Your sessions belong to you.
We're building something that handles the most sensitive content you could share. Here's exactly how we protect it—and what we're still working on.
The weight of what you share
What we protect
A therapy session isn't data. It's you at your most vulnerable—processing pain, naming fears, saying things you've never said out loud.
We built We with that weight in mind. Every technical decision starts with one question: would we trust this with our own sessions?
The journey of your session
How your data flows
Here's exactly what happens from the moment you upload to the insights you receive.
Upload
Your file is encrypted in transit (TLS 1.3) and at rest (AES-256). Each user has isolated storage—your files are never mingled with anyone else's.
Processing
Your session is processed in an isolated container—separate from every other user, not shared with any other company. When analysis is complete, that container is destroyed. The raw recording is deleted. Only the insights remain.
What we keep
We store the insights, timestamps, and patterns—not the full transcript or recording. You control what's shared with your therapist, if anything.
Deletion
You can delete everything at any time. When you do, we destroy your encryption keys—the data becomes cryptographically unreadable. You can also set auto-delete rules: delete after 30 days, after 90 days, or keep until you say otherwise.
Our architecture
Zero-knowledge encryption
We cannot read your sessions
wetherapy uses zero-knowledge encryption. We literally cannot read your sessions—not if we wanted to, not if we were compelled to. Your data is encrypted with keys that only you control.
Your data is protected by zero-knowledge encryption, AES-256 at rest, TLS 1.3 in transit, strict role-based access controls, and audit logging. Because of the zero-knowledge architecture, we do not have the technical ability to read your session content or insights.
For those who want the receipts
The technical details
| Layer | Protection |
|---|---|
| Transit | TLS 1.3 |
| Storage | AES-256 via AWS KMS |
| Isolation | Per-user partitioning |
| Processing | Isolated containers, destroyed after analysis |
| AI Training | Never—not by us, not by providers |
| Retention | Raw files deleted after processing |
| Access | Role-based, audit-logged |
| Deletion | Key destruction renders data unreadable |
Our promises
What we'll never do
We will never sell your data.
We will never use your sessions to train AI models—and neither will anyone else. Your data stays in isolated containers, is never shared with AI providers for training, and is destroyed after processing. This isn't a policy. It's architecture.
We will never share your content with your therapist without explicit consent.
We will never show you ads.
We will never make it hard to leave. Export or delete, anytime.
Common questions
Questions we get asked
“Is We HIPAA compliant?”
We exceed HIPAA requirements for privacy and security. All data is encrypted at rest and in transit, access is strictly controlled and audited, and we maintain the technical safeguards required for protected health information.
“Can my therapist see my uploads?”
Only if you explicitly share with them. You control what's shared and can revoke access anytime.
“What if law enforcement requests my data?”
With our zero-knowledge encryption architecture, we cannot access your session content or insights—even if compelled by legal process. Your data is encrypted with keys that only you control. We cannot hand over what we cannot read.
“What happens to my data during AI processing?”
Your session is processed in an isolated container that exists only for your analysis. It's separate from every other user, never shared with any other company, and destroyed when processing is complete. The AI providers we use are contractually prohibited from using your data for training. This isn't a policy decision—it's how we built the system.
“Do you use my sessions to improve your AI?”
No. Your sessions are processed in isolated containers and insights are generated, but the content is never used to train models—not by us, and not by our AI providers. The containers are destroyed after analysis.
“What happens if We shuts down?”
You'll have advance notice and the ability to export everything. We'll publish a data portability plan before launch.
Still have questions?
Email us directly—we read everything.