Privacy Policy
Last updated: May 30, 2025
1. Who we are
Controller
Therapy Space Inc. (“Clearly”, “we”, “us”)
8 The Green Street, Suite #13997, Dover, DE 19901, USA
Data Protection Officer
email: dpo@clearly.help
You can reach the DPO for any privacy matter.
2. What data we process, why, and on what legal basis
See table below:
* We never process health data without your explicit, separate consent.
3. AI Session Notes
1. How it works
- When you tap “Try now” before joining a video session, you give explicit consent for transcription.
- The encrypted audio stream is sent to Azure OpenAI Whisper running in EU data centres for speech‑to‑text.
- The text is summarised by an EU‑hosted instance of Azure OpenAI to create bullet‑point insights (“Session Notes”).
- Your therapist then reviews the draft and can edit or approve it before it becomes visible in both your profiles.
2. Human review & quality controls
We apply prompt testing, regression testing and continuous user‑feedback monitoring to catch mistakes.
3. Storage & deletion
- Raw video is never stored.
- Transcripts are retained for 30 days and then deleted automatically.
- Session Notes live in our encrypted EU data‑centre and stay until you delete them or 5 years after your last session, whichever comes first.
4. Opt‑out
Disable the feature any time under Profile privacy settings. Future sessions will not be transcribed; you can also delete existing transcripts and notes.
5. No model‑training use
Transcripts and summaries are not reused to train any model.
6. Automated decision‑making
AI Session Notes are informational only and do not make clinical or legal decisions about you.
4. Cookies
We set only essential cookies until you choose otherwise. View the full list and durations in our Cookie Policy. You can change preferences anytime through the banner or browser settings.
5. International transfers
All personal data are stored and processed within the European Economic Area (EEA). We do not transfer your personal data outside the EEA.
6. Security measures
We apply industry‑standard controls including TLS 1.3 in transit, AES‑256 encryption at rest, role‑based access, MFA for staff log‑ins, and tamper‑proof audit logs. Security is audited at least annually.
If a personal‑data breach occurs, the DPO (dpo@clearly.help) will notify the Agencia Española de Protección de Datos (AEPD) within 72 hours and affected users without undue delay.
7. Who receives your data
Therapists on Clearly – Processors acting under our Data‑Processing Addendum; access limited to sessions you book.
Azure Whisper & GPT (EU) – Sub‑processors for transcription & summarisation; SCCs applied.
Cloud hosting (EU) – Infrastructure provider; ISO 27001, encryption at rest.
Payment processor (Stripe Payments Europe Ltd.) – Handles card data; PCI‑DSS Level 1.
8. Your rights
You may access, correct, erase, restrict, object, withdraw consent, or export (port) your personal data at any time. Email dpo@clearly.help or use in‑app tools.
9. Children
Our services target users 14 years and older. We do not knowingly process data of children under 14 without verified parental consent.
10. Changes
Material changes will be announced by email and a banner 15 days before they take effect. Check “Last updated” at the top for the current version.
11. Contact
General privacy queries – dpo@clearly.help
DPO – dpo@clearly.helpPostal: Therapy Space Inc., 8 The Green St., Suite #13997, Dover, DE 19901, USA
