Privacy Policy
TherapyTasks is committed to protecting your privacy and maintaining the security of your data. Our platform is built with privacy at its core, adhering rigorously to HIPAA, GDPR, and PCI-DSS regulations.
Data Collection
- No Identifiable Information: We do not store any personal identifying information about clients beyond a first name and last initial. Clients sign in using a secure, one-time-use invitation code generated by their therapist, eliminating the need for phone numbers or email addresses.
Data Security
- Secure Authentication: Clients log into the mobile application using a secure QR code provided by their therapist. This generates session-specific JWT tokens that ensure secure and encrypted communication between the app and our servers.
- Session Security: Clients set a PIN code in the app to provide an additional layer of protection. In case a client loses their device, therapists can immediately revoke access from their secure dashboard, preventing unauthorized data access.
- Encryption: All data, whether stored (at rest) or being transmitted, is protected using industry-standard encryption protocols, ensuring data integrity and confidentiality.
Payment Security
- PCI Compliance: TherapyTasks processes payments exclusively through Stripe, a trusted and fully PCI-DSS compliant provider. We do not store or directly handle payment or credit card information.
GDPR
- We adhere to GDPR by minimizing data collection and processing. Therapist information collected is strictly for internal organizational purposes and never shared externally.
- We do not collect or store any personal identifying information about clients beyond a first name and last initial. Clients sign in using a secure, one-time-use invitation code generated by their therapist, eliminating the need for phone numbers or email addresses.
Data Retention
- Two-Year Retention Policy: Client data is retained for two years after discharge to ensure clients have continued access to their treatment information during this period. After two years of inactivity, data is securely deleted.
Therapist Collaboration and Privacy
- Shared Task Libraries: Therapists within the same organization can choose whether or not to collaborate by using shared libraries of tasks and resources, and cannot access each other's client information. Organizational administrators can view aggregate metrics but never individual client data.
- Error Monitoring and Privacy: System administrators monitor platform performance and errors but do not have access to detailed client-specific or therapist-specific information, preserving user privacy.
Third-Party Integrations
TherapyTasks limits third-party integrations to necessary service providers. All integrations are carefully vetted and secured. We never share user-specific or client-specific information with third parties.
HIPAA
Terms of Service
By using TherapyTasks, you agree to these Terms of Service. Please review them carefully.
Account Responsibilities
- User Responsibilities: Users are responsible for maintaining the confidentiality of their login information and PIN codes. Any unauthorized use or security breach must be reported immediately to your therapist.
- Therapist Access: Therapists have control over client access, including the ability to revoke client permissions immediately if necessary.
Acceptable Use
- Appropriate Use: Users must use TherapyTasks solely for therapy-related tasks assigned by their therapist. Unauthorized or inappropriate use of the platform is strictly prohibited and may result in account termination.
Changes to This Policy
TherapyTasks may update these policies occasionally. We will notify all active therapists via email of any significant changes and clearly indicate updates on our website.
Contact Information
If you have any questions about this privacy policy or our security practices, please contact us at: bryan@37chairs.com