THERASNAP PRIVACY POLICY
Last Updated: 11-27-2025
1. INTRODUCTION
TheraSnap (“we,” “our,” or “us”) is committed to protecting the privacy and security of your information. This Privacy Policy explains how we collect, use, and safeguard your information when you use our HIPAA-compliant clinical documentation application.
2. INFORMATION WE COLLECT
2.1 Account Information
• Name and credentials
• Email address
• Professional license information
• Billing information (processed by third-party providers)
2.2 Clinical Documentation Information
• Client names and contact information you enter (encrypted)
• Your voice recordings and dictation (encrypted)
• Clinical notes you create or edit (encrypted)
• Treatment information you document
2.3 Usage Information
• App usage statistics
• Feature usage patterns
• Device information
• IP address (for security)
2.4 Voice Recordings and Dictation
• Audio recordings of YOUR voice memos and dictation (encrypted)
• Transcription data from your voice recordings
• AI-processed content generated from your dictation
IMPORTANT CLARIFICATION: TheraSnap is designed for therapists to record voice memos AFTER sessions end. We collect recordings of therapist dictation, not recordings of therapy sessions with clients present. However, if you choose to use TheraSnap to record actual client sessions (not our intended use), those recordings would also be collected and stored with encryption.
3. HOW WE USE INFORMATION
3.1 To Provide Services
• Process your voice recordings into clinical notes
• Store and organize client data you enter
• Generate reports based on your documentation
• Enable secure access to your clinical records
3.2 To Improve Services
• Analyze usage patterns
• Improve AI transcription and note generation accuracy
• Develop new features
• Fix bugs and issues
3.3 For Security
• Detect unauthorized access
• Prevent fraud
• Maintain audit logs
• Comply with legal obligations
4. HIPAA COMPLIANCE
4.1 Protected Health Information (PHI)
We handle PHI in accordance with HIPAA requirements:
• Encryption at rest and in transit
• Access controls and audit logs
• Minimum necessary access
• Secure disposal procedures
4.2 Business Associate Agreement
We act as your Business Associate under HIPAA when you use TheraSnap for PHI. Your voice memos, dictation, and clinical notes contain PHI and are treated with the highest level of security and confidentiality.
5. DATA SECURITY
5.1 Technical Safeguards
• AES-256 encryption for data at rest
• TLS 1.3 for data in transit
• Secure key management
• Regular security audits
5.2 Administrative Safeguards
• Employee training
• Access controls
• Incident response procedures
• Regular risk assessments
5.3 Physical Safeguards
• Secure data centers (Google Cloud)
• Access controls
• Environmental protections
• Device security
6. DATA SHARING
6.1 We DO NOT Share
• PHI with third parties (except as required by law or with your consent)
• Client information for marketing purposes
• Your voice recordings with anyone
• Clinical notes with anyone
6.2 We May Share
• Anonymized aggregate statistics (de-identified data only)
• Information with your explicit consent
• Information to comply with legal obligations
• Information with service providers under strict Business Associate Agreements
6.3 Third-Party Processing
• We use OpenAI for AI transcription and note generation
• Audio is processed temporarily and is NOT retained by OpenAI
• We have a Business Associate Agreement with OpenAI covering HIPAA compliance
• No PHI is used to train AI models
7. THIRD-PARTY SERVICES
7.1 Infrastructure
• Google Cloud Platform (hosting) – HIPAA-compliant BAA in place
• Firebase (authentication, database) – HIPAA-compliant BAA in place
• OpenAI (AI processing) – HIPAA-compliant BAA in place, no data retention
7.2 Payment Processing
• Apple App Store
• Google Play Store
• Stripe (web payments)
All third parties are carefully vetted for security and HIPAA compliance.
8. YOUR RIGHTS
8.1 Access Rights
You can:
• View your information
• Export your data
• Request copies of your records
8.2 Correction Rights
You can:
• Update account information
• Correct client records
• Modify notes
8.3 Deletion Rights
You can:
• Delete specific records
• Request account deletion
• Remove recordings and notes
8.4 Consent Management
You can:
• Revoke consents
• Manage permissions
• Control data usage
9. DATA RETENTION
9.1 Active Accounts
• Client data: Retained while account is active
• Voice recordings: Retained based on your settings (configurable)
• Clinical notes: Retained while account is active
• Audit logs: 2 years
9.2 After Termination
• 30-day grace period for data export
• Complete deletion after 90 days
• Backup systems purged within 180 days
• Legal holds may extend retention as required by law
10. CHILDREN’S PRIVACY
TheraSnap is not intended for users under 18. We do not knowingly collect information from children under 13 for account purposes. Clinical information about minor clients is handled according to HIPAA requirements and applicable state laws regarding minors’ healthcare privacy.
11. BREACH NOTIFICATION
In the event of a data breach affecting PHI:
• We will notify affected users within 72 hours
• Provide details of affected information
• Offer remediation steps
• Comply with HIPAA breach notification rules
• Notify the Secretary of HHS if required
• Notify media if breach affects 500+ individuals in a jurisdiction
12. CALIFORNIA PRIVACY RIGHTS
California residents have additional rights under CCPA:
• Right to know what information we collect
• Right to delete personal information
• Right to opt-out of data sales (we don’t sell data)
• Right to non-discrimination for exercising privacy rights
13. INTERNATIONAL USERS
Data is processed and stored in the United States. By using TheraSnap, you consent to the transfer of your information to the US, which may have different data protection laws than your country of residence.
14. RECORDING DISCLOSURE
TheraSnap’s recording feature is designed for therapist voice memos recorded AFTER sessions end. If you choose to use TheraSnap to record actual therapy sessions with clients present:
• You are responsible for obtaining proper consent from clients
• You are responsible for complying with state recording laws
• You must inform clients their voice will be recorded and processed
• TheraSnap is not liable for unauthorized or illegal recordings
15. CHANGES TO PRIVACY POLICY
We may update this policy periodically:
• Material changes will be notified via email and in-app notification
• Continued use constitutes acceptance
• Previous versions available upon request
• You will be prompted to review significant changes
16. Browser Extension
The TheraSnap Session Helper Chrome extension allows therapists to securely populate session notes into billing software. The extension:
- Accesses session data only when explicitly requested by the user
- Does not collect browsing history or activity
- Stores settings locally using Chrome’s secure storage
- Logs access to PHI for HIPAA audit compliance
- Requires authentication with the same TheraSnap account
17. CONTACT US
For privacy questions or concerns:
Privacy Officer: info@therasnap.ai
Data Protection: info@therasnap.ai
HIPAA Compliance: info@therasnap.ai
General Support: support@therasnap.ai
Address: [Your Business Address]
Phone: [Your Phone Number]
═══════════════════════════════════════════════════════════════════
IMPORTANT NOTICE FOR USERS
TheraSnap is designed for mental health professionals to record voice memos and dictation AFTER therapy sessions conclude. Your voice recordings contain Protected Health Information (PHI) about your clients and are handled with the highest level of security and HIPAA compliance.
If you have questions about how your data is collected, used, or protected, please contact our Privacy Officer at info@therasnap.ai.