TheraKonnect
HomePrivacy policy
How TheraKonnect handles your data

Privacy policy

This privacy policy explains what information TheraKonnect collects, how it is used and how we work with clinics to protect patient and staff data.

Last updated: 12 November 2025

1. Who we are and scope

TheraKonnect is a digital health and practice management platform that helps mental health clinics and independent therapists manage appointments, availability and patient records. This policy applies when you use TheraKonnect as a patient, therapist, receptionist, admin or clinic owner.

In many cases, your clinic or therapist is the primary custodian or controller of your health records. TheraKonnect acts as a technology provider and processes data on their behalf.

2. Information we collect

The exact data collected can vary by clinic configuration, but typically includes:

  • Account information. Name, contact details, login credentials and role for staff or basic demographic details for patients such as gender and date of birth.
  • Identity details. CNIC, last digits of identification numbers and similar fields where the clinic requires them for verification or record keeping.
  • Appointment data. Booked sessions, therapist assignment, time, date, mode of session and status such as scheduled, completed or cancelled.
  • Clinical notes and records. Information added by therapists, including structured notes, uploaded documents and history imported or shared from other providers as allowed by your clinic.
  • Technical and device data. Log data, IP address, browser type, device information and basic usage analytics used to keep the service secure and improve reliability.
  • Support and communications. Messages or requests you send to our support team or that clinic staff log inside the system.

3. How we use information

We use personal information for purposes such as:

  • Creating and managing user accounts for patients and staff.
  • Scheduling, updating and reminding you about appointments.
  • Storing clinical notes and documents for therapists and clinics.
  • Enabling secure sharing of prior records when a patient gives permission and a superAdmin approves.
  • Monitoring security, preventing misuse and investigating suspicious activity.
  • Improving the performance, reliability and usability of TheraKonnect.
  • Responding to support requests and operational communications.

Clinics may also use data for their own lawful purposes, such as medical record keeping, billing or compliance with professional guidelines.

4. AI features and speech to text

TheraKonnect may offer optional features such as speech to text capture for notes or AI assisted summaries to support clinicians.

  • Audio is processed to generate text notes and may be temporarily sent to secure third party providers that specialise in transcription or AI processing.
  • Transcribed or AI assisted content is stored as part of the patient record inside TheraKonnect.
  • AI outputs may not always be fully accurate and must be reviewed and edited by the clinician before being treated as final.

We do not use patient chat data or clinical notes to train external public AI models. Where we rely on third party AI infrastructure, it is configured to respect healthcare style confidentiality wherever possible.

5. Legal basis for processing

The legal basis for processing your information can include:

  • Performance of a contract, for example to provide the service your clinic has requested.
  • Compliance with legal or professional obligations that apply to clinics and clinicians.
  • Legitimate interests such as keeping the service secure and reliable, provided your rights are respected.
  • Consent, for specific features or data sharing where your clinic or therapist collects it from you.

6. How information is shared

We share data only as needed to operate TheraKonnect, comply with law and support clinics.

  • Within a clinic. Patient data is available to authorised therapists, reception staff and admins according to role based permissions configured by the clinic.
  • Service providers. Infrastructure, hosting, email, SMS, analytics, file storage or AI processing providers that help us operate TheraKonnect under appropriate confidentiality terms.
  • Legal and safety. When required by applicable law, court order or to respond to a legal request. We may also disclose information when we believe it is necessary to prevent serious harm or address security incidents.

We do not sell patient or staff personal data for advertising purposes.

7. Data retention

We keep personal information for as long as it is needed to provide the service, meet legal obligations and fulfil the needs of clinics and patients.

  • Clinic and patient records are typically retained according to local medical record retention rules set by the clinic or applicable law.
  • Technical logs are retained for a shorter period for security and troubleshooting, then deleted or anonymised.

8. Security and storage

We use a combination of technical and organisational measures to protect data inside TheraKonnect.

  • Encryption in transit and at rest for core data stores where practical.
  • Role based access control, audit trails and least privilege principles for staff access.
  • Regular updates and monitoring of infrastructure to address vulnerabilities.

No system can be guaranteed to be perfectly secure. Clinics should keep their own devices and networks secure and ensure staff follow good security practices such as strong passwords and avoiding credential sharing.

9. International data transfers

TheraKonnect may use infrastructure or service providers located in other countries. When data is transferred across borders, we aim to put protections in place that are consistent with applicable data protection requirements.

10. Your choices and rights

Depending on local law and clinic policies, you may have rights such as:

  • Accessing your personal information and certain parts of your record.
  • Requesting corrections to inaccurate or incomplete information.
  • Requesting copies of records or their transfer to another provider, subject to clinic rules.
  • Objecting to certain uses of your information where permitted by law.

In practice, many of these rights will be handled by your clinic or therapist, rather than directly by TheraKonnect. If you have a question about your record, it is usually best to contact your clinic first.

11. Children and minors

TheraKonnect can be used to store records for children and adolescents when a clinic provides such services. Clinics are responsible for ensuring they obtain appropriate consent from parents or legal guardians and that access rights are configured correctly.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in law, technology or how TheraKonnect operates. When we make significant changes, we will update the “Last updated” date above and may notify clinic admins inside the platform.

13. Contact us

If you have questions about this Privacy Policy or how your data is handled in TheraKonnect, you can reach out to:

  • Your clinic or therapist, for questions about your own patient record.
  • The TheraKonnect support team, using the contact email or support channel provided in your clinic onboarding information.