TherapyCoach

About Features Evidence Sign In Launch

Privacy Policy

Last updated: May 2026

What TherapyCoach is

TherapyCoach is a clinical skills training simulator. All client characters are fictional. No real client data is used, collected, or stored at any point. You should never enter real client information, identifiable personal data, or content relating to actual clinical cases into the application.

What we collect

When you use TherapyCoach, we collect the following data linked to your account:

Account information: your email address and encrypted password, used for authentication.

Session data: your modality, clinical field, engagement type, cultural context, and skill level selections for each practice session.

Conversation transcripts: the full text of your practice conversations with simulated clients, including coaching feedback received during sessions. These are stored so you can review past sessions and track your development over time.

Progress and learning data: session completion counts, competency ratings from assessment mode, learning pathway progress, drill attempts, and lesson completion records.

Subscription and billing data: if you hold a paid subscription, we store your subscription status and billing period. Payment processing is handled by Stripe — we do not store your credit card details.

Usage data: token usage associated with AI processing of your sessions, used for service management and cost monitoring.

AI model and how conversations are processed

TherapyCoach uses OpenAI's GPT-4o model to generate simulated client responses and coaching feedback. Your practice conversations are sent to OpenAI's API for processing. Under OpenAI's API data usage policy, conversations sent via the API are not used to train OpenAI's models.

We do not use your conversation content to train our own AI models. The AI generates responses in real time based on the clinical frameworks and coaching logic built into the platform. For more detail on how we use AI responsibly and the regulatory frameworks that inform our approach, see our AI & Compliance page.

AI safety and guardrails

TherapyCoach includes safety measures designed to maintain appropriate boundaries for a training tool. These include: crisis language detection that provides immediate safety messaging and helpline information if distress-related content is identified; content filtering to keep conversations within the bounds of clinical training; clear disclaimers that all interactions are simulated and do not constitute clinical advice; and rate limiting to prevent misuse. These guardrails are built into the application layer and operate independently of the AI model's own safety systems.

Authentication and data storage

TherapyCoach uses email and password authentication powered by Supabase. Your account credentials are stored securely using industry-standard encryption. We do not use social login providers or access any third-party accounts on your behalf. All user data — including session transcripts, progress records, and account information — is stored in a Supabase-hosted PostgreSQL database with row-level security, meaning each user can only access their own data.

How we use engagement data to improve the product

We use aggregated, de-identified engagement data to understand how the platform is being used and to improve the product. This includes patterns such as which modalities and clinical fields are most used, average session lengths, feature adoption rates, and where users encounter difficulties. This data is used internally only — we do not share it with any third party, and it cannot be used to identify individual users.

Cookies and local storage

We use essential cookies to maintain your login session and local storage to save your preferences (such as skill level, preferred modality, and theme settings). We do not use tracking cookies, advertising cookies, or third-party analytics.

Data sharing

We do not sell, share, or provide your personal information to third parties. The only external service that receives your data is OpenAI, which processes conversation content to generate AI responses. We do not run advertising and do not share data with advertisers, data brokers, or analytics providers.

Data retention and deletion

Account information and session data are retained while your account is active, to support your learning pathways and allow you to review past sessions. If your account is inactive for more than 12 months, we may contact you before deleting your data. You can request deletion of your account and all associated data at any time by emailing support@therapycoach.app. On receipt of a verified deletion request, we will remove your account, all session transcripts, progress data, and any other personal information within 30 days.

Security

All data is transmitted over HTTPS. Authentication tokens are handled securely. The application uses security headers, input sanitisation, and rate limiting to protect against common web vulnerabilities. Row-level security ensures users can only access their own data. We follow reasonable security practices for a training application, but TherapyCoach is not designed to handle sensitive personal health information.

Your rights

You can request access to, correction of, or deletion of your personal data at any time. If you are located in the European Union, you may also have rights under the GDPR including the right to data portability and the right to restrict processing. Contact us at the address below to exercise any of these rights.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated through the application. We encourage you to review this policy periodically.

Questions about privacy? Get in touch.