Privacy Policy

Last updated: February 2026

Therapy Mallard ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your information when you use our mobile application and website (collectively, "the Service").

By using Therapy Mallard, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Account Information

When you create an account, we collect:

  • Your name
  • Email address
  • Authentication credentials (password hash or OAuth provider token)

Therapy Session Data

When you use the recording feature, we collect:

  • Audio recordings of your therapy sessions
  • Automatic text transcriptions generated from your recordings
  • AI-generated insights, including themes, emotions, goals, action items, and session summaries
  • Notes you manually add to sessions
  • Session duration and recording timestamps

Usage Data

We automatically collect:

  • Device type and operating system
  • App version
  • General usage patterns (e.g. features used, session frequency)

Payment Information

If you subscribe to a paid plan, payment processing is handled by Stripe and/or RevenueCat. We do not store your credit card number or full payment details. We receive only a customer identifier and subscription status from these providers.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Transcribe your therapy session recordings using third-party speech-to-text services (OpenAI Whisper)
  • Generate insights, themes, emotions, and action items from your session transcriptions using AI analysis
  • Track your therapy goals and progress over time
  • Process subscription payments
  • Send you important service-related communications
  • Respond to your support requests

3. Data Storage and Security

Your data is stored on secure servers provided by Vercel and Neon (PostgreSQL). Audio recordings are stored using Vercel Blob Storage. All data is transmitted over encrypted connections (HTTPS/TLS).

We implement industry-standard security measures to protect your personal information, including:

  • Encrypted data transmission (TLS/SSL)
  • Secure password hashing
  • Access controls and authentication for all API endpoints
  • Regular security reviews

While we take reasonable measures to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

4. Third-Party Services

We use the following third-party services to operate Therapy Mallard:

  • OpenAI — for speech-to-text transcription and AI-powered session analysis. Your audio and transcription data is sent to OpenAI for processing. OpenAI's data usage policies apply to this processing.
  • Vercel — for web hosting and blob storage (audio files)
  • Neon — for database hosting (PostgreSQL)
  • Stripe — for payment processing (web subscriptions)
  • RevenueCat — for in-app purchase management (mobile subscriptions)
  • Google Sign-In — for OAuth authentication (if you choose to sign in with Google)

Each third-party service has its own privacy policy governing how they handle your data. We encourage you to review their policies.

5. Data Sharing

We do not sell, rent, or trade your personal information to third parties.

We may share your data only in the following circumstances:

  • Service providers: With third-party services listed above, solely to provide the Service (e.g. transcription, payment processing)
  • Legal requirements: If required by law, regulation, or legal process
  • Safety: To protect the rights, safety, or property of Therapy Mallard, our users, or the public

6. Data Retention

We retain your data for as long as your account is active. You may delete individual sessions at any time from within the app. If you wish to delete your entire account and all associated data, please contact us at privacy@therapymallard.com.

Upon account deletion, we will remove all your personal data, session recordings, transcriptions, and insights from our servers within 30 days. Some data may persist in encrypted backups for up to 90 days before being permanently removed.

7. Your Rights

You have the right to:

  • Access your personal data stored by Therapy Mallard
  • Delete your sessions, goals, and account data
  • Export your data in a portable format
  • Withdraw consent by discontinuing use of the Service
  • Opt out of non-essential communications

To exercise any of these rights, contact us at privacy@therapymallard.com.

8. Children's Privacy

Therapy Mallard is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected data from a child under 18, we will take steps to delete that information promptly.

9. Microphone and Device Permissions

The Therapy Mallard mobile app requests access to your device's microphone to record therapy sessions. This permission is used solely for session recording and is only active when you explicitly start a recording. We do not access your microphone in the background.

You can revoke microphone access at any time through your device's settings. Without microphone access, the recording feature will be unavailable, but all other features will continue to work.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting a notice in the app or sending an email to your registered address. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

  • Email: privacy@therapymallard.com