Privacy Policy

Last updated: May 4, 2026. This policy explains how EMDRSuite handles account, billing, patient workspace, session, support, and website information when therapists use the platform.

Who we are

EMDRSuite provides remote EMDR software for therapists. The legal operator details, postal address, and tax information should be completed in the Legal Notice before accepting live customers.

Information we collect

We may process therapist account details, professional name, email address, billing identifiers, subscription status, patient profile metadata entered by the therapist, BLS configuration, clinical notes, session links, device/browser data, security logs, and support messages.

Clinical information

Therapists decide what patient information to enter. EMDRSuite should only be used to store information that is necessary for the therapist's workflow, and therapists remain responsible for consent, lawful basis, retention choices, and professional recordkeeping duties.

How we use information

We use information to create accounts, authenticate therapists, provide patient links, operate realtime session controls, process subscriptions, provide support, secure the service, improve reliability, and comply with legal obligations.

Payments

Payments and subscription billing are processed by Stripe. EMDRSuite does not store full card numbers. Stripe may process payment details, billing address, fraud signals, and tax information according to Stripe's own terms and privacy notices.

Sharing and subprocessors

We share data only with service providers needed to operate the platform, such as hosting, database, billing, email, analytics if enabled, and security services. Current subprocessors are listed on the Subprocessors page.

International transfers

Data may be processed in countries outside the user's country. Where required, EMDRSuite should use appropriate safeguards such as contractual commitments, data processing terms, and vendor due diligence.

Retention

Account and billing records are retained for the period required to provide the service and meet legal obligations. Patient records and clinical notes should be retained or deleted according to therapist settings, professional duties, and applicable law.

Your rights

Depending on location, users may request access, correction, deletion, portability, restriction, objection, or withdrawal of consent. Requests can be sent to legal@emdrsuite.com.

Security

EMDRSuite uses HTTPS, protected authentication, access controls, privacy-aware logging, and database security measures. No internet service can guarantee absolute security.