Privacy First

Your Clients' Privacy is Sacred

Mental health data deserves the highest level of protection. We've built Counselling Buddy with privacy and security as non-negotiable foundations, not afterthoughts.

Why Privacy Matters in Mental Health

The information you handle isn't just data—it's people's deepest struggles, fears, and hopes

As mental health professionals, you hold some of the most sensitive information that exists. Your clients share things with you they may never tell another soul. They trust you with their trauma, their medications, their diagnoses, and their darkest moments.

That trust is sacred. And the tools you use to manage your practice must honor that trust with the same level of care and protection that you provide in your therapeutic work.

Unfortunately, many practice management systems treat client data like any other business information. They use generic security measures, store data in unclear locations, or worse—monetise your data by selling insights to third parties.

We believe this is unacceptable. Mental health data requires specialised protection, ethical handling, and an unwavering commitment to confidentiality.

That's why we built Counselling Buddy from the ground up with privacy as our north star.

How We Protect Your Data

Multiple layers of security working together to keep your client information safe

Our Privacy Principles

Six commitments that guide every decision we make about your data

01

Data Minimisation

We only collect the information absolutely necessary to provide our service. No tracking scripts, no analytics on client data, no unnecessary metadata.

02

Purpose Limitation

Your data is used solely for providing practice management services. We don't mine it for insights, train AI models on it, or use it for any secondary purposes.

03

Transparency

We're completely open about what data we collect, how we use it, and where it's stored. No hidden clauses or confusing legal jargon.

04

User Control

You have complete control over your data. Export it anytime in standard formats, delete it permanently, or take it to another platform.

05

Privacy by Design

Privacy isn't an afterthought. Every feature is designed with data protection as a core requirement from day one.

06

Breach Notification

In the unlikely event of a security incident, we'll notify you within 24 hours and provide complete transparency about what happened.

Regulatory Compliance

Meeting and exceeding the standards required by law and professional bodies

Technical Security Details

For practitioners who want to understand the technical measures we take

Encryption

  • AES-256 encryption for all data at rest
  • TLS 1.3 for all data in transit
  • Zero-knowledge architecture for session notes
  • Encrypted database fields with separate encryption keys

Infrastructure

  • UK-based data centers in London and Manchester
  • ISO 27001 certified hosting partners
  • Automated daily backups to separate geographic regions
  • 99.9% uptime SLA with redundant systems

Access Control

  • Two-factor authentication (2FA) available
  • Role-based access control for team accounts
  • Automatic session timeout after inactivity
  • Audit logs of all data access and changes

Monitoring & Testing

  • 24/7 security monitoring with automated alerts
  • Quarterly penetration testing by third parties
  • Vulnerability scanning on every code deployment
  • Incident response plan with 24-hour notification

Your Data Rights

You maintain complete ownership and control of your information

Right to Access

View and download all your data at any time in standard formats (CSV, JSON, PDF). No restrictions, no waiting periods.

Right to Portability

Export your entire account data to migrate to another system. We provide migration guides and don't lock you in.

Right to Deletion

Delete your account and all associated data permanently. We remove everything within 30 days, including backups.

Right to Rectification

Correct or update any information at any time. You're in complete control of your data accuracy.

What We Don't Do

Just as important as what we do

No Data Selling

We never sell, rent, or share your data with advertisers or third parties.

No AI Training

Your client notes are never used to train AI models or machine learning systems.

No Analytics Tracking

We don't use invasive analytics or tracking scripts on client-facing features.

No Data Mining

We don't analyse your client data for insights, trends, or any secondary purposes.

No Offshore Storage

Your data never leaves the UK. We don't use offshore data centers or jurisdictions.

No Backdoors

We can't access your encrypted notes. No master keys, no backdoor access, ever.

Questions About Our Security?

We're happy to discuss our security measures in detail. Contact our team or read our comprehensive security documentation.

View Security Docs Contact Security Team
text-sm">© 2025 Counselling Buddy. All rights reserved.