P Privity
Home Privacy & HIPAA Request access
Legal

Privacy Policy

Bespoke Therapist Software Utah LLC — Privity
Last Updated: June 8, 2026
Section 1

Who we are

Privity is a documentation-assistance tool for licensed mental and behavioral health professionals, operated by Bespoke Therapist Software Utah LLC ("Bespoke," "we," "us," or "our"). This Privacy Policy explains what information we collect, how we use it, and the choices available to you.

This policy covers the Privity application and the Privity marketing website. It does not cover third-party services you reach through links or integrations, which have their own policies.

Section 2

The short version

  • We do not sell your personal information.
  • We do not use your information, or any patient information processed through the Services, to train any artificial intelligence model.
  • We do not persistently store session-note images, audio, transcriptions, or generated notes. They are processed in memory for a single request and then deleted.
  • Our marketing website uses no cookies, analytics, advertising pixels, trackers, or web forms.
  • The only personal information we retain is the operational and billing information needed to run accounts and credits.
Section 3

Information we collect

3.1 Marketing website

Our public marketing website does not collect personal information. It uses no cookies, no analytics, no advertising or tracking pixels, and no web forms. If you choose to contact us, you do so by emailing the address we publish; we then have whatever information you include in your email.

3.2 The application (operational and billing data)

When a clinician is granted access to the application, we maintain a limited set of operational data needed to run the Services. This is stored in our cloud database (Google Firestore) and does not include the content of session notes or generated documents. It includes:

  • clinician email address;
  • practice membership and role;
  • credit balance and credit/usage events (for example, the type of action taken, the number of inputs, and a timestamp); and
  • authentication and access records.

3.3 Protected Health Information / clinical content (transient only)

When a clinician uses the Services, the clinician may submit a photograph of handwritten notes, an optional voice memo, and free-text context, and the Services return a generated draft. This content may include Protected Health Information ("PHI"). This content is processed transiently and is never persistently stored. It exists in memory (and, briefly, in a temporary file in volatile memory) only for the duration of a single request, after which it is deleted. We do not retain it, reuse it, or use it to train any model. Our handling of PHI is governed by HIPAA and by the Business Associate Agreement between your practice and Bespoke.

3.4 Audit logs

For security and compliance, we keep audit logs of events such as logins and generation actions. These logs record identifiers such as email, IP address, action type, and timestamp. They do not contain the content of notes or generated documents.

Section 4

How we use information, and our service providers

We use operational and billing data to provide, secure, and administer the Services (authenticate access, track and reserve credits, prevent abuse, and meet our legal and compliance obligations). We use transiently-processed clinical content solely to generate the draft you requested, and for no other purpose.

We rely on the following third-party service providers ("subprocessors"):

  • Google Cloud — hosting (Cloud Run), database (Firestore), and the AI model that generates drafts (Vertex AI / Gemini). Google Cloud processes data under a signed Business Associate Agreement with Bespoke.
  • Stripe — payment processing for credit purchases, handled on a separate, physically isolated service. Stripe receives only billing identity and transaction data; it never receives PHI or clinical content.

We do not sell personal information, and we do not share it for cross-context behavioral advertising.

Section 5

Data retention

  • Clinical content / PHI: not retained — deleted after each request.
  • Operational and billing data: retained for as long as your account is active and as needed for legitimate business and legal purposes.
  • Audit logs: retained on a defined schedule to meet HIPAA and applicable state recordkeeping requirements.
Section 6

Security

We use administrative, technical, and physical safeguards designed to protect information, including encryption in transit, authenticated and access-controlled entry to the application, and an architecture that avoids persistent storage of PHI. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

Section 7

Your choices and rights

Because the application is used by clinicians within their practices, much of the information we hold is operational. If you are a clinician or practice and wish to access, correct, or delete operational or billing data we hold about you, contact us at the address below.

7.1 California residents

If you are a California resident, you may have rights under California law, including the right to know what categories of personal information we collect and how we use them, the right to request deletion, and the right not to be discriminated against for exercising your rights. We do not sell personal information and do not share it for cross-context behavioral advertising. To exercise a right, contact us at the address below.

For information about our California Confidentiality of Medical Information Act (CMIA) commitments, see our California CMIA Addendum.

Section 8

Children

The Services are intended for use by licensed professionals and are not directed to children. We do not knowingly collect personal information directly from children through the Services.

Section 9

Changes to this policy

We may update this policy from time to time. We will post the updated policy and update the "Last Updated" date.

Section 10

Contact

Bespoke Therapist Software Utah LLC
Email: Justin@bespoke-therapist-software.com
P Privity
Justin@bespoke-therapist-software.com
Bespoke Therapist Software Utah LLC
© 2026 · All rights reserved
Privacy Policy Terms of Service California CMIA