Privacy policy
Last updated: June 2026
Summary
BilateralSync is a browser-based tool for EMDR therapists. Clients do not create accounts and are not asked to share personal information. Therapists provide only the data needed to run their account.
Data we collect
For therapists: email address, hashed password, workspace preferences and saved presets. For clients: none — a client joins a session with a short unguessable code and is not asked to identify themselves.
Legal basis
Where the GDPR applies, we process therapist data on the basis of contract (providing the service) and legitimate interest (product improvement using aggregated analytics).
Cookies
We use only strictly necessary cookies to keep therapists signed in. Our analytics is cookieless and anonymous. No cookie consent banner is required.
Sub-processors
A current list of sub-processors is available on request. We select providers with industry-standard security and appropriate data-processing agreements.
Your rights
Data subjects may request access, rectification, deletion and portability of their data by emailing privacy@bilateralsync.com. We aim to respond within one month.
Data transfers
Where data is transferred outside the EU/EEA or UK, we rely on Standard Contractual Clauses or adequacy decisions as appropriate.
Contact
Questions about this policy: privacy@bilateralsync.com.
See also our security page and terms.