Privacy Policy.
Effective April 24, 2026
Conjoin is a HIPAA compliant therapy AI built for couples therapy progress notes — and this policy is the short version of how we protect the clinical content that flows through it.
- Session audio is never stored — it streams to our transcription partner and is discarded after the transcript is returned.
- Transcripts and drafted notes (SOAP, DAP, and Gottman-informed couples templates available on the templates page) are encrypted at rest with AES-256 and scoped per clinician.
- We sign a Business Associate Agreement with every sub-processor that touches PHI, and we never train AI models on your content.
Want the deeper story on how an AI therapy note generator can meet the HIPAA Security Rule? Read our companion guide: HIPAA-compliant therapy notes — what clinicians actually need to check. For the federal rule text itself, see the HHS HIPAA regulations.
Conjoin, Inc. (“Conjoin,” “we,” “our”) builds a mobile and web application that helps licensed mental-health clinicians draft session progress notes. This policy explains what information we collect when you use Conjoin, how we use it, who we share it with, and the rights you have over it. It applies to our website at conjoin.app, our iOS and Android apps (see the install page for mobile download), and any other Conjoin-operated service that links to this policy.
Conjoin is designed to be used by a licensed clinician acting as a HIPAA Covered Entity. When you record a session, the content of that recording is Protected Health Information (“PHI”). Conjoin handles PHI only as your Business Associate, under a Business Associate Agreement (“BAA”) executed when you subscribe to a paid plan — see pricing for plan details.
1. What we collect
Account information. When you sign up we store your email address, a one-time password (hashed) or OAuth identifier, and any profile details you enter: full name, clinical license state, license number, license type, and specialty.
Clinical content. When you record a session, audio is streamed directly from your phone to our transcription partner (Deepgram) and immediately discarded after transcription. We retain the resulting transcript and the structured note generated from it. We also store any client pseudonyms (e.g., “M&J”), custom client context you enter, and session metadata (date, duration, template, modality tags).
Subscription information. We record your plan tier, subscription status, and receipts for purchases processed by Apple or Google. We never see or store your payment card number.
Usage telemetry. We collect non-identifying product analytics (feature events, error reports, session counts) to debug and improve the app. Analytics events never contain transcript content, note content, client labels, or names.
Device information. Standard log data: IP address, user agent, device type, and approximate geolocation derived from IP. This is retained for security and audit purposes.
2. How we use it
We use your information only to:
- Authenticate you and keep your account secure.
- Transcribe your session audio (via Deepgram) and generate a structured progress note (via Anthropic Claude) on your behalf.
- Store and display your transcripts, notes, clients, and templates across your devices.
- Process your subscription and comply with tax, billing, and regulatory requirements.
- Detect abuse, diagnose bugs, and improve reliability.
- Communicate with you about product changes, security issues, and account notices.
We do not use your transcripts, notes, or clinical content to train artificial-intelligence models — ours or anyone else’s. Our contracts with Deepgram and Anthropic prohibit them from doing so.
3. How audio is handled
Session audio is streamed from your phone directly to Deepgram’s transcription endpoint under TLS 1.2+, using a short-lived token minted server-side for each session. Deepgram converts the audio to text and returns the transcript, and we discard the audio. We never write session audio to a file on our servers and we never persist audio blobs client-side beyond the length of the recording.
4. Who we share it with
We share data only with the sub-processors needed to operate Conjoin. Every sub-processor that touches PHI carries a signed Business Associate Agreement with us.
| Sub-processor | Purpose | BAA |
|---|---|---|
| Supabase, Inc. | Authentication, database, edge compute | Yes (Pro plan) |
| Deepgram, Inc. | Streaming speech-to-text | Yes |
| Anthropic, PBC | Note drafting via Claude | Yes |
| RevenueCat, Inc. | Subscription entitlements | Yes |
| Apple App Store / Google Play | In-app purchase processing | Not applicable |
| Vercel, Inc. | Marketing website hosting | Not applicable |
| Expo, Inc. (EAS) | Mobile build infrastructure | Not applicable |
Apple, Google, Vercel, and Expo never receive PHI — they handle payments or non-clinical infrastructure only.
We do not sell personal data. We do not share personal data for behavioral advertising. We will disclose information to law enforcement only when compelled by a valid legal process, and we will notify the affected Covered Entity unless prohibited by law.
5. Security
All data is encrypted in transit with TLS 1.2 or higher. Transcripts, notes, and other PHI are encrypted at rest using AES-256 inside our database. Row-level security enforces that every query runs scoped to the owning clinician — no clinician can ever read another clinician’s data.
Access to production systems is limited to a small number of authenticated Conjoin personnel, logged on every read and write, and audited quarterly. We maintain an Incident Response Plan; in the event of a breach affecting PHI, we notify affected Covered Entities within sixty (60) days as required by the HIPAA Breach Notification Rule (45 CFR § 164.410).
6. HIPAA compliant therapy AI: the BAA
A BAA is executed automatically when you activate a paid subscription. The BAA governs Conjoin’s obligations as your Business Associate under 45 CFR §§ 164.502(e) and 164.504(e), including permitted uses, safeguards, subcontractor flow-down, breach notification, access, amendment, accounting, and return-or-destruction of PHI. You can download an executed copy of your BAA any time from Settings → Privacy inside the mobile app or from your dashboard on the web. For a plain-English walkthrough of what a HIPAA compliant therapy AI actually has to do, see our HIPAA therapy notes guide or browse the Conjoin blog for more on couples therapy documentation.
7. Data retention and deletion
We retain your account data for as long as your account is active. You can delete any individual session, any client, or your entire account at any time. When you delete your account, all PHI — transcripts, notes, client records — is permanently purged from our production database within thirty (30) days. Backups cycle out within ninety (90) days.
Audit logs required for HIPAA compliance are retained for six (6) years in accordance with 45 CFR § 164.316(b)(2). These logs do not contain transcript or note content — only metadata (who did what, when).
8. Your rights
Regardless of where you live, you have the following rights over information we hold about you:
- Access. Download a complete copy of your data as JSON from Settings → Privacy.
- Correction. Edit profile, license, and clinical content inside the app, or email privacy@conjoin.app.
- Deletion. Delete individual records or your entire account from Settings → Privacy. Deletions are irreversible.
- Portability. Exported data is provided in open JSON format.
- Objection. You can ask us to stop processing your data for any non-essential purpose by emailing privacy@conjoin.app.
California residents have additional rights under the California Consumer Privacy Act; EU/EEA/UK residents have additional rights under the GDPR. To exercise any of these, email privacy@conjoin.app with “Privacy request” in the subject line. We respond within thirty (30) days.
9. Children’s privacy
Conjoin is intended solely for use by licensed mental-health clinicians. We do not knowingly collect information from anyone under the age of 18. If we learn we have collected such information, we delete it promptly.
10. International transfers
Conjoin stores and processes data in the United States. If you access Conjoin from outside the United States, you consent to the transfer, storage, and processing of your data in the United States. Where required, we rely on Standard Contractual Clauses for international transfers of personal data.
11. Analytics and mobile push
We use product analytics (currently PostHog, self-hosted) to understand feature adoption and diagnose bugs. Analytics events carry only non-identifying identifiers and event metadata — never transcript content, note content, client names, or real patient names. If you enable push notifications on mobile, we send reminders only (e.g., “you have a draft note pending review”); notification payloads never contain clinical content.
12. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will update the Effective Date at the top of this page. For material changes that affect how we treat PHI, we will notify you by email at least thirty (30) days before the change takes effect. Continued use of Conjoin after that period constitutes acceptance of the updated policy.
13. Contact
Privacy questions or requests: privacy@conjoin.app
Security incidents or vulnerability reports: security@conjoin.app
HIPAA compliance and BAA requests: compliance@conjoin.app
Conjoin, Inc.
Effective April 24, 2026