Privacy Policy

Last updated: May 1, 2026

1. Overview

EMDR Sync ("we", "our", "us") is committed to protecting your privacy. This policy explains what information we collect, how we use it, and your choices.

2. Information We Collect

Account information

When you create an account we collect your name, email address, and a hashed password (managed by Netlify Identity / GoTrue). We never see or store your plaintext password.

Billing information

Payments are processed by Stripe. We store only the therapist email associated with an active subscription and a Stripe customer/subscription ID. Full card details are never transmitted to or stored on our servers.

Usage data

Our hosting provider (Netlify) collects standard server logs including IP addresses and request metadata for security and operational purposes. We do not add additional analytics or tracking cookies.

Session content

We do not record, transmit, or store any video, audio, or clinical session content. The bilateral stimulation runs entirely inside Zoom's sandboxed app environment on each participant's device.

3. How We Use Your Information

  • To create and manage your account
  • To process subscription payments and verify license status
  • To respond to support requests
  • To send transactional emails (account confirmation, password reset, billing receipts) — no marketing email without explicit opt-in

4. Data Sharing

We do not sell your data. We share limited information only with the service providers necessary to operate the platform:

  • Netlify — hosting, serverless functions, identity, and database
  • Stripe — payment processing
  • Zoom — the app runs within Zoom's platform; see Zoom's Privacy Policy

5. Data Retention

Account data is retained as long as your account is active. After account deletion, personal data is removed within 30 days except where retention is required by law (e.g. billing records).

6. Security

All data is transmitted over HTTPS. Passwords are hashed server-side. Database access is restricted to our serverless functions via a private connection string. We follow Netlify's security recommendations for all infrastructure.

7. Your Rights

Depending on your jurisdiction you may have the right to access, correct, or delete your personal data. To exercise these rights, contact us and we will respond within 30 days.

8. Cookies

We do not use tracking or advertising cookies. Netlify Identity uses a session token stored in localStorage (not a cookie) to keep you signed in.

9. Children's Privacy

The Service is intended for licensed professionals aged 18 and over. We do not knowingly collect personal data from minors.

10. Changes to This Policy

We may update this policy from time to time. The "Last updated" date at the top of this page will reflect any changes. Continued use of the Service constitutes acceptance.

11. Contact

Privacy questions or data requests? Contact us.