Privacy Policy
Last Updated: February 12, 2026
1. Introduction
TherapyCalls ("we," "us," or "our") is operated by Techspire LLC. We provide AI-powered answering services specifically designed for mental health professionals and therapy practices.
This Privacy Policy explains how we collect, use, disclose, and safeguard Protected Health Information (PHI) and other personal information in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable privacy laws.
2. HIPAA Compliance
We are committed to full compliance with HIPAA regulations as a Business Associate to covered entities (therapists and therapy practices).
2.1 Business Associate Agreement (BAA)
Before providing services, we execute a Business Associate Agreement (BAA) with each therapist client. This agreement outlines our HIPAA obligations and how we handle Protected Health Information on your behalf.
2.2 Protected Health Information (PHI)
We collect and process the following PHI during service delivery:
- Caller's name and contact phone number
- Basic reason for calling (e.g., "seeking therapy consultation")
- Date and time of call
- Call summary and notes
We do NOT collect: Detailed medical history, diagnoses, treatment plans, or other sensitive health information beyond what is minimally necessary to facilitate appointment scheduling.
3. Information We Collect
3.1 From Therapist Clients (Covered Entities)
- Practice name and therapist contact information
- Business phone number to forward
- Scheduling/booking link (if provided)
- Payment information (processed securely through Stripe)
3.2 From Callers (Patients/Potential Patients)
- Name and phone number
- Reason for calling
- Preferred callback time (if requested)
- Voice recordings during call (stored encrypted, deleted per retention policy)
3.3 Website Visitors
- Basic analytics data (page views, referral source)
- No tracking cookies or third-party advertising
4. How We Use Information
4.1 PHI Usage
We use PHI solely for the following purposes:
- Answering incoming calls on behalf of therapist clients
- Sending text message summaries to therapists
- Sending booking links to potential patients (when applicable)
- Maintaining call logs for quality assurance and dispute resolution
4.2 Non-PHI Business Information
- Processing payments via Stripe
- Providing customer support
- Improving our service quality
- Sending service-related communications
5. How We Protect Your Information
5.1 Security Measures
- Encryption: All PHI is encrypted at rest (AES-256) and in transit (TLS 1.2+)
- Access Controls: Role-based access with multi-factor authentication
- Audit Logs: All access to PHI is logged and monitored
- Regular Security Assessments: Annual third-party security audits
- Employee Training: All staff complete HIPAA training annually
5.2 Infrastructure
Our services are powered by Trillet, a HIPAA-compliant platform that provides:
- HIPAA-compliant phone infrastructure (Twilio with BAA)
- Encrypted database storage
- Enterprise AI services (OpenAI with BAA)
- Secure hosting with redundancy and backups
6. Information Sharing and Disclosure
6.1 Third-Party Service Providers (Business Associates)
We share PHI only with HIPAA-compliant vendors who have signed BAAs:
- Trillet: Backend infrastructure and call handling
- Twilio: Phone service provider
- OpenAI: AI language processing (enterprise tier with BAA)
6.2 We Do NOT Share PHI With
- Marketing or advertising companies
- Data brokers or analytics providers
- Any non-HIPAA compliant third parties
6.3 Required Disclosures
We may disclose PHI when legally required:
- To comply with court orders or subpoenas
- To report suspected abuse or neglect (as mandated by law)
- To prevent serious threats to health or safety
- As otherwise required by state or federal law
7. Your Rights Under HIPAA
7.1 Right to Access
You have the right to request a copy of PHI we hold about you. Contact us using the information at the end of this policy.
7.2 Right to Amend
You may request corrections to inaccurate or incomplete PHI.
7.3 Right to Restrict Use
You may request restrictions on how we use or disclose PHI, subject to legal and contractual obligations.
7.4 Right to an Accounting
You may request an accounting of disclosures of PHI we have made.
7.5 Right to Request Confidential Communications
You may request to receive communications about PHI by alternative means or at alternative locations.
8. Data Retention
- Call recordings: NOT stored. HIPAA-compliant mode does not retain audio recordings
- Call summaries: Retained for 6 years per HIPAA requirements
- Therapist account data: Retained while account is active + 6 years after closure
- Payment records: Retained for 7 years per tax requirements
9. Breach Notification
In the event of a breach of unsecured PHI, we will:
- Notify affected therapist clients within 24 hours of discovery
- Notify affected individuals (patients) within 60 days as required by HIPAA
- Notify the Department of Health and Human Services if required
- Provide details about the breach, mitigation steps, and resources for affected individuals
10. Children's Privacy
Our services are not directed to individuals under 18. We do not knowingly collect PHI from minors without parental consent as facilitated by the therapist.
11. State-Specific Privacy Rights
11.1 California Residents (CCPA)
California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information is collected and the right to deletion. Note that PHI is generally exempt from CCPA, but non-health information is covered.
11.2 Other States
Residents of other states with specific privacy laws (Virginia, Colorado, etc.) may have similar rights. Contact us to exercise these rights.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify therapist clients of material changes via email at least 30 days before the changes take effect. Continued use of our services after changes constitutes acceptance of the updated policy.
13. Contact Us