Privacy Policy

1. Informed Consent for Data Collection & Usage

  • Clients must explicitly agree to the collection and storage of their personal profile information and therapy notes.
  • Clear descriptions should be provided on why each type of data is collected and how it will be used.
  • Include consent checkboxes during account creation and profile setup for:
    • Personal account data (name, email, etc.)
    • Therapy session notes storage and access

2. Consent for Data Sharing & Third-Party Access

  • Clients should be informed if their data will be shared with:
    • Their therapist (explicit permission for therapists to access and store notes)
    • Any third-party services (e.g., analytics, payment processors, external health apps)
  • Clients must be able to grant or withdraw consent for sharing their data at any time.

3. Right to Withdraw Consent

  • Clients should be able to delete their account or request data deletion at any time.
  • The system should provide a simple way to withdraw consent for specific data (e.g., personal notes, account profile).
  • Consider a cooling-off period where a client can change their mind before full deletion.

4. Consent for Data Retention Periods

  • Define how long TTAMS will retain therapy notes and personal data.
  • Allow clients to choose:
    • Permanent storage (until they request deletion)
    • Automatic deletion after a specified period (e.g., 6 months, 1 year)
    • Manual deletion (clients can delete therapy notes whenever they want)

5. Consent for Communication Preferences

  • Allow clients to opt in/out of:
    • Session reminders
    • Marketing emails (if applicable)
    • Follow-up communications from therapists
  • Provide a settings page where clients can update their preferences.

6. Parental or Guardian Consent (if applicable)

  • If minors are allowed on TTAMS, include an age verification system.
  • Require guardian consent for account creation and therapy data retention.

7. Audit Trail & Record-Keeping of Consents

  • Store timestamps and logs of when clients give or withdraw consent.
  • Ensure that any changes to consent preferences are recorded.

8. Legal Compliance (GDPR, HIPAA, etc.)

  • If operating in the EU, ensure compliance with GDPR (users should be able to download or delete their data).
  • If dealing with health-related data in the US, ensure HIPAA compliance (secure storage, data encryption, limited access).
  • Provide a privacy policy that outlines all data management practices.