, but only if permission is granted.
The App may use cookies or similar tracking tools to collect this information. You can manage cookie preferences through your device settings. Disabling cookies may limit some App features.
4. Location Information
The App does not collect real-time GPS or precise location data.
How We Use Your Information on the App
We use your information to:
- Provide and maintain the App's features, including transcription services.
- Notify you of account updates or subscription changes.
- Improve App performance and user experience.
- Personalize your experience and feature recommendations.
- Respond to your requests and support needs.
We may also contact you about new products or features. You can opt out of marketing messages at any time.
AI Use in Transcriptions
We use artificial intelligence to transcribe audio from therapy sessions. Transcripts are created for your benefit and may help summarize key points discussed. These are not used to diagnose or make medical decisions. All transcripts and recordings are stored securely. They are never shared with a third-party generative AI model and are not used to train any AI systems.
Data Retention
We are committed to minimizing the data we retain. Our data retention practices are as follows:
- Recordings are deleted typically immediately after the encounter, and always within 24 hours of creating the de-identified transcript. The sole exception is when a practice has configured its Zoom account to retain recordings longer, in which case retention follows the practice's Zoom configuration.
- Original transcripts are deleted typically immediately after processing, and always within 24 hours of creating the de-identified version.
- De-identified transcripts are retained only as long as they are useful for improving our services. Because these transcripts contain no personally identifiable information, they are not considered PHI.
- AI model validation recordings may be retained temporarily with your explicit written consent, only for as long as necessary to complete the validation, and are deleted promptly thereafter.
- Account and profile data is kept for as long as you maintain an active account and as needed to meet legal requirements.
- Protected Health Information (PHI) is not otherwise retained by Therassist beyond the temporary processing described above.
You can request deletion of your data or account at any time by emailing compliance@therassist.ai.
How We Share Your Information
We do not sell your personal data.
We may share it:
- With service providers that help operate our website and App, under confidentiality agreements.
- If required by law, court order, or government request.
- To protect safety, legal rights, or in the event of a business merger or acquisition.
- With your explicit consent.
We may also share de-identified or aggregated data for analytics or research.
Your Choices and Controls
You have control over your information. You can:
- Review and update your account information on the website or in the App.
- Enable or disable session recording and transcription at any time in the App.
- Opt out of marketing emails by changing your settings or emailing compliance@therassist.ai.
- Delete your account and all associated data by request.
Data Security
At Therassist, your privacy and data security are a top priority. Our security program includes technical, administrative, and physical safeguards that align to the National Institute of Standards and Technology (NIST) 800-53 cybersecurity framework. This framework provides federal standards for managing sensitive information and cybersecurity best practices.
The security program includes the following components:
- Data Encryption. Therassist encrypts your data both in transit and at rest using FIPS 140-2-compliant encryption methods. We use 256-bit AES encryption, a widely trusted industry standard, for protecting session recordings, transcripts, and personal information. Data exchanges occur over secure, encrypted HTTPS connections.
- Access Control. Access to systems containing personal or health-related information is restricted to authorized personnel who require it for services or support purposes. Role-based access controls and multi-factor authentication (MFA) are implemented across critical systems.
- Threat Detection and Monitoring. Therassist uses a combination of tools and practices to monitor for potential threats and suspicious activity, including:
- Identity and access monitoring
- Protections against phishing and malware
- Event log tamper detection
- Support from a 24/7 security operations center (SOC)
- Data Integrity. We use data integrity checks and safeguards to detect unauthorized changes. We also maintain secure, HIPAA-compliant backups of your data, and have disaster recovery protocols designed to restore system functionality in the event of operational disruptions.
- Risk Management and Staff Training. Therassist conducts annual risk assessments and penetration testing to identify and mitigate vulnerabilities. All staff receive regular training on HIPAA privacy and security requirements.
- Breach Response and Notification. We maintain a HIPAA-compliant incident response plan to address any unauthorized access, breach, or data loss. In the event of a breach affecting personal information, we will follow HIPAA breach notification requirements, including notifying affected individuals when required.
Access and Contact
To request access to your data, update it, or have it deleted, email compliance@therassist.ai. Deleting your data may require deleting your account.
For general inquiries, contact us at info@therassist.ai.
For support, contact us at support@therassist.ai or call (866) 722-4313.
Accountability
We have appointed both a Privacy Officer and a Security Officer responsible for overseeing our data practices and compliance. If you have any concerns or complaints, please email compliance@therassist.ai.
Related Documents
State-Specific Privacy Rights
Residents of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia may have additional rights including to:
- Confirm whether we process their personal information.
- Access and delete certain personal information.
- Correct inaccuracies in their personal information, taking into account the information's nature and processing purpose (excluding Iowa and Utah).
- Data portability.
- Opt-out of personal data processing for:
- Targeted advertising (excluding Iowa)
- Sales
- Profiling in furtherance of decisions that produce legal or similarly significant effects (excluding Iowa and Utah)
- Either limit (opt-out of) or require consent to process sensitive personal data.
The exact scope of these rights may vary by state.
Nevada provides its residents with a limited right to opt-out of certain personal information sales. Residents who wish to exercise this sale opt-out right may submit a request to compliance@therassist.ai. However, please know we do not currently sell data triggering that statute's opt-out requirements.
To exercise your rights, or to appeal a decision, email us at compliance@therassist.ai.