Privacy
Your story stays yours.
Mental health data is the most sensitive kind. We treat it that way — with strict access controls, plain-language disclosures, and your right to erase everything any time.
Encrypted end-to-end at rest
All chats, reports and uploads are encrypted with AES-256 inside Firestore and Cloud Storage.
Role-scoped access
Therapists only see their patients. Parents only see their children. Admins never read clinical content.
AI never sees identifiers
Before any prompt reaches Gemini we strip names, emails, phone numbers and addresses.
Data residency
We host in regions closest to you (EU / Middle-East) and never transfer outside without explicit consent.
Export & delete on demand
From Settings you can download everything we hold or wipe your account in one click.
Real human, real reply
Email privacy@wethera.site and a person — not a bot — answers within 48 hours.
What we collect
Account basics (name, email, role, language), booking data (therapist, slot, payment confirmation), wellness content (AI conversations, mood check-ins, journal entries — visible only to you), and clinical notes written by your therapist after sessions.
Who can see what
Firestore Security Rules enforce role-based access on every read and write. Therapists cannot list other therapists' patients. Parents cannot read children's private journals. Admins see metadata only — never message bodies.
AI safety
Thera AI runs on Google Gemini through our Cloud Functions. Prompts pass a crisis-detection guardrail before and after generation; flagged conversations are routed to a human reviewer and an emergency-help banner appears immediately to the user.
Your rights
You can export, rectify, or delete your data at any time from Settings → Privacy. Account deletion is permanent and removes all associated content within 30 days. Anonymised aggregate analytics may be retained for safety research.
Contact
Privacy officer: privacy@wethera.site · Last updated: January 2026.