Privacy Policy

Last updated: January 19, 2026

Introduction

SessionTimer, Inc. ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our session timer service.

Important Note for Healthcare Professionals

SessionTimer is a time management tool only. We do not collect, store, or process any Protected Health Information (PHI) or client/patient identifying information. SessionTimer is not a covered entity under HIPAA and does not require HIPAA compliance because we never handle PHI.

Information We Collect

Information You Provide

  • Account Information: Email address, display name (optional), timezone preference
  • Payment Information: Processed securely by Stripe; we do not store full credit card numbers
  • Session Templates: Custom timer configurations you create (duration, warning times)
  • Settings: Your preferences for sounds, display options, etc.

Information We Collect Automatically

  • Usage Data: Number of sessions created, session duration statistics
  • Device Information: Browser type, operating system, screen size
  • Log Data: IP address, access times, pages viewed
  • Analytics: Aggregated usage patterns to improve the Service

Information We Do NOT Collect

  • Client or patient names
  • Session notes or content
  • Health information of any kind
  • Diagnoses, treatment plans, or clinical data
  • Any information about the people you meet with

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process payments and manage subscriptions
  • Send transactional emails (receipts, password resets, important updates)
  • Respond to your support requests
  • Monitor and analyze usage to improve user experience
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

Information Sharing

We do not sell your personal information. We share information only in these circumstances:

Service Providers

We work with trusted third parties who help us operate the Service:

  • Supabase: Database hosting and authentication
  • Stripe: Payment processing
  • Vercel: Website hosting and analytics
  • Resend: Transactional email delivery

These providers are contractually obligated to protect your information and use it only to provide services to us.

Legal Requirements

We may disclose information if required by law, court order, or government request, or if we believe disclosure is necessary to protect rights, safety, or property.

Data Security

We implement industry-standard security measures to protect your information:

  • All data is encrypted in transit (HTTPS/TLS)
  • Passwords are hashed and never stored in plain text
  • Database access is restricted and logged
  • Regular security audits and updates
  • Payment data is handled entirely by Stripe (PCI-DSS compliant)

Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data: Retained until you delete your account
  • Session history: Retained for 12 months, then automatically deleted
  • Payment records: Retained for 7 years for tax/legal compliance
  • Server logs: Retained for 90 days

Your Rights and Choices

Access and Update

You can access and update your account information at any time through the Settings page.

Delete Your Account

You can delete your account through Settings. This will permanently remove your data within 30 days, except for information we must retain for legal purposes.

Export Your Data

You can request a copy of your data by contacting privacy@sessiontimer.app.

Email Communications

You can opt out of marketing emails at any time. Transactional emails (password resets, payment receipts) cannot be opted out while your account is active.

Cookies

We use the following types of cookies:

  • Essential cookies: Required for authentication and basic functionality
  • Analytics cookies: Help us understand how the Service is used (can be disabled)

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using the Service.

International Data Transfers

Our servers are located in the United States. If you access the Service from outside the US, your information will be transferred to and processed in the US, which may have different data protection laws than your country.

California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it's used
  • Request deletion of your personal information
  • Opt out of the sale of personal information (we do not sell your data)
  • Non-discrimination for exercising your rights

To exercise these rights, contact privacy@sessiontimer.app.

European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have additional rights including:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

Our legal basis for processing your data is your consent (for account creation) and legitimate interests (for providing and improving the Service).

Children's Privacy

The Service is not intended for children under 18. We do not knowingly collect information from children. If you believe a child has provided us with personal information, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the Service. The "Last updated" date at the top indicates when the policy was last revised.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@sessiontimer.app
Address: SessionTimer, Inc.