We built privacy into the architecture, not as an afterthought. Here is exactly what we collect, what we never collect, and why.
Information we collect
Account information
When you create a Thrum account, we collect your name, email address, professional credentials, and billing information. This is used solely to operate and personalize your account.
Clinical documentation data
Thrum stores the session notes, treatment plans, assessments, and clinical content you input after your sessions. This content is encrypted, stored on HIPAA-compliant infrastructure, and is never used to train AI models without your explicit consent.
Usage data
We collect standard technical data — feature usage patterns, device type, and session duration — to improve the platform. This data is aggregated and anonymized; it cannot be linked back to individual patients.
What we never collect
No ambient listening. Ever. Unlike some AI documentation platforms, Thrum does not and will never record, transcribe, or analyze live therapy sessions. There is no microphone access, no background audio capture, and no real-time monitoring of clinical encounters. This is an architectural decision — not a policy that can be toggled.
We do not collect biometric data, geolocation, patient contact information you have not explicitly entered, or any data that would allow us to identify your patients independently. We do not build behavioral profiles of your clients or infer clinical diagnoses from platform activity.
How we use your data
Your clinical documentation data is used exclusively to power the features you access: generating structured notes, building the Golden Thread narrative timeline, surfacing treatment patterns, and producing compliant documentation. It is not used for advertising, sold to third parties, or shared with other Thrum subscribers.
Aggregated, anonymized platform analytics help us understand which features are most valuable and where to invest in development. No individual clinician or patient can be identified from this data.
Sharing & third parties
Thrum does not sell your data. We work with a limited set of service providers — including cloud infrastructure and payment processors — under strict data processing agreements. These vendors process data only as necessary to operate our services and are prohibited from any other use.
We may disclose information if required by law or to respond to valid legal process. If we receive a subpoena or government request affecting your data, we will notify you to the extent permitted by law.
HIPAA & Business Associate Agreement
Thrum is designed to support HIPAA-compliant clinical workflows. A Business Associate Agreement (BAA) is available upon request for all Practitioner and Enterprise subscribers. Enterprise accounts receive a custom compliance and security review as part of onboarding.
Responsibility notice: It is the responsibility of the subscribing clinician or organization to ensure their overall documentation practices meet applicable federal and state regulations. Thrum provides the infrastructure and tools; clinical judgment and compliance oversight remain with the provider.
Data retention & deletion
Your clinical data is retained for as long as your account is active. You may export your full data archive at any time from account settings. Upon account cancellation, data is retained for 30 days before permanent deletion, giving you time to export any records you need.
Free trial data is retained for 30 days after trial expiration before permanent deletion. No data from trial accounts is carried over unless you convert to a paid plan.
Your rights
Depending on your jurisdiction, you may have the following rights with respect to your personal data.
Access & portability
Access all data Thrum holds on you and export it in a portable format at any time from your account settings.
Correction
Update or correct your account information at any time through settings.
Deletion
Request deletion of your account and all associated data. Requests are processed within 30 days.
Opt-out of analytics
Opt out of anonymized usage analytics at any time through your account privacy settings.
Contact us
Questions about this policy, requests for a BAA, or data-related inquiries can be directed to our team. We respond to privacy-related requests within one business day for active subscribers.
Privacy inquiries
privacy@thrum.ai
Policy questions & data requests
Active subscribers
support@thrum.ai
Same-day response for paid accounts
BAA & Enterprise
hello@thrum.ai
Compliance reviews & agreements
Our core commitment to you
Thrum was built without session recordings by design. We will never record your therapy sessions. Your clinical judgment — and the sacred trust of the therapeutic relationship — belongs to you, not to an algorithm.
Thrum is built with and for doctoral-level clinicians. Start using it
today — and help shape the future of clinical documentation.
