Legal
Last updated April 27, 2026 · Psyche Insights Ltd.
Psyche Insights Ltd. ("Psyche Insights", "we", "us") provides a cloud-based clinical management platform for ketamine and psychedelic-assisted therapy clinics. This Privacy Policy explains how we collect, use, and protect information when clinics and their staff use our Service. It does not govern the information that clinics collect from their patients — that is governed by each clinic's own privacy notices and applicable law (HIPAA, Israeli Privacy Protection Law, etc.).
We collect information in the following categories: • Account information: name, email address, clinic name, country, phone number, and billing details provided during signup and onboarding. • Usage data: log files, IP addresses, browser type, pages visited, features used, and session timestamps — collected automatically to operate and improve the platform. • Clinical data: patient records, appointment logs, clinical notes, forms, and assessments stored by clinics using the Service. We act as a data processor for this information — clinics are the data controllers. • Communications: messages sent through our in-platform messaging features and any support correspondence.
We use the information we collect to: (a) provide, operate, and maintain the Service; (b) process billing and manage subscriptions; (c) send transactional emails such as appointment reminders and account notifications; (d) provide customer support; (e) detect and prevent security incidents and fraudulent activity; (f) improve and develop the platform using aggregated, de-identified analytics. We do not use clinical patient data for any purpose other than operating the Service on behalf of the relevant clinic.
For US-based clinics, Psyche Insights acts as a HIPAA Business Associate. We process Protected Health Information (PHI) only under a signed Business Associate Agreement (BAA) with each clinic. PHI is not used for marketing, sold to third parties, or disclosed except as permitted under HIPAA and the applicable BAA. We implement administrative, physical, and technical safeguards designed to protect PHI as required by the HIPAA Security Rule.
For clinics operating in Israel, Psyche Insights processes health data as a "holder of a database" (meḥazik meida) under the Privacy Protection Law 5741-1981. We apply the security measures required by the Privacy Protection Regulations (Data Security) 5777-2017, including access controls, encryption in transit, audit logging, and periodic security reviews. Clinics are responsible for registering any required database registrations with the Israeli Privacy Protection Authority.
We implement industry-standard security measures including: TLS encryption for all data in transit; AES-256 encryption for data at rest; role-based access controls; multi-factor authentication options; audit logging of access to sensitive records; and regular security assessments. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security. In the event of a data breach affecting your clinic, we will notify you as required by applicable law.
We retain clinic account data for the duration of your subscription plus 30 days following termination, after which it is permanently deleted unless retention is required by applicable law. Clinical records may be subject to mandatory retention periods under healthcare law in your jurisdiction — please ensure your retention settings comply with local requirements. You may export your data at any time from the Settings section of the platform.
We do not sell your data or your patients' data. We share information only in the following circumstances: • Service providers: trusted sub-processors (cloud hosting, email delivery, payment processing) who are contractually bound to protect your data and use it only to provide their services to us. • Legal requirements: when required by law, court order, or to protect the rights and safety of our users or others. • Business transfers: in connection with a merger, acquisition, or sale of assets, with appropriate notice and data protection commitments to you. A list of our current sub-processors is available upon request.
We use essential cookies to maintain your authenticated session and remember your preferences. We do not use third-party advertising cookies or sell behavioral data to advertisers. We may use privacy-preserving analytics tools (using aggregated, non-identifiable data) to understand how the platform is used and improve it. You can disable non-essential cookies in your browser settings, though this may affect platform functionality.
Depending on your jurisdiction, you may have the right to: access the personal data we hold about your account; correct inaccurate account information; request deletion of your account data; export your data in a portable format; object to or restrict certain types of processing. To exercise any of these rights, contact us at privacy@psycheinsights.com. We will respond within 30 days. Note that your rights as a clinic administrator are distinct from the rights of your patients — patients should contact your clinic directly regarding their own records.
The Service is intended for healthcare professionals and is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided personal information to us, please contact us and we will promptly delete it.
We may update this Privacy Policy to reflect changes in our practices or applicable law. We will notify you of material changes by email or in-app notification at least 14 days before they take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.
For privacy-related questions, data requests, or to report a security concern, please contact our Privacy team at privacy@psycheinsights.com. For general support, visit the Help section within the platform.
Privacy questions? privacy@psycheinsights.com
← Terms of Service