Learn how PR-TOP protects your clients' most sensitive data with industry-leading security measures.
PR-TOP collects only the data strictly necessary for providing the therapeutic assistant service. We do not collect browsing habits, advertising identifiers, or any data unrelated to the therapist-client workflow.
Analytics are powered by Umami, a privacy-first, cookie-free analytics platform that collects no personal data and is fully GDPR-compliant.
Clients and therapists can request complete data deletion at any time. When a deletion request is processed, all associated data — diary entries, session recordings, transcripts, notes, and AI-generated summaries — is permanently and irreversibly removed from the database.
Encrypted backups are rotated on a schedule, ensuring that deleted data does not persist in backup storage beyond the retention window.
PR-TOP implements granular consent controls that give clients full authority over their data:
For organizations and clinics, PR-TOP provides a Data Processing Agreement template that outlines the responsibilities of both parties regarding personal data handling.
The DPA covers data processing purposes, security measures, sub-processor agreements, breach notification procedures, and data subject rights.
PR-TOP supports deployment within the European Union to ensure that data never leaves EU jurisdictions. This satisfies the GDPR requirement for lawful data transfers.
For self-hosted deployments, therapists have complete control over where their data is physically stored and processed.