Last updated: 11/30/2025
Your privacy is our priority. Learn how we protect your data and practice information with industry-leading standards.
Built with privacy-first principles for healthcare professionals
CouchLoop is designed to comply with industry standards for mental health data protection, including GDPR and CCPA. Your therapy practice data and client information are protected with the highest security standards.
To provide our therapy practice management services
Email address, name, and professional credentials for therapist accounts
Names, contact information, and session notes as entered by therapists
Appointment schedules, session notes, homework assignments, and treatment plans
Payment details processed securely through Stripe (we do not store full credit card numbers)
Login times, IP addresses, and feature usage for security monitoring
We will NEVER:
Sell your data to third parties
Use client information for marketing or advertising
Share Protected Health Information (PHI) without explicit consent
Train AI models on your therapy notes or client conversations
Allow unauthorized access to your practice data
Use your data for purposes other than providing our services
Industry-leading security measures at every layer
All data encrypted in transit (TLS/SSL) and at rest with industry-standard algorithms
Multi-level access controls ensure users only see their authorized data
Secure password hashing and session management with automatic timeout protection
Comprehensive audit trails track all access to sensitive data for compliance
Clear roles and comprehensive rights for all users
Practice Administrators have full access to their organization's data, user management, and billing settings
Therapists can only access their assigned clients, sessions, and notes—never another therapist's data
Clients can view only their own session notes, homework assignments, and treatment progress
CouchLoop Staff have no routine access; emergency access only with full audit trail logging
Access all your data anytime and export in machine-readable formats for portability
Request correction of inaccurate data or complete account deletion at any time
How long we keep your information
Data retained for the duration of your subscription
Data deleted within 90 days unless legal retention required
Some records may be retained for 7+ years per healthcare regulations
Retained for security and compliance purposes
Trusted partners that help us deliver CouchLoop
Secure database hosting with encryption and access controls
Application hosting and content delivery
Payment processing (PCI-DSS compliant)
AI-powered features (data not stored by OpenAI)
All third-party services are bound by strict Business Associate Agreements (BAAs) and data processing agreements
CouchLoop is designed to comply with major privacy regulations including GDPR, CCPA, and industry standards for mental health data protection.
We may disclose information only if required by law, court order, or to prevent imminent harm. We will notify affected users whenever legally permitted.
In the unlikely event of a data breach, we will notify affected users within 72 hours via email.
If you have any questions about this privacy policy or how your data is handled, please contact our privacy team:
privacy@couchloop.comMaterial changes will be communicated via email at least 30 days before taking effect.