Encrypted handling
Sensitive information is protected in transit and at rest.
GDPR-ready
Compliance should show up in the product.
For us, GDPR readiness means making rights, access, and data boundaries easier to handle in practice.
The practical promise
Build the product so rights are easier to honor, not harder to explain.
Make data boundaries understandable
Keep retention decisions visible and intentional
Support exports, correction, and deletion workflows
Protecting your practice
The legal standard matters most when it becomes operational behavior.
Data minimization
We keep collection close to what the service really needs.
Regular review
Controls and access patterns are reviewed, not left on autopilot.
Clear hosting
Infrastructure choices should support both obligations and trust.
Rights and control
A rights-based product helps therapists act responsibly without adding more noise.
Access
Review relevant information in a readable format.
Correction
Fix inaccurate records when needed.
Erasure
Support deletion where legal and clinical obligations allow it.
Portability
Move information in standard formats.
Common questions
A few grounded answers about GDPR-ready operations.
Is clinical data shared with advertisers or brokers?
No. Serenote is not built around selling therapist or client data.
How do retention and deletion decisions work?
They should respect therapist obligations and client rights, with clear rules and export paths.
What happens if there is a security incident?
A serious response includes investigation, communication, and timely notification.