Privacy Policy

Last Updated: March 16, 2026

At Tmind AI ("we," "our," or "us"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our websites, platform, and services (collectively, the "Services").

This Policy applies to all users of the Tmind AI platform, including therapists, clinical supervisors, supervisees, students, and institutional educators or administrators.

1. Information We Collect

We collect information that helps us provide and improve our Services:

Account Information

  • Name, email address, and password
  • Professional credentials, licensure status, and institutional affiliation
  • Role on the platform (e.g., therapist, supervisor, supervisee, student, learner, educator, administrator)

Usage Information

  • Log data such as IP address, device type, browser type, and access timestamps
  • Platform activity and feature usage patterns

Training and Simulation Data

  • Text or voice inputs entered during AI simulation sessions
  • Session performance metrics and AI-generated feedback

AI simulation sessions use synthetic scenarios. Users should not enter real patient information into simulation environments.

Matching and Clinical Workflow Data

  • Supervisor and supervisee profile information used to facilitate matching
  • Therapist profile information used to facilitate therapist-patient matching
  • Patient profile information provided through the matching intake process, which may constitute Protected Health Information (PHI) under HIPAA
  • Case-related information shared between supervisees and supervisors through the platform's clinical supervision workflow

Payment Information

  • Billing details processed securely through Stripe. Tmind AI does not store full payment card numbers.

2. How We Use Your Information

We use your information to:

  • Provide, operate, and improve our Services
  • Manage your account and verify your identity
  • Facilitate supervisor-supervisee and therapist-patient matching
  • Support clinical training, simulation, and supervision workflows
  • Process payments and manage billing
  • Send service-related communications, product updates, and support responses
  • Meet legal, regulatory, and contractual obligations

We do not sell your personal data. We do not share your information with advertisers or unrelated third parties.

3. HIPAA and Protected Health Information

Certain features of the Tmind AI platform, including therapist-patient matching and clinical supervision workflows, may involve the processing of Protected Health Information (PHI) as defined under HIPAA.

Where applicable, Tmind AI acts as a Business Associate and handles PHI in accordance with our HIPAA Notice of Privacy Practices.

  • PHI is accessed only by authorized users with a legitimate clinical or supervisory role
  • Patient profile information is only disclosed to matched therapists within the platform
  • PHI is never used for advertising, analytics, or any non-clinical purpose

Users who handle real patient information through the platform are responsible for ensuring their own compliance with applicable HIPAA obligations.

4. Data Storage and Security

We take the security of your data seriously:

  • All data is hosted on Google Cloud Platform (GCP) with AES-256 encryption at rest
  • All data in transit is protected with TLS encryption
  • Access to production data is limited to authorized personnel under strict role-based permissions
  • We regularly review access logs, rotate credentials, and monitor for vulnerabilities
  • Our security practices are designed to meet SOC 2 Type II standards

5. Data Retention and Deletion

  • We retain your data only as long as necessary for operational, legal, or educational purposes
  • You may request deletion of your account and associated data at any time by contacting hi@tmind.ai
  • Upon verified request, your data will be securely deleted from production systems within 30 days
  • Certain records may be retained longer where required by law or for legitimate audit purposes

For PHI subject to HIPAA, retention and deletion timelines also follow applicable federal and state healthcare data regulations.

6. Data Sharing and Subprocessors

To deliver our Services, we work with trusted vendors who meet strong security and compliance standards:

  • Google Cloud Platform (GCP) - cloud hosting and storage
  • OpenAI - AI language model processing for simulation and matching features
  • Stripe - payment processing

Each subprocessor is contractually bound to protect your data under applicable privacy regulations. We do not authorize subprocessors to use your data for their own purposes.

7. Your Rights

Depending on your location and applicable law, you may have the right to:

  • Access, correct, or delete your personal data
  • Request a portable copy of your data
  • Withdraw consent for certain types of processing
  • Object to or restrict certain uses of your data
  • For PHI: exercise the additional rights described in our HIPAA Notice of Privacy Practices

To exercise any of these rights, contact us at hi@tmind.ai. We will respond within 30 days.

8. Educational Privacy (FERPA)

For institutional users in the United States, Tmind AI complies with the Family Educational Rights and Privacy Act (FERPA).

  • When our Services are used by educational institutions (universities, colleges, training programs), student records remain the property of and under the control of the institution
  • Tmind AI acts solely as a service provider ("school official" under FERPA), processing educational data on behalf of the institution per their instructions
  • We do not share, sell, or disclose student information to unauthorized third parties
  • Institutions may request deletion or return of student-related data at any time by contacting hi@tmind.ai

9. Compliance Framework

Tmind AI aligns with the following regulatory frameworks:

  • HIPAA - Protection of health-related and patient-matching data
  • FERPA - Privacy of educational records for institutional users
  • SOC 2 Type II readiness - System security, availability, and confidentiality
  • CCPA - Privacy rights for California residents

10. Cookies and Tracking

Tmind AI uses cookies and similar technologies to support authentication, platform performance, and usage analytics. We do not use tracking cookies for advertising purposes. You may manage cookie preferences through your browser settings.

11. Children's Privacy

Tmind AI is designed for licensed and training mental health professionals and is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that a minor has provided us with personal data, we will delete it promptly.

12. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes to our Services or applicable regulations. If changes are significant, we will notify you by email before they take effect. The "Last Updated" date at the top of this document reflects the most recent revision.

13. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy, please reach out:

Email: hi@tmind.ai
Website: https://tmind.ai

This Privacy Policy applies to all users of the Tmind AI platform. For health information specifically, please also review our HIPAA Notice of Privacy Practices.