TheraTrack

Privacy Policy

Effective Date: 30 April 2025

1. Who We Are

TechBartender ("TheraTrack," "we," "our," "us") provides practice-management software for mental-health professionals.

2. Information We Collect

  • Personal Data: name, email address, phone.
  • Client Data: session notes, diagnoses, uploaded files.
  • Usage Data: IP address, device/browser info, log timestamps.
  • Google Workspace Data: calendar event IDs, start/end times, attendee email addresses (optional).

3. How We Use Your Data

  • Deliver core features (scheduling, reminders, invoicing).
  • Provide customer support and troubleshoot issues.
  • Maintain legal/ethical compliance (HIPAA, GDPR, Indian DPDP).
  • Aggregate, anonymize, and analyse usage trends to improve TheraTrack.

4. Data Sharing & Disclosure

We share data only with contracted processors essential to run TheraTrack (see list above). They must implement industry-standard security and may not retain or use data for their own purposes. We never sell or rent data to third-party marketers.

Data Sharing & Disclosure

We share user data only with the following processors, solely to deliver TheraTrack services:

  • Infrastructure & Hosting – Supabase (EU / US), Cloudflare (Global).
  • Authentication & Directory – Google OAuth (Workspace scopes).
  • Payments – Razorpay Route (IN), Stripe (US) (if/when enabled).
  • Email & Messaging – Resend (US) for email; WhatsApp Cloud API (Meta, Global) for transactional messages.
  • Analytics / Logging – Plausible (EU) for anonymous usage metrics; Sentry (US) for error tracking.

Each processor is bound by contract to process data only on our documented instructions and to follow the Google API Services User Data Policy's "Limited Use" rules. We do not disclose data to advertisers or other third parties.

5. Google Workspace API Data

  • Access limited to scopes you authorise.
  • Stored fields: calendar ID, event ID, times, descriptive title.
  • No use for AI/ML model training or improvement.
  • Delete within 30 days after disconnection or account closure.

Google Workspace API Data

TheraTrack requests access to your Google account only for the scopes you approve (currently: openid, email, profile, and Calendar read/write for appointment scheduling).

  • We store only calendar event IDs and metadata necessary to manage appointments.
  • We do not use Google Workspace data to develop, improve, or train generalized AI or ML models.
  • We delete calendar data within 30 days of you removing the integration or closing your account.
  • You may revoke access at any time in your Google Account → Security → Third-party access.

6. Data Security

Data in transit and at rest is encrypted (TLS 1.3 / AES-256). Role-based access controls, MFA for staff, routine penetration testing. No system is 100% secure.

7. Data Retention

Retained while your account is active or as required by law (India: 8 years for medical records; EU/US as applicable). You may request deletion at any time.

8. Your Rights

Access, correct, export, delete. Clients should contact their therapist directly; we act as processor, not controller, for client data.

9. International Transfers

Data may be processed in India, the EU, or the US. We rely on Standard Contractual Clauses or equivalent safeguards.

10. Changes to This Policy

We'll post updates here and email you if changes are material (e.g., new scopes or processors) at least 30 days before they take effect.

11. Contact Us

[email protected]