Privacy Policy for Therapy Scribe

Last Updated: 10th April 2025

1. Introduction

LEFT EQUALS RIGHT PTY. LTD. ("Therapy Scribe","we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services. Please read this policy carefully to understand our views and practices regarding your personal data.

This Privacy Policy takes into account:
  • The requirements of the Privacy Act 1988 (Cth) for Australian users
  • The General Data Protection Regulation 2016/679 (GDPR) for users in the European Union and European Economic Area
  • The UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018 (DPA 2018) for users in the United Kingdom
  • The Personal Information Protection and Electronic Documents Act (PIPEDA) for users in Canada.

Therapy Scribe acts as a data processor for personal and health information processed on behalf of healthcare professionals, who are the data controllers. In limited cases (such as user authentication or billing data), Therapy Scribe may act as a data controller.

Your rights under these regulations include access to your personal data, correction of inaccurate data, and data portability. To exercise any of these rights, please contact us at hello@therapyscribe.app.

Definitions

  • “Personal Data” means any information relating to an identified or identifiable individual.
  • “Processing” means any operation performed on personal data, including collection, use, storage, or disclosure.
  • “Data Controller” means the entity that determines the purposes and means of processing personal data.
  • “Data Processor” means the entity that processes personal data on behalf of the data controller.

2. Information We Collect

We may collect the following personal and non-personal information from you when you use our services:

Clinician Data (Personal Data)

  • Name, email address, and authentication data
  • Usage data, including interactions with the platform
  • Preferences and communication settings
  • Credit balance and audio usage activity

Patient Data (Sensitive Personal Data), as part of your use of Therapy Scribe, you may input or upload personal health information (PHI) relating to your patients, including:

  • Patient names or initials
  • Session dates and durations
  • Clinical information
  • Other identifiable health-related information as part of session notes

You, as the healthcare professional, are responsible for ensuring appropriate consent has been obtained before inputting any patient information into our platform.

Non-Personal Data

Cookies and Similar Technologies:

  • Essential cookies for authentication and security
  • Analytics cookies for understanding user behavior
  • Functional cookies for remembering your preferences
  • Performance cookies to improve our service
We only set non-essential cookies (analytics, functional, and performance) after obtaining your explicit consent through our cookie banner.

Sensitive Data (Special Category under GDPR):

  • Clinical or health-related information included in session documentation, as provided by healthcare professionals
  • Information relating to patient identity or treatment context, where applicable

3. Purpose of Data Collection

We collect your data for the following purposes:

  • Process orders and manage payment transactions.
  • Provide you with drafted clinical documentation, reports, referrals, and emails from therapy sessions.
  • Provide and improve our AI-assisted clinical documentation.
  • Personalize your experience
  • Communicate with you about our services
  • Comply with legal obligations
  • Improve our website and products

Manage and track usage of credit-based payments for audio recordings

Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:

  • Consent: For the use of non-essential cookies and processing certain user-submitted data.
  • Contractual Necessity: To fulfill our obligations to you under our Terms of Use.
  • Legal Obligation: To comply with applicable laws and regulations.
  • Legitimate Interests: To understand how our services are used and improve them, provided such interests are not overridden by your data protection rights.

4. Data Sharing and Third Parties

We do not sell your personal information. We may share your data with:

  • Service providers who assist in our operations (e.g., cloud storage providers)
  • Legal authorities when required by law, such as in response to a court order or other legal process.

Examples of these service providers include:

  • Authentication providers (e.g., for secure login and session management)
  • Cloud infrastructure and storage providers
  • Speech-to-text and AI processing platforms for drafting clinical documentation
  • Analytics providers to understand usage and improve our services
  • Monitoring and debugging tools to maintain app stability and security

All third parties are contractually bound to maintain the confidentiality and security of your information only for the purposes we specify.

5. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers.

Audio data may be temporarily processed by our transcription service providers in the United States before being deleted. All transfers are performed using secure protocols and in accordance with applicable data protection regulations, including Standard Contractual Clauses (SCCs) where required.

We implement the following safeguards to ensure your data remains protected:

  • Contracts with third parties that include Standard Contractual Clauses (SCCs) approved by the European Commission
  • Security and privacy due diligence on all vendors
  • Use of reputable service providers that comply with GDPR and other applicable privacy frameworks

6. Your Rights and Choices

You have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request restriction of data processing in certain circumstances
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to certain types of processing, such as direct marketing
  • Withdraw Consent: Withdraw your consent at any time, where processing is based on consent

7. Data Protection

Voice Recordings and Audio Data

Voice session recordings are processed solely for the purpose of generating clinical notes. Audio data may be handled temporarily via secure, encrypted transmission but is not stored or retained beyond immediate processing. These files are processed in real-time and are immediately deleted after processing is complete. No voice recordings are stored on our servers or infrastructure at any point.

Commitment to Privacy

Your privacy is our utmost priority. We handle all data with care and in strict compliance with applicable laws and regulations. We are committed to maintaining the confidentiality and security of all information processed through our service.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. To determine the appropriate retention period, we consider:

  • The amount, nature, and sensitivity of the personal data
  • The potential risk of harm from unauthorized use or disclosure
  • The purposes for which we process the data
  • Whether we can achieve those purposes through other means
  • Applicable legal, regulatory, tax, accounting, or other requirements

Session-related content, including drafted documentation, transcriptions, referrals, reports, and emails, is automatically deleted 30 days after creation. This helps minimize data exposure and maintain compliance with data minimization principles.

9. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication measures

In some circumstances, we may anonymize your personal data so that it can no longer be associated with you, in which case we may use this information indefinitely without further notice to you.

We detail more on our security measures in at Privacy & security

10. Children's Privacy

Therapy Scribe is not directed to or intended for individuals under 18. Healthcare professionals using our service act as data controllers for any minor patient data they input. It is their responsibility to ensure proper consent has been obtained in compliance with applicable laws and regulations.

  • For patients under 13:
    • We do not knowingly collect personal information directly from children under 13.
    • Any information about patients under 13 should be provided by the healthcare professional with appropriate parental or guardian consent, as required by applicable laws and professional standards.
  • For patients between 13 and 18:
    • Information about these patients may be processed as part of the healthcare professional's use of our service.
    • Healthcare professionals are responsible for obtaining any necessary consents and complying with all applicable laws and regulations regarding the processing of minors' data.

If you believe we have inadvertently collected personal information from a child without appropriate consent, please contact us immediately at hello@therapyscribe.app, and we will take steps to delete such information promptly.

11. Regional Privacy Disclosures

PHIPA Compliance (Ontario, Canada):

If you are a Health Information Custodian (HIC) as defined under Ontario's Personal Health Information Protection Act, 2004 (“PHIPA”), you acknowledge and agree that by using Therapy Scribe to process or store personal health information (“PHI”) on your behalf, Therapy Scribe is acting as your agent under PHIPA.

You further agree to the terms of our PHIPA Agent Agreement, which governs our obligations as your agent in accordance with PHIPA.

It is your responsibility to ensure you have obtained all necessary consents from individuals whose PHI is collected or processed using our services. Therapy Scribe provides tools to help support compliance, but the ultimate responsibility for consent and lawful use lies with you as the Custodian.

12. Updates to the Privacy Policy

We reserve the right to update this Privacy Policy at any time. Any updates will be posted online with an effective date. Continued use of our services after the effective date of any changes constitutes acceptance of those changes.

Complaints

If you have concerns about how we handle your personal data, please contact us first at hello@therapyscribe.app. We take all privacy concerns seriously and will address them promptly and confidentially. If you're not satisfied with our response, you may lodge a complaint with your local data protection authority:

  • Australia: Office of the Australian Information Commissioner (OAIC) – www.oaic.gov.au
  • European Union: Your local Data Protection Authority
  • United Kingdom: Information Commissioner's Office (ICO)
  • Canada: Office of the Privacy Commissioner of Canada (OPC)

Contact Information

If you have any questions, concerns, or requests related to this Privacy Policy, you can contact us at:

Email: hello@therapyscribe.app

For all other inquiries, please visit our FAQs page on the Website (https://www.therapyscribe.app).

By using Therapy Scribe, you consent to the terms of this Privacy Policy.

Thank you for using Therapy Scribe.

We use cookies

We use cookies to analyze how you use our site, personalize content, and improve your experience. With your consent, we collect information about your usage patterns and, if you're logged in, associate this with your account. We never collect or track patient information.

By clicking "Accept", you agree to our use of cookies.
Learn more about our privacy practices.