Theramate Theramate
Back to home
§Index

Privacy Policy

Theramate is designed by and for mental health professionals. Privacy is not a feature.it's the foundation of our platform.

Last updated: March 2026
§ 01

Data Collected

  • Account data Email, name, billing information
  • Clinical data Session notes, reports, patient questionnaires
  • Technical data Login logs, device used (for support)
§ 02

Encryption

Core guarantee

All clinical data is encrypted with AES-256 before storage. Encryption keys are managed server-side in a secure environment.

§ 03

Hosting

Core guarantee

Your data is hosted exclusively on Google Cloud infrastructure in the European Union (Belgium), which is HDS certified (Health Data Host).

§ 04

Artificial Intelligence

  • No training Your data is never used to train or improve AI models
  • Secure APIs AI processing goes through GDPR/HDS certified APIs, with no data storage or logging
  • Volatile memory All analyses are performed in volatile memory.nothing is retained on the AI side
  • Transparency You always know when AI is used and why
§ 05

Your Rights (GDPR)

  • Access View all your data at any time
  • Rectification Correct your personal information
  • Portability Export your data in standard format (Word, PDF)
  • Deletion Request complete and irreversible deletion of your data
§ 06

Retention

Your data is retained for the duration of your subscription. Upon cancellation, you have 1 year to export your data before permanent deletion.

§ 07

Data Sharing

We never sell your data. We do not share it with any third party, except under legal obligation (judicial requisition). Your data remains yours.

§ 08

Google Calendar Integration

Core guarantee
  • Data Accessed Theramate accesses your Google Calendar events (title, time, location) and your Google email address for account verification. No other Google data is accessed.
  • Data Usage Google Calendar data is used exclusively to synchronize your appointments between Theramate and Google Calendar. Events are synchronized bidirectionally over a 90-day window. No clinical data (session notes, diagnoses, patient history) is ever sent to Google Calendar.
  • Data Sharing Your Google data is not shared with any third party. It remains strictly between Theramate and your Google account. Theramate does not use Google data for advertising purposes.
  • Data Storage & Protection Google authentication tokens are encrypted with AES-256 and stored exclusively server-side in a secure environment. No tokens are ever stored on your device. Synchronized appointment titles are configurable (generic, initials, or first name only) to protect your patients' privacy.
  • Data Retention & Deletion You can disconnect Google Calendar at any time from Theramate settings. Disconnection immediately revokes access, deletes all encrypted tokens from our servers, and stops all synchronization. Events already in your Google Calendar are not deleted.
§ 09

Google API Services Compliance

Theramate's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Theramate only uses Google data to provide the calendar synchronization functionality. The data is not used for advertising, is not sold to third parties, and is not used to train artificial intelligence models.

§DPO Contact

For any questions regarding your personal data:

privacy@theramate.pro

Playfields SPRL.Brussels, Belgium

· § · See also our Terms of Service