Privacy Policy

We collect only what we need to provide the Service:

• Account information — your name and email address provided by your identity provider (Google or Microsoft) when you sign in.
• Conversation content — the messages you exchange with the AI and any therapist review notes associated with them.
• Access and audit records — sign-in events and timestamps used to maintain a secure, auditable record of access.

We use your information to operate the Service, connect you with your therapist, maintain security and audit trails, and improve reliability. We do not sell your personal information, and we do not use your conversation content to train third-party AI models.

PsychPocket is designed to support compliance with the Health Insurance Portability and Accountability Act (HIPAA). Access to protected health information follows the minimum-necessary principle: therapists may view the conversations relevant to the clients in their care, and administrators can manage accounts without access to conversation content.

Conversations are processed by a large language model hosted in our private cloud environment. The AI service is configured with data logging disabled and operates over private network endpoints, so prompts and responses are not exposed to the public internet or retained by the model provider for training.

We share your information only as needed to provide the Service — for example, with the therapist assigned to your care — or as required by law. We use trusted infrastructure providers to host the Service under appropriate data-protection agreements.

Data is encrypted in transit (HTTPS/TLS) and at rest. Access is role-based and audited, authentication is handled by established identity providers, and our services communicate over private network endpoints. See our security overview for more detail.

We retain your information for as long as your account is active or as needed to provide the Service and meet legal, regulatory, and audit obligations. You may request deletion of your account and associated data, subject to records we are required to retain.

You may request access to, correction of, or deletion of your personal information. Depending on your jurisdiction, you may have additional rights regarding your data. To exercise any of these, reach us through our contact page.

We may update this policy from time to time and will revise the “Last updated” date above when we do. Material changes will be communicated through the Service.