This page provides an overview of key GDPR principles for therapists and explains how TherapyLaunch designs its platform to support lawful, secure, and privacy-focused handling of personal data. This is general information, not legal advice. Each practice is responsible for its own GDPR compliance and should consult a qualified professional where needed.

1) Data minimisation

TherapyLaunch is designed to collect only the information necessary for running a professional therapy website. We avoid unnecessary fields in forms and allow you to configure which details you request from clients. You should only ask for information essential to your service (e.g., name, contact details).

2) Lawful basis and transparency

Our templates support clear, accessible privacy notices. You can easily describe your lawful basis for processing client data—typically legitimate interest, performance of a contract, or consent. We provide sections where you can link to your full Privacy Policy and explain how client information is used and protected.

3) Security of data

All TherapyLaunch sites enforce HTTPS by default, encrypting data in transit. Administrators can enable multi-factor authentication, use strong passwords, and limit user roles to ensure only essential team members can access sensitive data. We also encourage best practices such as regular password rotation and restricting access to devices you trust.

4) Data storage and retention

TherapyLaunch does not store payment details (as we no longer offer payment processing). Personal information provided through your website—such as contact form submissions—is stored securely. You can delete entries at any time, and our system removes deleted data from active storage promptly.

5) Right to access, correction, and erasure

GDPR grants individuals rights over their data, including the right to request access, corrections, or deletion. TherapyLaunch gives you direct control over client-submitted data so you can fulfil these requests quickly and transparently. We also provide guidance on how to respond to common client privacy requests.

6) Secure contact forms

Our contact forms are designed with security in mind. We filter malicious inputs, protect against common attacks (like injection), and ensure messages are transmitted over encrypted connections. No sensitive health information (e.g., clinical history) should be requested through these forms unless you have explicit consent and a lawful basis.

7) Avoiding unnecessary tracking

TherapyLaunch avoids embedding invasive analytics tools by default. If you choose to add third-party scripts (e.g., Google Analytics), we provide guidance on configuring privacy-friendly settings such as IP anonymisation, cookie consent, and minimal data retention periods.

8) International data transfers

We ensure our hosting providers and tools follow GDPR-aligned safeguards, including standard contractual clauses where appropriate. You can review all sub-processors in our Privacy Policy and ensure your own data protection documentation reflects them.

9) How TherapyLaunch helps

Privacy-first templates: Built-in pages for policies, consent messaging, and client rights.

HTTPS everywhere: Encrypted connections for all user interactions.

Access hygiene: Strong passwords, MFA options, and granular admin permissions.

Secure infrastructure: Regular updates, security monitoring, and industry-standard hosting safeguards.

Clear data control: You can export or delete client data at any time.