← Back to Home

Privacy Policy

Last updated: April 4, 2026

1. Introduction

TheraFlow LLC ("TheraFlow," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services at theraflow.ai. By using our Service, you agree to the collection and use of information in accordance with this policy. This Privacy Policy should be read in conjunction with our Terms of Service, HIPAA Compliance Notice, and Business Associate Agreement.

2. Information We Collect

We may collect the following types of information:

  • Account Information: Name, email address, professional credentials, license type, therapeutic modalities, and billing information when you create an account.
  • Clinical Data: Session notes, client information, therapeutic goals, and clinical content you input into TheraFlow to generate worksheets. This data may constitute Protected Health Information (PHI) under HIPAA and is handled in accordance with our Business Associate Agreement and HIPAA Compliance Notice.
  • Usage Data: Information about how you use our Service, including features accessed, worksheets generated, frequency of use, and session duration.
  • Device and Technical Data: Browser type, IP address, device type, operating system, and referring URLs.
  • Communications: Information you provide when contacting our support team or responding to surveys.

3. How We Use Your Information

We use your information for the following purposes:

  • To provide, maintain, and improve our Services, including generating personalized therapy worksheets based on your clinical input
  • To create and manage your account and process authentication
  • To communicate with you about your account, service updates, and relevant product information
  • To process payments and manage subscriptions
  • To monitor and analyze usage patterns to improve our platform
  • To detect, prevent, and address technical issues or security threats
  • To comply with legal obligations, including HIPAA requirements

4. Data Protection and Security

We implement administrative, physical, and technical safeguards to protect your data, including encryption at rest and in transit, access controls, audit logging, and regular security assessments. All Protected Health Information (PHI) is hosted on HIPAA-eligible cloud infrastructure and is handled in accordance with HIPAA regulations and our Business Associate Agreement. Full details of our security measures are provided in our BAA.

5. Data Sharing and Third-Party Service Providers

We do not sell, rent, or share your personal information or client data with third parties for marketing purposes. We may share data only with service providers who are necessary for the operation of our platform, under strict contractual obligations and Business Associate Agreements where required by HIPAA. A complete list of service providers that may access PHI is provided in our Business Associate Agreement.

We may also disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

6. AI and Data Usage

Your session notes and client data are processed solely for the purpose of generating your requested worksheets. Your data is never used to train, improve, or develop any AI models, machine learning algorithms, or any other generalized artificial intelligence system. Data is not retained beyond what is necessary for service delivery and your continued use of the platform.

7. Cookies and Tracking Technologies

We use essential cookies to enable core functionality such as authentication and session management. We do not use third-party advertising cookies or tracking technologies that profile you across other websites. We may use analytics tools to understand aggregate usage patterns, and any such tools are configured to respect your privacy.

8. Data Retention

We retain your account information for as long as your account is active or as needed to provide you the Services. Clinical data (including session notes and generated worksheets) is retained in accordance with the data retention provisions of our Business Associate Agreement. You may request deletion of your data at any time by contacting us at info@theraflow.ai. Upon account termination, we will return or destroy PHI within thirty (30) days in accordance with our BAA, except where retention is required by law.

9. Your Rights

You have the right to: access the personal information we hold about you; request correction of inaccurate information; request deletion of your personal information; request a copy of your data in a portable format; and request that we restrict or cease processing your information.

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected about you, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, contact us at info@theraflow.ai.

10. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service at least thirty (30) days before the changes take effect. Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

12. Contact Us

If you have questions about this Privacy Policy, please contact us at:

TheraFlow LLC
5926 Erlanger Street, San Diego, CA 92122
Email: info@theraflow.ai