Privacy Policy

Updated: 29th June 2025

Introduction

Therasee Limited ("Therasee", "we", "us", "our") is committed to protecting and respecting your privacy. This policy outlines our practices regarding the collection, use, and sharing of information about you through the use of our services. By using our platform, you agree to the collection and use of information in accordance with this policy.

Definitions

Personal Data: Any information relating to an identified or identifiable individual who can be directly or indirectly identified from that data. This may include, but is not limited to, names, email addresses, phone numbers, and location details.

Usage Data: Information collected automatically through the use of our Service, which may include details such as your device's Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that you visit, the time spent on those pages, unique device identifiers, and other diagnostic data.

Cookies: Small files stored on your device (computer or mobile device) that help us to improve our Service and your experience.

We, Us, Our or Company means Therasee Ltd.

You or Your means you, your organisation.

Software, Services, or Therasee means the software and associated services provided and developed by the Company which may be supplied to you.

Information Collection and Use

We collect several types of information for various purposes to provide and improve our service to you.


Types of Data Collected
  • Personal Data: While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. This may include, but is not limited to:
    • Name
    • Email address
    • Phone number
    • Address
  • Usage Data: We may also collect information on how the Service is accessed and used. This Usage Data may include details such as your computer's Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.

Third-Party Services

To enhance the functionality, security and performance of our platform, Therasee partners with trusted third-party providers. Each is carefully selected based on their privacy standards, security credentials, and compliance with UK and EU GDPR.

We only share data with trusted third-party providers where it is essential to deliver platform features- such as payments, video sessions or transcription. All data sharing is governed by strict contractual agreements and processed in full compliance with UK and EU GDPR.
Where applicable, we also align with internationally recognised data protection frameworks and healthcare privacy standards to ensure the highest level of security and confidentiality for all users, wherever they are based.

  • Amazon Web Services (AWS): Therasee’s application infrastructure runs on Amazon Web Services (AWS), with all services hosted in data centres located in London, United Kingdom. These secure facilities provide the backbone for our platform, delivering high availability, resilience, and enterprise-grade cloud security. All data is processed within the UK and never transferred outside the jurisdiction, ensuring full compliance with UK and EU GDPR. AWS is certified under ISO 27001, SOC 2 and other leading security standards, helping us maintain the highest levels of protection for your information.
  • Intercom: We use Intercom to support customer communication, including live chat and helpdesk functionality. Intercom processes data such as your name, email address and chat history solely to assist with support requests. All interactions are encrypted and handled in accordance with UK and EU GDPR.
  • MongoDB Atlas: We use MongoDB Atlas as our primary database service, with all data securely stored on UK-based servers. This includes personal, clinical, and operational data, all of which is encrypted both in transit and at rest using industry-standard encryption protocols.Access to the database is tightly controlled with role-based permissions, audit logging, and multi-factor authentication in place to protect against unauthorised access. MongoDB Atlas complies fully with UK and EU GDPR, and the platform holds certifications including ISO 27001 and SOC 2. By storing data within a secure UK jurisdiction, we ensure compliance with some of the most stringent data protection laws globally - while continuing to serve and support users wherever they are based.
  • Jitsi as a Service (JaaS): We use Jitsi to deliver secure, real-time video sessions for telehealth. All audio, video and shared content are encrypted in transit using secure protocols. Sessions are not recorded and no identifiable content is stored. However, we may retain limited, anonymised technical data (such as call quality metrics) strictly for performance monitoring and service improvement. Jitsi acts solely as a real-time communication tool and does not have access to session content. This service operates in full compliance with both UK and EU GDPR, supporting safe, confidential therapeutic interactions.
  • Google Analytics: To improve our website and better understand user behaviour, we use Google Analytics in anonymised mode. This means no personally identifiable information is tracked or stored. We collect high-level metrics such as device type, browser version, and general location, all in compliance with privacy regulations.
  • Stripe: Stripe securely manages all financial transactions, including card and bank payments. All payment data is transmitted over encrypted channels, and Therasee never stores full card details. Stripe is fully PCI-DSS compliant and handles all information in accordance with both UK and EU GDPR. This ensures that your financial and personal data is protected under the highest international standards for data privacy and security.
  • Microsoft Azure: Our Speech-to-Text feature - used, for example, during live session note-taking is delivered via Microsoft Azure’s secure cloud infrastructure, hosted on UK-based servers. This service uses advanced AI technology and machine learning models to convert spoken words into accurate, real-time text. Audio data is streamed securely, processed only in memory, and never stored or recorded. We enforce a strict no logging policy with Microsoft, meaning no audio content, transcribed text, or metadata is retained during or after processing. Once transcription is complete, the text is transmitted back to Therasee over encrypted channels and stored securely within our own UK-based infrastructure. Microsoft acts solely as a sub-processor on our behalf and handles data exclusively for the purpose of delivering the transcription. No data is used to train or improve any AI models, and nothing is retained in Microsoft’s systems beyond the live processing window. We treat spoken input with the same strict confidentiality as typed data. The entire process is conducted in full compliance with UK and EU GDPR, ensuring your privacy and data rights are protected at every step.
  • Google Calendar: We offer optional integration with Google Calendar to help practitioners synchronise appointments and events between Therasee and their Google Calendar accounts. With your explicit permission, the integration can read calendar details such as event title, start and end times, description and location, and write session details including title, time, attendees and recurrence rules back to your calendar.This sync is encrypted, permission-based, and can be enabled or disabled at any time. Google acts as a sub-processor during this integration and processes data in line with both UK and EU GDPR. No calendar data is accessed without your authorisation, and you remain in full control of what is shared.

We only share data with trusted third-party providers where it is essential to deliver core features—such as secure payments, live video sessions, or real-time transcription. All third-party processing is governed by strict contractual agreements and conducted in full compliance with UK and EU GDPR. Where applicable, we also align with internationally recognised data protection frameworks and healthcare privacy standards to ensure the highest level of security and confidentiality for all users, regardless of location.

How We Use Your Data

Therasee Ltd uses the collected data for various purposes:

  • To provide and maintain our service
  • To notify you about changes to our service
  • To allow you to participate in interactive features of our service when you choose to do so
  • To provide customer support
  • To gather analysis or valuable information so that we can improve the service
  • To monitor the usage of the service
  • To detect, prevent, and address technical issues
Transfer of Data

Your information, including Personal Data, may be transferred to and maintained on computers located outside of your location, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. However, if you are located in the European Economic Area (EEA) or the UK, your data will be processed by us in the UK. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

Disclosure of Data

Legal Requirements: Therasee Ltd may disclose your Personal Data in the good faith belief that such action is necessary to:

  • Comply with a legal obligation
  • Protect and defend the rights or property of Therasee Ltd
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of users of the Service or the public
  • Protect against legal liability
Security of Data

We understand the significance of protecting your personal information, especially within the digital landscape where no system can be impenetrable. However, we are committed to implementing robust security measures designed to protect your personal data against unauthorised access, use, or disclosure. Our strategies include state-of-the-art encryption technologies and the deployment of our services within highly secure UK-based data centres. While absolute security cannot be guaranteed, we continuously refine our security practices to ensure they meet high standards in accordance with GDPR and HIPAA guidelines, reinforcing our commitment to data protection.

International Transfer of Data

Your personal information may be stored or processed on computers situated outside your local region, including places where data protection laws might vary from those of your jurisdiction. At Therasee, we are committed to ensuring the secure and lawful handling of your data regardless of where it is processed. We adhere strictly to this privacy policy and comply with applicable data protection regulations, including GDPR, for all data transferred outside the UK or the EEA, ensuring your personal information is treated with the highest standards of security and confidentiality.

Data Retention

We retain your personal data only as long as necessary to fulfill the specific purposes outlined in this Privacy Policy. Your data will be maintained to the extent required to comply with our legal obligations (such as those mandated by applicable laws), resolve disputes, and enforce our legal agreements and policies. This ensures that we handle your personal information responsibly and in accordance with legal and regulatory requirements.

Password and Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. You are responsible for keeping your password confidential and for notifying us if you believe your password or account has been compromised.

Links to Other Websites

Our Service may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Your Data Protection Rights

Under data protection laws, you have rights including:

  • Right of access - You have the right to request copies of your personal data from us.
  • Right to rectification - You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • Right to erasure - You have the right to request that we erase your personal data, under certain conditions.
  • Right to restrict processing - You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • Right to object to processing - You have the right to object to our processing of your personal data, under certain conditions.
  • Right to data portability - You have the right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.
Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will also let you know via email and/or a prominent notice on our website prior to the change becoming effective. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

For questions or concerns about our privacy policy or the use of your personal information, please contact us at privacy@therasee.com or at our address:

Therasee Limited
71-75 Shelton Street,
Covent Garden,
London,
WC2H 9JQ
United Kingdom

Therasee is registered with the ICO under ref: ZB610705