California Privacy Rights
Your data belongs to you. California law gives you powerful rights to control it. No legal jargon, just clear answers.
Last updated: December 2025
We Do Not Sell Your Data
TheraFocus has never sold personal information and never will. We also do not share your data for targeted advertising. Your trust matters more than any revenue we could make selling data.
Verified Commitment
No Sale of Personal Information
Your California Privacy Rights
Six key rights that give you control over your personal information. These are not just words on a page. You can actually use them.
Right to Know
Request a copy of all personal information we have collected about you, including sources and who we shared it with.
Right to Delete
Ask us to delete your personal information. We will comply unless legally required to keep it.
Right to Correct
If any information we have about you is wrong, you can request we fix it.
Right to Opt-Out
Opt out of the sale or sharing of your personal information. (We do not sell your data, but you can still submit this request.)
Right to Limit Sensitive Data
Restrict how we use sensitive personal information to only what is necessary for our services.
Right to Non-Discrimination
We will never penalize you for exercising your privacy rights. Same service, same prices.
How to Exercise Your Rights
Exercising your California privacy rights is straightforward
Choose Your Method
Email us, call us, or use your account settings.
Verify Your Identity
We will confirm it is really you making the request.
We Process Your Request
We respond within 45 days (90 days if complex).
Confirmation
You receive confirmation that your request was completed.
Contact Us to Make a Request
You can also designate an authorized agent to make requests on your behalf.
What Data Do We Collect?
A transparent look at the categories of personal information we collect. Notice the last column: we do not sell any of it.
| Category | Examples | Collected | Sold |
|---|---|---|---|
| Identifiers | Name, email, phone number, IP address | Yes | No |
| Personal Records | Address, payment information | Yes | No |
| Protected Classifications | Age, gender (if you provide it) | Limited | No |
| Commercial Information | Subscription history, purchases | Yes | No |
| Internet Activity | How you use our platform | Yes | No |
| Geolocation | General location from IP address | Yes | No |
| Professional Information | License number, credentials | Yes | No |
| Inferences | Preferences from usage patterns | Yes | No |
Where Does It Come From?
Directly from you
When you create an account, subscribe, contact us, or update your profile
Automatically
Through cookies and similar technologies when you use our website and platform
Service providers
Payment processors (for billing) and analytics providers (for understanding usage)
Public sources
Professional licensing databases, only to verify therapist credentials
What Do We Use It For?
We use your personal information for these business purposes and nothing else:
- Providing and improving our practice management platform
- Processing your subscription payments and billing
- Customer support when you need help
- Security, fraud prevention, and keeping bad actors out
- Understanding how people use our platform so we can make it better
- Sending you important updates about your account (not spam)
Global Privacy Control
We Honor GPC Signals
If your browser sends a Global Privacy Control signal, we recognize it as a valid opt-out request for California residents. Since we do not sell or share data for advertising anyway, this does not change how we handle your information.
HIPAA vs. CCPA
If you are a therapist using TheraFocus: Your client records and protected health information (PHI) are covered by HIPAA, not CCPA. HIPAA has even stronger privacy protections.
This CCPA notice applies to your personal account information as a user of our platform, not to the clinical data you manage for your clients.
Learn about HIPAA ComplianceHow Long Do We Keep Your Information?
We keep your personal information only as long as necessary. For active accounts, we retain your data while you use our service. After account deletion, most data is removed within 45 days, though some may remain in encrypted backups for up to 90 days.
Some information must be retained longer for legal reasons (e.g., billing records for tax compliance).
Frequently Asked Questions
Common questions about California privacy rights
Questions About Your California Privacy Rights?
We are here to help you understand and exercise your rights. If you have questions or want to make a privacy request, reach out.
We respond to verifiable requests within 45 days, with a possible 45-day extension for complex requests.
Related Documents