Privacy Policy
Last updated: April 23, 2026
The short version: TherapyDraft runs entirely on your Mac. We never receive your session audio, transcripts, or draft notes — they are architecturally prevented from leaving your device. The only information we ever see is what you give us directly (your email, your Stripe payment), plus anonymous app-version update checks.
This policy explains what TherapyDraft collects, what we deliberately do not collect, and the compliance model the product is built around. It applies to therapydraft.com and the TherapyDraft macOS application.
1. What we do NOT collect
The core design principle of TherapyDraft is that we are not a covered entity and we are not a business associate under the US Health Insurance Portability and Accountability Act (HIPAA), because we do not have, receive, create, or maintain Protected Health Information (PHI) on behalf of any clinician. Specifically, TherapyDraft never receives, stores, processes, or transmits:
- Session audio — recordings are saved directly to your Mac's Application Support folder.
- Session transcripts — produced by whisper.cpp on your local CPU and GPU.
- Draft note text — generated by a 4-bit quantized language model running on your Mac's Apple Silicon.
- Client names, initials, identifiers, diagnoses, or any free-text clinical content.
This boundary is enforced by macOS network sandbox entitlements on the TherapyDraft application. The app is code-signed and notarized by Apple, and any change to its network entitlements would invalidate the signature. You can inspect the entitlements at any time with codesign -d --entitlements - /Applications/TherapyDraft.app.
2. What we DO collect
We collect only what is necessary to deliver the service you signed up for:
- Email address — when you join the waitlist, activate a license, or email us for support.
- Payment information — processed entirely by Stripe for paid subscriptions. We never store your card number; we only keep a Stripe customer ID, subscription status, and the last four digits of the card.
- License activation metadata — at the moment you activate a license, the app sends us your license key, the anonymous device identifier generated at install, and the app version. We use this to enforce seat count and to honor refunds.
- Anonymous update checks — the app periodically asks our server "is there a newer version?" The request contains only the current app version and a random anonymous session token. It does not include any identifying information.
- Website traffic — Caddy access logs (IP address, user agent, path requested, status code) are kept for 30 days for debugging and abuse prevention.
- Support emails — whatever you send us, kept for as long as your account is open plus 12 months for audit.
3. Why we collect it
- To provide the service you signed up for (license activation, billing).
- To tell you about product updates (you can opt out at any time by replying "unsubscribe" or using the waitlist unsubscribe link).
- To prevent abuse, fraud, and seat-sharing outside your paid plan.
- To comply with legal obligations (tax records, chargeback disputes, subpoenas).
4. Who we share data with
We share the minimum necessary information with these processors:
- Stripe, Inc. — payment processing. Your card details go directly to Stripe and never touch our servers. See stripe.com/privacy.
- Spaceship, Inc. — domain registration (our operational vendor, no user data passed).
- Apple Inc. — code signing, notarization, and crash-report upload if you opt into macOS Console sharing. We do not receive crash reports with identifiable content.
We do not share data with advertisers, data brokers, or AI-model training partners. We do not sell your data. Ever.
5. Cookies
The TherapyDraft website uses a single first-party session cookie for form CSRF protection. No third-party tracking cookies, no analytics cookies, no fingerprinting. The TherapyDraft macOS app does not use cookies because it does not open a browser session.
6. Your rights
Depending on where you live (US state privacy laws, GDPR if you travel, PIPEDA in Canada), you may have the right to:
- Access — request a copy of every piece of information we hold about you.
- Correction — ask us to fix anything incorrect.
- Deletion — ask us to delete your account, email, and associated billing records. We comply within 30 days unless legally required to retain (e.g. tax records, which we keep for the statutory period).
- Portability — receive your data in a machine-readable format (JSON).
- Objection — opt out of any processing based on legitimate interest.
Email privacy@therapydraft.com to exercise any of these rights. We reply within two business days.
7. Data retention
- Waitlist entries: retained until you unsubscribe or for 24 months of inactivity, whichever comes first.
- Account and billing data: retained for as long as your subscription is active plus 7 years for tax compliance.
- Website access logs: 30 days.
- Support email threads: active account + 12 months.
8. Security
Website traffic is encrypted in transit (HTTPS, TLS 1.3). Our server is a dedicated VPS, fully patched, with SSH limited to key-based authentication. Administrative access is limited to the maintainer. If a breach ever affects you, we notify you within 72 hours with the details of what was exposed and what you should do about it.
9. Data location
Your session data never moves, because it never leaves your Mac. The small amount of account data we do hold (email, Stripe customer ID, license metadata) is stored on our US-based VPS. Stripe operates globally; see their privacy policy for details.
10. Children
TherapyDraft is sold to licensed mental-health clinicians. We do not knowingly collect information from anyone under 16. If you believe a minor has submitted data to us, email privacy@therapydraft.com and we will delete it.
11. Your HIPAA obligations (the honest part)
If you are a US-licensed clinician using TherapyDraft in clinical practice, you remain the covered entity under HIPAA. TherapyDraft is a software tool that runs on your device, the same way Microsoft Word or a paper chart runs on your device. You are responsible for:
- Securing your Mac (FileVault full-disk encryption, strong passcode, automatic screen lock).
- Backing up the inference log and any exported notes to a HIPAA-appropriate destination (your practice's encrypted backup, not iCloud Drive unless you have a signed BAA with Apple covering your Apple Business Account).
- Obtaining whatever client consent your state and licensing board require for AI-assisted documentation. We recommend explicit written consent referencing the on-device architecture — sample language is in the app's Onboarding → Consent screen.
We do not claim HIPAA compliance for TherapyDraft itself, because the covered-entity obligation is yours. We design the app so that meeting that obligation is easier than with any cloud scribe.
12. Changes
We'll update this page if material things change. Registered users receive an email at least 14 days before any change that expands what we collect or how we share it.
13. Contact
Privacy questions: privacy@therapydraft.com. Security issues: security@therapydraft.com. General: hello@therapydraft.com.