Security & Privacy
You're trusting us with your professional information. Here's exactly how we protect it — in plain language.
The Short Version
- ✓Your data is encrypted in transit using TLS 1.3
- ✓Access controls ensure only you and your supervisor see your records
- ✓We don't sell data, show ads, or share your information with third parties
- ✓You can export or delete everything anytime, no questions asked
How We Protect Your Data
Encryption in Transit
All data sent between your browser and our servers is encrypted using TLS 1.3. This means your information is protected while traveling across the internet.
In simple terms: When you submit information, it's encrypted so no one can intercept it in transit.
Secure Authentication
Passwords are hashed using industry-standard algorithms. We never store your actual password, only a mathematical fingerprint that can't be reversed.
In simple terms: We can't see your password. If you forget it, we can only help you create a new one.
Trusted Infrastructure
Our database is hosted on Supabase, which runs on AWS infrastructure with SOC 2 Type II certification. Our application is hosted on Vercel with enterprise-grade security.
In simple terms: We use reputable cloud providers with strong security track records.
Access Controls
Row-level security ensures other users cannot see your data. Your messages and session records are only accessible to you and your connected supervisor through the app.
In simple terms: Other users on the platform cannot see your records. The system enforces this automatically.
Our Commitment
While platform administrators have technical access to the database for maintenance and support, we are committed to not accessing your private messages or session details without your explicit consent or a legal requirement.
In simple terms: We have the ability to access data for support, but we commit to respecting your privacy.
PDPA Aligned
We follow Singapore's Personal Data Protection Act guidelines. We only collect data necessary for the service, and you can request deletion at any time.
In simple terms: We follow Singapore's privacy laws and only keep what we need.
Common Questions
Can OurPracticeCircle staff see my messages or session data?
Technically, yes. As platform administrators, we have database access for maintenance and support purposes. However, we are committed to not accessing your private messages or session details without your explicit consent or a legal requirement. We use email services (Resend) where notification content is visible to us. For sensitive clinical discussions, we recommend using secure channels outside the platform.
What happens to my data if I delete my account?
When you delete your account, all your personal data is permanently removed from our systems within 30 days. This includes your profile, session logs, and messages. We may retain anonymized, aggregated data for analytics (e.g., total hours tracked across the platform) that cannot be linked back to you.
Is my data stored in Singapore?
Our infrastructure providers (Supabase/AWS and Vercel) use globally distributed servers with primary operations in regions that comply with international data protection standards. Data may be processed in Singapore, the US, or other regions depending on server routing. Data is encrypted in transit using TLS.
Do you sell data to third parties?
Absolutely not. We don't sell, rent, or share your personal data with anyone. We don't show ads and have no advertising partners. Your data is used only to provide the service.
What if there's a data breach?
In the unlikely event of a security incident, we will notify affected users within 72 hours as required by PDPA. We maintain security logs and have incident response procedures in place. Our infrastructure providers maintain SOC 2 Type II certification.
How do I export or delete my data?
You can export your supervision records anytime from your dashboard in PDF or Excel format. To delete your account, go to Settings > Account > Delete Account. The process is self-service and you don't need to contact us.
For the Technically Curious
Still Have Questions?
Security is important. If you have specific questions about how we handle your data, please reach out.