← Back to sign in

Privacy Policy

Last updated: March 4, 2026

What Attune is

Attune is a communication practice tool for therapy clients, used between sessions under a therapist's guidance. It is not a crisis resource, not a substitute for therapy, and does not provide clinical care. If you are in crisis, please contact the 988 Suicide & Crisis Lifeline or emergency services.

What we collect

  • Account information: Your name and email address, provided when your therapist invites you or when you sign up.
  • Session summaries: After each practice session, an AI-generated summary of communication patterns and skills observed is stored. This is what your therapist reviews.
  • Self-reflections: Your written answers to four optional reflection questions after each session.
  • Usage data: Basic information about how you use the app (pages visited, session counts) for product improvement.

We do not store full chat transcripts. The conversation you have during a practice session is processed in real time to generate a summary and is not retained after the session ends.

How we use your data

  • To run your practice sessions and generate AI feedback
  • To share session summaries and reflections with your assigned therapist
  • To improve the product (using aggregated, anonymized data only)

We do not sell your data, use it for advertising, or share it with anyone other than your therapist and the infrastructure providers listed below.

Who we share data with

To operate Attune, we use the following third-party services. Each processes data only as needed to provide the service:

ProviderPurpose
SupabaseDatabase, authentication, account management
AnthropicAI conversation processing and session summaries
VercelApplication hosting

Supabase processes data under a signed Data Processing Addendum (DPA). We are in the process of obtaining a HIPAA Business Associate Agreement (BAA) with Supabase. Anthropic processes session content only to generate responses and summaries; it does not retain conversation data for training purposes under standard API usage.

Your therapist's access

Your assigned therapist can view your session summaries and self-reflection answers. They cannot see the word-for-word conversation from your practice sessions. Therapists access only data for clients they have been linked to in the system.

Data retention

Your data is retained for as long as your account is active. You may request deletion of your account and associated data at any time by emailing us. Upon account deletion, your data will be removed from active systems within 30 days.

Your rights

You have the right to access, correct, or delete your personal data. If you are in California or the EU, you have additional rights under CCPA and GDPR respectively. To exercise any of these rights, contact us at the address below.

Security

Data is encrypted at rest (AES-256) and in transit (TLS 1.2+). Access to your data is restricted by role — only you and your assigned therapist can view your session data. All API endpoints require authentication.

Changes to this policy

We may update this policy as the product evolves. We will notify you of material changes by email or via an in-app notice before they take effect.

Contact

For privacy inquiries: support@tryattune.app