Privacy Policy
Last updated: 10 June 2026 · This English version is binding.
MyPsyche is practice software for licensed schema therapists. This policy explains two distinct things: how we handle your data when you are a therapist using MyPsyche (we are the controller), and how client data inside your workspace is handled (you are the controller; we are your processor).
1. Who we are
[COMPANY LEGAL NAME], [REGISTERED ADDRESS], registered under [REGISTER + NUMBER], VAT [VAT ID]. Contact: [CONTACT EMAIL]. (Provider identification per Art. 5 of Directive 2000/31/EC.)
2. Therapist accounts — MyPsyche as controller
- What we process: your name, email, professional credentials, password (stored only as an argon2id hash), workspace settings, language preference, subscription tier, and an audit trail of account activity (login IPs are stored in the audit log for security).
- Why: to provide the service (contract, Art. 6(1)(b)), to secure it (legitimate interest, Art. 6(1)(f)), and to meet legal obligations (Art. 6(1)(c)).
- Marketing site: we use only strictly necessary cookies (session authentication, security). We run no advertising trackers, no analytics pixels and no third-party embeds — which is why you see no cookie banner. (Consent exemption per Art. 5(3) of the ePrivacy Directive.)
- Your rights: access, rectification, erasure, restriction, portability, objection — write to [CONTACT EMAIL]. You can lodge a complaint with your supervisory authority (e.g. UODO in Poland, Autoriteit Persoonsgegevens in the Netherlands).
3. Client data — MyPsyche as processor
Records about your clients (contact details, notes, questionnaire answers, session recordings and transcripts, conceptualizations) are health data under Art. 9 GDPR. You, the treating professional, are the controller; MyPsyche processes this data only on your instructions, under a Data Processing Agreement (Art. 28 GDPR). Client rights requests (access, erasure, export) go to the treating therapist; we assist the therapist in fulfilling them. Erasure honours statutory record-retention duties that apply to healthcare professionals (e.g. 20 years under the Dutch WGBO).
4. How client data is protected
- Field-level AES-256-GCM encryption of records, notes and answers — applied in the application before data reaches the database, on top of disk encryption.
- Session audio is consent-gated and envelope-encrypted (a unique data key per file, wrapped by a master key). Withdrawing consent erases audio and transcript.
- Strict tenant isolation: every record is scoped to the owning therapist's account.
- Clients see only what the therapist explicitly shares, item by item, revocable at any time.
- An append-only audit log records access to records; sessions are revocable server-side; all access tokens are stored only as SHA-256 hashes.
- Public endpoints are rate-limited; questionnaire links are high-entropy, expiring tokens.
5. Sub-processors
We use a small number of sub-processors, each bound by data-processing terms. AI providers are contractually barred from training on your data. Current list (see also the AI transparency page):
| Provider | Purpose | Region / transfer basis | Retention |
|---|---|---|---|
| Railway | Hosting (application + database + file storage) | EU region available; SCCs | For the life of your account |
| Anthropic | AI drafting and summaries (Claude API) | US; SCCs (DPA incorporated in commercial terms) | No training on data; short fixed API log window |
| Speechmatics | Audio transcription | UK (EU adequacy decision) | Auto-deleted after 7 days |
| Voyage AI | Text embeddings (semantic retrieval) | US; SCCs | Zero-retention setting |
We will announce sub-processor changes to account holders in advance.
6. Breach notification
We notify affected controllers (therapists) of personal-data breaches without undue delay so they can meet their own 72-hour duty to the supervisory authority.
7. Changes
We will notify account holders of material changes to this policy by email or in-product notice before they take effect.