Privacy Policy

1. Who We Are

Terapi.ka is a web platform for managing therapeutic appointments. It is designed for therapists to manage clients, appointments, invoices, and client communication.

2. Data We Collect

When using the platform, we collect the following categories of data:

• User accounts: email address, name
• Therapist profiles: contact details, specialization, hourly rate
• Client data: name, email, phone, address, notes
• Appointments: dates, times, notes, status
• Invoices: amounts, service descriptions
• IP addresses: collected for security purposes and audit logging
• Cookies: session cookies and preference cookies (e.g., sidebar state)

3. Purpose of Data Processing

We process your data for the following purposes:

• Managing therapeutic appointments and bookings
• Sending notifications and reminders to clients
• Generating and managing invoices
• Ensuring the security and operation of the platform

4. Legal Basis

We process data on the basis of legitimate interest (Article 6(1)(f) GDPR) to ensure the operation of the platform and on the basis of user consent where necessary. For sending email notifications to clients, we rely on consent obtained by the therapist.

5. Your Rights

Under the GDPR, you have the following rights:

• Right of access — view your personal data
• Right to rectification — correction of inaccurate data
• Right to erasure — deletion of your data
• Right to data portability — transfer of data to another controller
• Right to object — objection to the processing of your data
• Right to restriction of processing — restriction of processing in certain cases

6. Data Security

We use the following security measures to protect your data:

• Encryption of sensitive data (including passwords and personal client data)
• Access control with authentication and authorization
• Audit logging of all significant changes
• Session management with secure cookies and session duration limits

7. Data Retention

We retain your data for as long as necessary to provide platform services. The retention period is configurable by the therapist. After the retention period expires or upon your request, data is permanently deleted.

8. Third Parties

We use the following third-party services to operate the platform:

• Resend — sending email messages (notifications, reminders)
• Replit — application and database hosting
• Polar — payment processing (subscription and billing data)
• OpenAI — AI-powered session note generation (session data may be processed)
• Google — calendar synchronization (Google Calendar), video conferencing (Google Meet), and authentication (OAuth)
• Cebelca.biz — invoice generation and management (client names, addresses, invoice data)
• FURS — fiscal verification of invoices as required by Slovenian tax authority (invoice and tax data)

We share only the data strictly necessary for these providers to deliver their services.

9. Cookies

We use cookies to ensure the proper functioning of the platform:

• Essential cookies — required for authentication and session management (e.g., session cookie)
• Preference cookies — used to remember your preferences (e.g., sidebar state, theme selection)

Non-essential cookies are only set with your consent. You can manage your cookie preferences at any time through the cookie consent banner.

10. Contact

For questions regarding personal data protection or to exercise your rights, you can contact us via the email address listed in your therapist profile or through the application settings.