Privacy Policy

Last updated: May 2025

1. Overview

TherapyFlow is a practice management platform for independent therapists. This policy explains how we collect, use, and protect information about therapists and their clients.

2. SMS Messaging — How It Works

TherapyFlow uses SMS (text messaging) to send appointment reminders, booking confirmations, and cancellation notices to therapy clients on behalf of their therapist.

Opt-in process: A client provides their mobile phone number to their therapist during the intake process. The therapist enters the number into TherapyFlow and confirms that the client has verbally consented to receive SMS messages from the practice. No number is added to the system without that therapist-confirmed consent.

Types of messages sent:
  • Appointment reminders (48 hours and 2 hours before a session)
  • Booking confirmations
  • Cancellation notices
  • Payment balance reminders
  • Responses to client-initiated SMS commands (e.g., BOOK, CANCEL, BALANCE)

Message frequency: Clients typically receive 1–3 messages per scheduled appointment.

Opt-out: Clients can opt out of SMS messages at any time by replying STOP to any message. After opting out, no further messages will be sent. Clients can re-enable messages by replying START.

Help: Clients can reply HELP for assistance or contact their therapist directly.

Message and data rates may apply. Standard carrier rates apply to all SMS messages sent and received.

3. Information We Collect

For therapists (account holders):
  • Name, email address, phone number
  • Practice name and timezone
  • Session and availability settings

For clients (entered by the therapist):
  • Name and mobile phone number
  • Email address (optional)
  • Session history and payment records
  • Clinical notes entered by the therapist

4. How We Use Information

We use the information collected to:
  • Send SMS appointment reminders and confirmations to clients
  • Process session bookings and cancellations
  • Track payment balances
  • Authenticate therapist accounts
We do not sell, rent, or share client or therapist data with third parties for marketing purposes.

5. Data Storage and Security

All data is stored in a secure, encrypted database. Passwords are hashed and never stored in plain text. API access is protected by signed JWT tokens. Each therapist account is fully isolated — therapists can only access their own clients and data.

6. Third-Party Services

TherapyFlow uses the following third-party services:
  • Twilio — for sending and receiving SMS messages
  • Stripe — for processing payments
  • Supabase / PostgreSQL — for data storage
Each service has its own privacy policy and security practices.

7. Your Rights

Clients who wish to have their data removed from the system should contact their therapist directly. Therapists can delete client records at any time from the dashboard.

8. Contact

If you have any questions about this privacy policy or how your data is used, please contact us at: support@therapyflow.app