TherapyTasks is committed to protecting your privacy and ensuring the security of your data. Our platform is designed to comply with HIPAA and other relevant regulations.

Data Collection

• No Identifiable Information: We do not store any patient-identifying information. Patients sign in to the mobile application using a secure, one-time-use invitation code.

Data Security

• Secure Authentication: Patients log in using a one-time-use code provided by their therapist, generating session-specific access that can be revoked if necessary. All other forms of authentication utilize industry-standard password encryption methods (bcrypt2 with salt).
• Session Security: If a phone is lost, therapists can immediately revoke access. Patients use a PIN code to secure their sessions, which ensures an additional layer of protection.
• Encryption: All data is encrypted both at rest and in transit using industry-standard encryption protocols to ensure data integrity and confidentiality.

Payment Security

• PCI Compliance: We leverage Stripe as our trusted payment processing provider, ensuring full compliance with PCI standards and safeguarding your financial information.

Compliance

• HIPAA Compliance: TherapyTasks rigorously adheres to HIPAA regulations by ensuring that no identifiable patient information is stored and all communications are encrypted. Our practices and safeguards are designed to maintain the highest standards of data protection and confidentiality.
• GDPR Compliance: TherapyTasks complies with GDPR requirements by not storing any identifiable information. Therapist information is used strictly for organizational purposes, ensuring full compliance with data protection regulations and preserving user privacy.

Data Retention

• Two-Year Retention: Data is retained for two years. Patients can access their profiles for up to two years after discharge, ensuring continued access to their treatment information during this period.