Privacy Policy
Clearbook is built for mental health professionals. We take your privacy — and your clients' privacy — seriously.
Effective date: July 1, 2026
1. Who We Are
Clearbook ("we," "us," or "our") is a practice-management platform designed for licensed mental health professionals. Our website is useclearbook.app and you can reach us at getclearbook@gmail.com.
Clearbook acts as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA) with respect to Protected Health Information (PHI) that therapists process through the platform.
2. Information We Collect
a) Information you provide
- Account registration: full name, email address, password (hashed)
- Practice profile: practice name, phone number, biography, booking page URL slug
- Availability settings: days, hours, session length preferences
- Billing configuration: session fee and cancellation policy (text only; card details are handled by Stripe)
- Client booking data entered by clients: name, email, phone, appointment type, and optional intake notes
b) Information collected automatically
- Server logs: IP address, browser type, pages visited, timestamps
- Authentication tokens stored in secure HttpOnly cookies by Supabase
- Your cookie consent preference (stored in your browser's localStorage)
c) Payment information
We do not store credit card numbers or bank account details. Payments are processed by Stripe, Inc. When you connect Stripe to receive client payments, you interact directly with Stripe's secure OAuth flow. We only store Stripe-issued account identifiers.
3. Protected Health Information (PHI) and HIPAA
Information that identifies a client and relates to their health or care — such as appointment records, intake notes, or session history — may constitute PHI under HIPAA. Clearbook processes this data on behalf of therapists (the Covered Entity).
As your Business Associate, Clearbook:
- Executes a Business Associate Agreement (BAA) with each therapist account upon request
- Applies appropriate administrative, physical, and technical safeguards to PHI
- Uses PHI only to provide the Clearbook service and as required by law
- Does not sell, rent, or share PHI with third parties except as described in this policy or required by law
- Notifies you of any breach of unsecured PHI as required by the HIPAA Breach Notification Rule
Therapists using Clearbook remain responsible for ensuring their own HIPAA compliance, including obtaining appropriate authorizations from clients.
4. How We Use Your Information
- Operate and improve the Clearbook platform
- Send appointment confirmation and reminder emails and SMS messages to clients (via Resend and Twilio)
- Process payments and payouts through Stripe Connect
- Authenticate users and maintain session security
- Respond to support inquiries
- Comply with legal obligations
We do not use client PHI to train AI models, build advertising profiles, or sell data to data brokers.
5. Third-Party Service Providers
We share data only with vendors necessary to provide the service:
- Supabase — database and authentication hosting (data stored in US-East)
- Stripe, Inc. — payment processing and Stripe Connect for therapist payouts
- Twilio Inc. — SMS appointment reminders
- Resend Inc. — transactional email delivery
- Vercel Inc. — application hosting and edge infrastructure
Each provider is contractually bound to protect data and use it only for the specified purpose. Where required, we maintain a BAA with providers that may handle PHI.
6. Data Retention
We retain your account data and appointment records for as long as your account is active, and for up to 7 years after account closure to meet standard healthcare record-keeping obligations. You may request earlier deletion by contacting us at getclearbook@gmail.com, subject to legal retention requirements.
7. Cookies
We use essential session cookies to keep you logged in. We do not use third-party advertising or tracking cookies. See our Cookie Policy for details.
8. Your Rights
Depending on your location, you may have rights to access, correct, port, or delete your personal data. To exercise any of these rights, email us at getclearbook@gmail.com. We respond within 30 days.
If you are a client whose information was entered into Clearbook by a therapist, please contact that therapist directly. As a Business Associate, we process client data at the direction of the therapist (Covered Entity).
9. Security
Clearbook uses TLS encryption in transit, encrypted databases at rest, row-level security policies, and access logging. We conduct periodic security reviews. No system is 100% secure; if you discover a vulnerability please report it to getclearbook@gmail.com.
10. Children's Privacy
Clearbook is intended for licensed professionals and their adult clients. We do not knowingly collect data from children under 13. If you believe a child's information was submitted without consent, contact us immediately.
11. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email or an in-app notice at least 7 days before taking effect. Continued use of Clearbook after changes constitutes acceptance.
12. Contact
Questions about this Privacy Policy? Email us at getclearbook@gmail.com. We're a small team and aim to respond within 2 business days.