GDPR & HIPAA Compliance
Protect your clients' sensitive health data with enterprise-grade security built into every layer of Terapi.ka. All personal and clinical information is encrypted at rest using AES-256-GCM encryption with per-therapist key derivation, ensuring that even in the unlikely event of a breach, data remains unreadable. A comprehensive audit trail logs every data access and modification, providing full transparency for compliance audits. Two-factor authentication (TOTP) adds an extra layer of protection for account access. We support data export, permanent deletion on request (right to erasure), and configurable retention policies — giving you complete control over client data lifecycle in accordance with GDPR and HIPAA regulations.
Enterprise-Grade Encryption for Every Client
Therapists handle some of the most sensitive personal data imaginable — therapy notes, health conditions, emotional states, and personal histories. Terapi.ka protects this information with AES-256-GCM encryption, the same standard used by financial institutions and government agencies. What makes our approach unique is per-therapist key derivation: each practitioner's data is encrypted with a key derived specifically for their account, meaning that even in the unlikely event of a system breach, one therapist's data cannot be used to access another's. All encryption happens transparently — you work with your client records normally while the system handles encryption and decryption behind the scenes.
Complete Audit Trail and Accountability
Regulatory compliance requires more than just encryption — you need to demonstrate who accessed what data and when. Terapi.ka maintains a comprehensive audit trail that logs every data access, modification, and deletion event with timestamps and user identification. This audit log is immutable and provides the transparency required for GDPR compliance audits and HIPAA assessments. If a client requests information about how their data has been handled, you can provide a complete access history. The audit trail also serves as an internal security tool, helping you identify any unusual access patterns and maintain accountability across your practice.
Client Rights and Data Lifecycle Management
Under GDPR, your clients have specific rights regarding their personal data — and Terapi.ka makes it easy to honor every one of them. The data export feature allows you to generate a complete, portable copy of a client's data in a standard format, fulfilling the right to data portability. When a client requests erasure (the right to be forgotten), you can permanently delete their data with a few clicks. Configurable retention policies let you set automatic data lifecycle rules — for instance, automatically flagging inactive client records for review after a specified period. Two-factor authentication via TOTP adds an additional security layer for account access, ensuring that only authorized practitioners can view sensitive client information.