How My-Therapy-Suite handles your data.
This page is the practical companion to our Privacy Policy and Data Processing Agreement. Those documents are the legal source of truth; this page covers how the platform actually handles your data.
Last updated 11 May 2026. We update this page within 14 days of any material change (new sub-processor, change of hosting region, change to encryption or key management).
My-Therapy-Suite is hosted in the United Kingdom. The application and the database run on Microsoft Azure in the UK. Session recordings and file uploads are stored on Google Cloud Platform, also in the UK.
This means your client records, notes, and recordings are physically held on servers located in the UK, and the legal regime that applies to them is UK data protection law (UK GDPR and the Data Protection Act 2018), enforced by the Information Commissioner's Office (ICO).
Some of our sub-processors are headquartered outside the UK (for example, Anthropic in the United States). Where personal information is transferred internationally, transfers are governed by the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses. Full details are in our Data Processing Agreement.
Your data is encrypted in three different places, with three different keys. That way, a problem with any one of them does not expose the others.
Every connection to and from My-Therapy-Suite is encrypted using TLS, the standard protocol for protecting information sent across the internet. Anyone intercepting traffic on the network sees ciphertext, not the contents of your records.
Sensitive information (client names, contact details, clinical notes, session content) is encrypted by the platform before it is written to the database. Even with direct access to the database, the records would be unreadable without a separate key. That key is stored in a Microsoft-managed key vault, not in the database itself.
On top of our own encryption, Microsoft applies a further layer of encryption to the entire database on disk, using keys managed by Microsoft. Files stored on Google Cloud (such as session recordings) are encrypted in the same way by Google. These layers protect against physical theft of the underlying storage hardware.
The encryption key, database credentials, and the API keys we use for third-party services are all stored in a separate Microsoft-managed key vault. They are not written into our source code, our log files, or the machines that run the application.
Microsoft keeps its own independent record of every key access. That record is held outside our environment, so it remains intact even if our own logs are compromised.
Most sensitive information (names, contact details, clinical notes, session content) is encrypted before it reaches the database. Reading it requires the separate key held in the Microsoft-managed key vault.
In normal day-to-day operation, no one at My-Therapy-Suite reads your data. The application uses the key automatically as you, your colleagues, or your clients use the platform. No person is involved in that loop.
Access to the key itself is restricted to a small, identified subset of the technical team. Members of the team working in sales, support, or operations do not have access to the key and therefore cannot read encrypted client content, regardless of their database access.
The only situations where a person on our team would actively use the key to read a specific record are:
Each of these is logged by us, and Microsoft independently logs every use of the key in its vault.
We use third-party service providers ("sub-processors") to deliver the platform. They process data only on our instructions, under the contractual obligations set out in our Data Processing Agreement.
| Provider | Purpose | Region |
|---|---|---|
| Microsoft Azure | Cloud hosting, database, compute infrastructure | United Kingdom |
| Google Cloud Platform | File storage, including session recordings | United Kingdom |
| Anthropic | AI-assisted clinical summarisation, transcription, risk analysis (primary provider) | United States |
| OpenAI | AI-assisted clinical summarisation (fallback provider, used only when Anthropic is unavailable) | United States |
| Stripe | Payment processing | United Kingdom, with EU and US affiliates |
| Cloudflare | Bot protection (Turnstile) and video session infrastructure (RealtimeKit) | Global edge network, with UK ingress |
| Zoom Video Communications | Video session infrastructure | Region-based routing (typically EU for UK customers) |
| Mailgun | Transactional and marketing email delivery (account notifications, appointment reminders, password resets, newsletters) | United States |
| Sentry | Error monitoring and application observability | United States |
We update this list within 14 days of any change to our sub-processors.
AI features in My-Therapy-Suite are designed so that client data is never used to train AI models, and so that you remain in control of what gets sent.
Both providers are accessed through enterprise API contracts. They are contractually prohibited from using the data we send them to train their models, and they are required to delete it after processing each request.
We send only what the feature needs to do its job. For features that work on session content (summarisation, draft notes), this includes the actual clinical text.
| Feature | What is sent |
|---|---|
| AI session notes | Session transcript or summary text provided by the therapist |
| AI template builder | Your prompt and the existing template structure (no client records) |
| AI support chat | Your support message and platform context (no client records) |
| Risk signal analysis | The clinical text you flag for analysis |
The Azure SQL database is backed up automatically with 7-day point-in-time restore. This means we can restore the database to any point in the past 7 days down to the second. Backups are managed by Azure and stored on Azure-managed storage.
Files uploaded to Google Cloud Storage (session recordings, documents, signed agreements) persist until they are explicitly deleted by the practice or removed as part of the cancellation flow. There is no automated lifecycle deletion.
Both Azure SQL and Google Cloud Storage are managed services with high availability and replication built in by the provider. In the event of a regional incident, the platform's recovery depends on Microsoft and Google's published recovery procedures for their respective UK regions.
For security, accountability, and incident investigation, the platform keeps an internal log of significant events. Each entry records what happened, when, and (where relevant) which account or user was involved. Examples include:
These internal logs are not currently surfaced as a self-service report inside the platform. If you ever need a specific record extracted (for example to support a Subject Access Request your client has made, a complaint, or a regulatory request), contact us and we will produce the relevant entries.
The Privacy Policy sets out the legal detail on rights of access, rectification, erasure, restriction, and portability. The practical version:
Report security issues, or concerns about how data is being handled, to the address below.
Security contact
Email: security@mytherapysuite.com
We aim to acknowledge security reports within one working day.