Last Updated: January 7th, 2025

1. Introduction

Welcome to TheraPulse (“we,” “our,” “us”). TheraPulse is an AI-powered session transcription service designed specifically for mental health professionals. Our mission is to enhance your practice by accurately transcribing your sessions, creating precise progress notes and summaries in just 60 seconds, and saving you up to 2 hours every day. We are committed to safeguarding your privacy and complying with all applicable data protection laws, including the Personal Health Information Protection Act (PHIPA) of Ontario, Canada, and the Health Insurance Portability and Accountability Act (HIPAA) of the United States.

This Privacy Policy outlines how we collect, use, disclose, and protect your personal health information (“PHI”) and ensures our compliance with PHIPA and HIPAA. By using TheraPulse, you agree to the practices described in this policy.


2. Definitions

To ensure clarity, the following definitions apply throughout this Privacy Policy:


3. Our Commitment to Privacy

At TheraPulse, we understand the sensitive nature of mental health information and are dedicated to protecting your PHI. We adhere strictly to PHIPA and HIPAA requirements to ensure confidentiality, integrity, and availability of your information.


4. Collection of Personal Health Information

4.1 Direct Collection

We collect PHI directly from mental health professionals (health information custodians) who use our AI Scribe service. The types of PHI collected include:

4.2 Limitation of Collection

We only collect PHI that is necessary for providing our transcription services. We do not store any audio recordings. Uploaded audio files are temporarily stored in memory and are immediately cleared after transcription.


5. Use of Personal Health Information

5.1 Purpose of Use

We use PHI solely for the purpose of:

5.2 No Unlawful Use

We do not use PHI for any unlawful purposes or in a manner inconsistent with PHIPA and HIPAA regulations.


6. Disclosure of Personal Health Information

6.1 To Authorized Parties Only

We may disclose PHI to:

These providers are bound by BAAs, ensuring they comply with PHIPA and HIPAA standards. We do not disclose PHI to any other third parties without explicit consent from our clients.

6.2 Legal Requirements

We may disclose PHI when required by law, such as to comply with a court order or to protect against a significant risk of serious bodily harm.


7. Security of Personal Health Information

7.1 Administrative Safeguards

7.2 Physical Safeguards

7.3 Technical Safeguards


8. Access to and Correction of Personal Health Information

8.1 Right of Access

Under PHIPA and HIPAA, clients have the right to access their PHI held by us. Clients can request access by submitting a written request to our support team.

8.2 Correction of Information

If you believe that your PHI is inaccurate or incomplete, you may request a correction by contacting us in writing. We will review your request and make the necessary corrections promptly.


9. Consent and Withdrawal of Consent

9.1 Obtaining Consent

We obtain consent from our clients before collecting, using, or disclosing PHI. Consent may be express or, in certain circumstances, implied.

9.2 Withdrawing Consent

Clients may withdraw their consent at any time by notifying us in writing. Withdrawal of consent does not affect the lawfulness of any collection, use, or disclosure before withdrawal.


10. Compliance with PHIPA and HIPAA

10.1 PHIPA Compliance

We comply with all provisions of PHIPA, including:

10.2 HIPAA Compliance

We adhere to HIPAA’s Privacy and Security Rules, including:


11. Data Retention and Disposal

11.1 Retention Period

PHI is retained only as long as necessary to fulfill the purposes for which it was collected or as required by law.

11.2 Secure Disposal

When PHI is no longer needed, we ensure its secure disposal through methods that prevent unauthorized access or reconstruction.


12. Business Associate Agreements (BAA)

We have BAAs in place with all our business associates, including cloud computing, data storage, and LLM providers. These agreements ensure that our business associates are contractually obligated to comply with PHIPA and HIPAA requirements.

Upon request, we can enter into a BAA with our clients to further assure compliance and protection of PHI.


13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify clients of significant changes by email or through our website. Continued use of TheraPulse after changes constitutes acceptance of the updated policy.


14. Contact Us

If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us:


15. Your Rights Under PHIPA and HIPAA

Under PHIPA and HIPAA, you have the following rights concerning your PHI:


16. Enforcement

Failure to comply with this Privacy Policy may result in sanctions under PHIPA, HIPAA, and other applicable laws. We take violations seriously and are committed to enforcing policies that protect your PHI.


17. Definitions of Terms Used

For your convenience, here are definitions of key terms used in this Privacy Policy. For more detailed definitions, please refer to section 2.


By using TheraPulse, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy. Your trust is paramount, and we are dedicated to maintaining the highest standards of privacy and security for your PHI.