Security
Privacy is the default, not a feature.
BilateralSync is designed to minimize the data collected during a therapy session. This page describes the controls that are enabled today.
Data collection
BilateralSync does not require any client-side account. We do not collect client names, email addresses, phone numbers or other personal identifiers. A session is identified by a short unguessable code that expires when the session ends.
Encryption
All traffic between the therapist, client and our servers is encrypted in transit using TLS. Real-time session state is exchanged over secure channels.
Session identifiers
Sessions use randomly generated codes with sufficient entropy that they cannot be guessed. Codes expire and are rotated for each new session.
Analytics
We use cookieless, anonymous analytics that do not track individuals across sites and do not require a cookie consent banner.
Sub-processors
BilateralSync is hosted on established cloud infrastructure with industry-standard operational security. A current list of sub-processors is available on request.
Responsible disclosure
If you believe you have found a security issue, please email security@bilateralsync.com. We aim to acknowledge reports within two business days.
See also our privacy policy and terms of service.