Privacy Policy

1. Introduction

TheraKonnect is a digital platform designed to help patients connect with therapists and to help therapists, supervisors, and clinics manage therapy-related workflows, appointments, records, and patient notes.

This Privacy Policy explains how TheraKonnect collects, uses, stores, protects, and restricts access to personal data and therapy-related information.

TheraKonnect has different user roles:

• Patient
• Therapist
• Supervisor
• Clinic
• Super Admin

Each role has different access permissions and privacy responsibilities.

2. Important Privacy Commitment

Patient records, therapy notes, clinical notes, appointment details, and mental health-related information are private and are accessible only to authorized users who need access for therapy, supervision, clinic, platform support, security, or legal compliance.

Patient therapy records and notes are primarily for:

• The patient's therapist
• The therapist's authorized supervisor
• The authorized clinic, where the patient is receiving services through a clinic
• Restricted TheraKonnect administrative access only where necessary

3. Information We Collect

TheraKonnect may collect different information depending on the user role.

A. Patient Privacy Policy

A1. Information Collected from Patients

When a patient uses TheraKonnect, we may collect:

• Full name
• Phone number
• Email address
• Age or date of birth
• Gender
• City or location
• Login details
• Appointment bookings
• Therapist selection
• Therapy preferences
• Patient history shared by the patient
• Therapy records and clinical notes created by the therapist
• Supervisor review notes, where supervision applies
• Clinic records, where the patient is registered through a clinic
• Payment or billing details, where applicable
• Messages or communication through the platform
• Device, browser, IP address, and login activity

A2. How Patient Information Is Used

Patient information is used to:

• Create and manage the patient account
• Book and manage therapy appointments
• Connect the patient with therapists
• Allow therapists to provide therapy services
• Maintain therapy notes and patient records
• Allow authorized supervisors to review therapist work
• Allow clinics to manage patient care and administration
• Send appointment reminders and service notifications
• Provide technical support
• Protect platform security
• Comply with legal or safety requirements

A3. Who Can Access Patient Information

Patient data may be accessed only by authorized users, including:

A4. Patient Data Is Not Shared for Marketing

TheraKonnect does not share patient therapy records, clinical notes, or mental health information with advertisers, marketers, data brokers, or unrelated third parties.

A5. Patient Rights

Patients may request:

• Access to their personal information
• Correction of inaccurate information
• Account closure
• Deletion of certain personal information
• Restriction of non-essential communication
• Information about how their data is used

Some records may not be deleted immediately if they are required for therapy records, legal compliance, clinic obligations, dispute resolution, safety, or professional recordkeeping.

B. Therapist Privacy Policy

B1. Information Collected from Therapists

TheraKonnect may collect:

• Full name
• Phone number
• Email address
• Profile photo
• Qualifications
• Professional experience
• Specialties
• License, certification, or verification details, where applicable
• Clinic affiliation
• Availability schedule
• Appointment history
• Patient records created by the therapist
• Therapy notes and session notes
• Supervisor comments or review history
• Payment or payout details, where applicable
• Login activity and platform usage

B2. How Therapist Information Is Used

• Create and manage therapist accounts
• Verify therapist identity and qualifications
• Display therapist profiles to patients
• Manage appointment availability
• Connect therapists with patients
• Support clinic and supervision workflows
• Maintain therapy records and notes
• Process payments or payouts, where applicable
• Handle complaints, disputes, or quality concerns
• Protect platform security

B3. Therapist Profile Visibility

Some therapist information may be visible to patients or clinics, including:

• Name
• Profile photo
• Qualifications
• Specialties
• Experience
• Availability
• Consultation mode
• Fee information, where applicable

Therapists are responsible for ensuring their profile information is accurate, professional, and not misleading.

B4. Therapist Responsibility for Patient Data

Therapists must protect patient confidentiality. Therapists must not:

• Share patient information without authorization
• Download or copy patient records unnecessarily
• Use patient data for marketing
• Discuss patient cases outside authorized clinical or supervision settings
• Share login credentials
• Allow unauthorized persons to access patient records
• Record sessions without proper consent
• Use patient information for personal or unrelated purposes

C. Supervisor Privacy Policy

C1. Information Collected from Supervisors

• Full name
• Phone number
• Email address
• Qualifications
• Professional experience
• Clinic affiliation
• Assigned therapists
• Supervision notes
• Case review comments
• Login activity
• Platform usage history

C2. How Supervisor Information Is Used

• Create and manage supervisor accounts
• Assign therapists for supervision
• Review therapist work
• Support clinical quality and professional oversight
• Maintain supervision records
• Monitor platform compliance
• Support clinic administration

C3. Supervisor Access to Patient Records

Supervisors may access patient records only where:

• The therapist is assigned to the supervisor
• The clinic or platform has authorized the supervision relationship
• Access is required for reviewing therapy work, case notes, clinical quality, or professional guidance

Supervisors must not access unrelated patient records.

C4. Supervisor Confidentiality Duties

Supervisors must keep patient, therapist, and clinic information confidential. Supervisors must not:

• Share patient records externally
• Use patient information for teaching, research, publication, or marketing without proper authorization
• Access records outside their assigned supervision role
• Copy, export, or disclose therapy notes without permission
• Use patient information for personal purposes

E. Super Admin Privacy Policy

E1. Information Collected from Super Admins

• Full name
• Work email
• Role and permission level
• Login activity
• Administrative actions
• Support activity
• Security and audit logs

E2. Super Admin Access

Super Admins may have elevated platform access. However, access to patient data must be limited to authorized purposes only. Super Admins may access data only for:

• Technical troubleshooting
• Platform support
• Security monitoring
• Account management
• Audit and compliance
• Investigation of misuse
• Legal or safety requirements

E3. Super Admin Restrictions

Super Admins must not:

• View patient records without a valid reason
• Use patient data for personal purposes
• Export data without authorization
• Share access credentials
• Modify records without permission
• Disclose patient, therapist, clinic, or platform information
• Access records outside assigned duties

Super Admin actions may be logged, monitored, and audited.

4. How We Use Information Generally

TheraKonnect may use collected information to:

• Provide the platform
• Create and manage accounts
• Verify users
• Manage appointments
• Maintain therapy records
• Support therapist-supervisor workflows
• Support clinic management
• Send appointment reminders
• Provide customer support
• Improve platform functionality
• Prevent fraud or misuse
• Protect user accounts
• Maintain security logs
• Comply with legal obligations

5. Sharing and Disclosure of Data

TheraKonnect does not sell, rent, trade, or commercially share patient data.

Patient data, therapy records, session notes, and clinical notes are accessible only to authorized users who require access for the purpose of providing, managing, supervising, or supporting therapy services within the TheraKonnect platform.

TheraKonnect may allow access to patient information only in the following limited circumstances:

5.1 Therapist Access

Patient data may be accessed by the therapist selected by the patient or assigned by the clinic for the purpose of providing therapy services, managing appointments, maintaining clinical notes, and supporting continuity of care.

5.2 Supervisor Access

Patient records and therapy notes may be accessed by an authorized supervisor only where the supervisor is responsible for reviewing, guiding, monitoring, or supervising the therapist's clinical work. Supervisor access is limited to the patient records connected to the therapist or clinic under supervision.

5.3 Clinic Access

Where the patient receives services through a clinic, authorized clinic personnel may access patient information only for legitimate clinical, administrative, appointment-management, supervision, billing, or recordkeeping purposes. Clinic staff must not access, use, copy, export, or disclose patient information unless required for their assigned role.

5.4 Platform Administrative Access

TheraKonnect's authorized technical or administrative personnel may access patient data only when necessary for platform operation, troubleshooting, security, account support, audit, or legal compliance. Administrative access is restricted, monitored, and limited to authorized purposes.

5.5 Legal Requirement or Safety Concern

TheraKonnect, therapists, supervisors, or clinics may disclose limited patient information only where required by applicable law, court order, regulatory authority, or where disclosure is necessary to prevent serious harm, protect life, respond to abuse, or address an immediate safety risk.

5.6 No Third-Party Sharing for Marketing

TheraKonnect does not share patient data, therapy notes, clinical records, or mental health information with advertisers, marketers, data brokers, or unrelated third parties.

5.7 Service Providers

TheraKonnect may use secure technology service providers such as hosting, storage, security, or system infrastructure providers only to operate and maintain the platform. Such providers are not permitted to use patient data for their own purposes, marketing, profiling, resale, or unrelated processing.

6. Data Security

TheraKonnect uses reasonable technical and organizational measures to protect user data. These may include:

• Role-based access control
• Password protection
• Secure login systems
• Limited user permissions
• Activity logs
• Admin access monitoring
• Data backup systems
• Secure hosting infrastructure
• Security reviews and internal controls

Users are responsible for keeping their login credentials private and secure. TheraKonnect is not responsible for unauthorized access caused by user negligence, shared passwords, weak passwords, compromised devices, or failure to log out from shared devices.

7. Data Retention

TheraKonnect retains personal data only as long as necessary for:

• Providing platform services
• Maintaining patient therapy records
• Appointment history
• Clinic administration
• Supervision records
• Payment or billing records
• Legal compliance
• Safety or dispute resolution
• Security and audit logs

Therapy notes and patient records may need to be retained even after account closure where required for professional, legal, clinic, safety, or recordkeeping purposes.

8. Account Closure and Data Deletion

Users may request account closure or deletion of certain personal information by contacting:

Email: contact@therakonnect.com

TheraKonnect may not be able to delete all information immediately where retention is required for:

• Therapy recordkeeping
• Clinic records
• Legal obligations
• Payment records
• Dispute resolution
• Fraud prevention
• Safety concerns
• Security logs
• Compliance purposes

Where deletion is not possible, TheraKonnect may restrict, archive, or limit access to the information.

9. Confidentiality

All therapists, supervisors, clinics, clinic staff, and Super Admins must maintain confidentiality of patient information. Patient information must not be disclosed except as allowed under this Privacy Policy, applicable law, professional obligations, clinic policy, or patient consent.

Unauthorized access, use, copying, export, or disclosure of patient information may result in account suspension, termination, legal action, or reporting to relevant authorities.

10. Children and Minors

TheraKonnect may allow services for minors only where appropriate consent is provided by a parent, guardian, or legally authorized representative, unless applicable law allows otherwise.

Therapists and clinics are responsible for ensuring proper consent and safeguarding procedures when providing services to minors.

11. Cookies and Technical Data

TheraKonnect may use cookies or similar technologies to:

• Keep users logged in
• Remember preferences
• Improve platform performance
• Monitor security
• Detect misuse
• Understand platform usage

Users may disable cookies through browser settings, but some platform features may not work properly.

12. Communications

TheraKonnect may send users:

• Account notifications
• Appointment reminders
• Security alerts
• Platform updates
• Payment or billing notices
• Support messages
• Policy updates

TheraKonnect may also send non-essential communication where permitted. Users may opt out of non-essential communication.

13. Data Accuracy

Users are responsible for providing accurate and updated information. Therapists, supervisors, and clinics are responsible for ensuring that records, notes, profiles, and professional details entered by them are accurate, appropriate, and lawful.

14. International Hosting or Storage

TheraKonnect may use cloud hosting, storage, or technical infrastructure located inside or outside Pakistan. Where data is stored or processed through service infrastructure, TheraKonnect will take reasonable steps to protect the data and restrict access according to this Privacy Policy.

15. Breach or Security Incident

If TheraKonnect becomes aware of a security incident affecting user data, it may take appropriate steps, including:

• Investigating the issue
• Restricting affected access
• Notifying affected users where appropriate
• Taking corrective action
• Cooperating with relevant authorities where required

Users must immediately report suspected unauthorized access to: contact@therakonnect.com

16. User Responsibilities

All users must:

• Keep login details confidential
• Use strong passwords
• Not share accounts
• Not access data without authorization
• Not copy, export, or misuse patient records
• Report unauthorized access
• Use the platform only for lawful purposes
• Respect patient confidentiality and privacy

17. Changes to This Privacy Policy

TheraKonnect may update this Privacy Policy from time to time. The updated version will be posted on the website with a new effective date. Continued use of TheraKonnect after changes means acceptance of the updated Privacy Policy.

18. Contact Us

For privacy questions, data requests, account deletion, or complaints, contact: