Privacy Policy

Last updated: January 10, 2026

1. Introduction

This Privacy Policy explains how Therapy Space Inc. ("Clearly", "we", "us") collects, uses, discloses, and protects personal data when you access or use the Clearly platform, including our website, applications, and related services (the "Services"). We are committed to protecting personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and other applicable data protection laws.

2. Data Controller and Contact Details

Data Controller: Therapy Space Inc. 8 The Green Street, Suite #13997, Dover, DE 19901, USA

Data Protection Officer: Email: dpo@clearly.help
You can reach the DPO for any privacy matter.

3. Roles and Responsibilities under GDPR

Depending on the context, Clearly acts either as a Data Controller or as a Data Processor.

Clearly as Data Controller: Clearly acts as an independent Data Controller for personal data processed in connection with platform user accounts, authentication, access management, billing, platform security, communications, marketing activities, and optional AI-powered features.

Clearly as Data Processor: Where Clearly processes personal data on behalf of enterprise customers (for example, employers providing access to the Services to their employees), Clearly acts as a Data Processor and processes such data solely on documented instructions from the customer, pursuant to a Data Processing Agreement (DPA). Enterprise customers can request our DPA by contacting dpo@clearly.help.

Therapists: Therapists using the Clearly platform act as independent Data Controllers with respect to therapeutic content, clinical decisions, and professional obligations toward clients. Clearly does not determine the purposes or means of such processing.

4. What Data We Process, Why, and How Long

Context
Categories
Purpose
Legal Basis
Retention
Client account
Name, email, telephone, in-app ID
Register your profile, match with a therapist, schedule sessions, billing
Performance of contract (Art. 6(1)(b) GDPR)

Account lifetime + 5 years
Therapist onboarding
Name, contact, licences, CV, profile photo
Verify credentials, create public profile
Performance of contract (Art. 6(1)(b) GDPR)
Account lifetime + 5 years
Live video/
audio
Audio/video stream
Provide tele‑therapy session
Performance of contract (Art. 6(1)(b) GDPR)
Not stored
AI Session Notes (opt‑in)
Transcript and AI‑generated summary
Produce personal session notes & insights
Explicit consent (Art. 9(2)(a) GDPR)

Transcript: 30 days
Notes: Until deleted or 5 years
Platform logs & security
IP, device, browser, cookie ID, event logs
Detect fraud, ensure platform integrity, compile usage stats
Legitimate interests (Art. 6(1)(f) GDPR)
12 months
Marketing (optional)
Email, device ID
Send product news & offers
Consent (Art. 6(1)(a) GDPR)
Until you unsubscribe

* We never process health data without your explicit, separate consent.

5. Legal Bases for Processing

We process personal data only where permitted by applicable law and on one or more of the following legal bases:

  • Performance of a contract (Art. 6(1)(b) GDPR): Processing necessary to provide the Services under our Terms of Use.
  • Consent (Art. 6(1)(a) GDPR): Processing based on your freely given consent, including marketing communications and non-essential cookies.
  • Explicit consent (Art. 6(1)(a) and Art. 9(2)(a) GDPR): Processing of special categories of data, including AI Session Notes where applicable.
  • Legitimate interests (Art. 6(1)(f) GDPR): Processing necessary to ensure security, prevent fraud, and improve the Services, provided such interests are not overridden by your rights.
  • Legal obligation (Art. 6(1)(c) GDPR): Processing necessary to comply with applicable legal, tax, or accounting requirements.

6. AI Session Notes

How it works

  • When you tap "Try now" before joining a video session, you give explicit consent for transcription.
  • The encrypted audio stream is sent to Azure OpenAI Whisper running in EU data centres for speech-to-text.
  • The text is summarised by an EU-hosted instance of Azure OpenAI to create bullet-point insights ("Session Notes").
  • Your therapist then reviews the draft and can edit or approve it before it becomes visible in both your profiles.

Human review & quality controls

We apply prompt testing, regression testing and continuous user-feedback monitoring to catch mistakes.

Storage & deletion

  • Raw video is never stored.
  • Transcripts are retained for 30 days and then deleted automatically.
  • Session Notes live in our encrypted EU data-centre and stay until you delete them or 5 years after your last session, whichever comes first.

Opt-out

Disable the feature any time under Profile → Privacy Settings. Future sessions will not be transcribed; you can also delete existing transcripts and notes.

No model-training use

Transcripts and summaries are not reused to train any model.

Automated decision-making

AI Session Notes are informational only and do not make clinical or legal decisions about you.

7. Cookies and Similar Technologies

We use cookies and similar technologies to operate and improve the Services. Cookies are small text files stored on your device that enable core functionality, enhance user experience, and—where you consent—support analytics and marketing activities.

Cookie Categories and Purposes:

Cookie Type
Purpose
Examples
Legal Basis
Strictly Necessary
Required for operation and security of the Services, including authentication and session management

Session cookies, security tokens

Legitimate interest (Art. 6(1)(f) GDPR)
Functional
Remember your preferences, such as language and timezone settings
Language preference, timezone

Consent (Art. 6(1)(a) GDPR)
Analytics
Understand how users interact with the Services and improve functionality

Google Analytics, Mixpanel, Microsoft Clarity

Consent (Art. 6(1)(a) GDPR)
Marketing
Measure advertising performance and deliver relevant advertisements
Google Ads, Meta/Facebook

Consent (Art. 6(1)(a) GDPR)

You can manage or withdraw your cookie consent at any time via the cookie banner or through your browser settings. Blocking non-essential cookies may affect certain features but will not prevent core platform functionality.

8. Who Receives Your Data

Recipient
Purpose
Safeguards
Therapists on Clearly
Provide therapy services

Processors acting under our Data-Processing Addendum; access limited to sessions you book

Azure Whisper & GPT (EU)
Transcription & summarisation
Sub-processors for AI features; Standard Contractual Clauses applied
Cloud hosting (EU)
Infrastructure provider
ISO 27001 certified, encryption at rest
Payment processor
Handle payments
Stripe Payments Europe Ltd.; PCI-DSS Level 1 certifiedGoogle Ads, Meta/Facebook

9. International Data Transfers

All production systems and personal data are stored and processed within the European Economic Area (EEA). Limited administrative or support access may occur from Ukraine under appropriate technical and organizational safeguards. We do not transfer or process personal data in the United States or other third countries outside the EEA.

10. Security Measures

We implement industry-standard technical and organizational measures to protect personal data, including:

  • Encryption: TLS 1.3 in transit, AES-256 encryption at rest
  • Access controls: Role-based access, multi-factor authentication (MFA) for staff log-ins
  • Monitoring: Tamper-proof audit logs, security audits at least annually
  • Infrastructure: ISO 27001 certified hosting providers, regular backups

11. Personal Data Breaches

In the event of a personal data breach, we will:

  • Notify the competent supervisory authority (Agencia Española de Protección de Datos - AEPD) within 72 hours
  • Notify affected users without undue delay where required by law
  • Document all breaches in our internal register

Contact for breach notifications: dpo@clearly.help

12. Your Rights

Under GDPR, you have the following rights:

  • Access your personal data (Art. 15 GDPR)
  • Rectify inaccurate personal data (Art. 16 GDPR)
  • Erase your personal data ("right to be forgotten") (Art. 17 GDPR)
  • Restrict processing of your personal data (Art. 18 GDPR)
  • Object to processing (Art. 21 GDPR)
  • Data portability - export your data (Art. 20 GDPR)
  • Withdraw consent at any time (Art. 7 GDPR)
  • Lodge a complaint with a supervisory authority

To exercise your rights, email dpo@clearly.help or use in-app tools.

13. Children

Our services target users 14 years and older. We do not knowingly process data of children under 14 without verified parental consent. If we become aware that we have collected personal data from a child under 14 without appropriate consent, we will delete that information.

14. Changes to This Policy

Material changes to this Privacy Policy will be announced by email and through a banner in the Services at least 15 days before they take effect. We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. Check the "Last updated" date at the top for the current version.

15. Contact Information

For any privacy-related questions or to exercise your rights:

Data Protection Officer: Email: dpo@clearly.help

Postal Address: Therapy Space Inc. 8 The Green Street, Suite #13997 Dover, DE 19901, USA

Supervisory Authority: For complaints, you may also contact the Spanish Data Protection Authority (AEPD) at www.aepd.es

This Privacy Policy is provided in English. In case of any discrepancy between language versions, the English version shall prevail.

Prioritize your mental health
Pages
AboutApproachesFor TherapistsGift CardsFAQ
Legal
Terms of UsePrivacy Policy
Subscribe to our newsletters
Thank you! Your submission
has been received!
Oops! Something went wrong.
© 2021-2025 Clearly