Privacy policy

Last updated: June 2026

Summary

BilateralSync is a browser-based tool for EMDR therapists. Clients do not create accounts and are not asked to share personal information. Therapists provide only the data needed to run their account.

Data we collect

For therapists: email address, hashed password, workspace preferences and saved presets. For clients: none — a client joins a session with a short unguessable code and is not asked to identify themselves.

Legal basis

Where the GDPR applies, we process therapist data on the basis of contract (providing the service) and legitimate interest (product improvement using aggregated analytics).

Cookies

We use only strictly necessary cookies to keep therapists signed in. Our analytics is cookieless and anonymous. No cookie consent banner is required.

Sub-processors

A current list of sub-processors is available on request. We select providers with industry-standard security and appropriate data-processing agreements.

Your rights

Data subjects may request access, rectification, deletion and portability of their data by emailing privacy@bilateralsync.com. We aim to respond within one month.

Data transfers

Where data is transferred outside the EU/EEA or UK, we rely on Standard Contractual Clauses or adequacy decisions as appropriate.

Contact

Questions about this policy: privacy@bilateralsync.com.

See also our security page and terms.