1. Introduction
Lerean ("we", "our", or "us") provides software designed for psychologists and mental health professionals to securely manage client records, session notes, and related information.
We are committed to protecting the privacy and security of all data processed through our platform.
This Privacy Policy explains what information we collect, how we use it, how it is protected, and the rights of users and their clients.
2. Information We Collect
Account Information
When a psychologist creates an account, we may collect:
- Name
- Email address
- Authentication information
- Subscription and billing information
Client Information
Users may store:
- Client names
- Contact details
- Session notes
- Assessments
- Treatment plans
- Attachments
- Other information entered by the psychologist
Technical Information
We may collect:
- Login timestamps
- Device and browser information
- IP addresses
- Error logs
- Security audit logs
3. End-to-End Encryption
Lerean is designed with end-to-end encryption (E2EE).
Client records and session notes are encrypted before being transmitted to our servers. Encryption keys are controlled by the user and are not accessible to Lerean.
As a result:
- We cannot read your client notes.
- We cannot access encrypted records.
- We cannot recover encrypted data if encryption credentials are lost.
- Our servers store encrypted content only.
This architecture is intended to ensure that only authorized users can access client records. Privacy-focused applications commonly rely on this "zero-knowledge" model to reduce the impact of potential server breaches.
4. How We Use Information
We use collected information to:
- Provide and maintain the service
- Authenticate users
- Process payments
- Improve performance and reliability
- Detect abuse and security incidents
- Provide customer support
We do not sell personal data.
We do not use client notes or session records to train artificial intelligence models.
Many privacy-focused journaling and mental health applications explicitly follow similar principles.
5. Legal Basis for Processing
For users located in the European Economic Area (EEA), we process personal data under GDPR based on:
- Performance of a contract
- Legitimate interests
- Legal obligations
- Consent where required
6. Data Retention
Account information is retained while an account remains active.
Encrypted client records remain stored until:
- The user deletes them;
- The account is deleted; or
- Retention periods required by law expire.
Upon account deletion, associated data will be removed or anonymized unless retention is legally required.
7. Security Measures
We implement security measures including:
- End-to-end encryption
- TLS encryption in transit
- Password hashing
- Access controls
- Audit logging
- Secure infrastructure
- Regular security updates
While no system can guarantee absolute security, we take reasonable measures to protect information entrusted to us.
8. Third-Party Services
We may use third-party providers for:
- Hosting infrastructure
- Authentication
- Email delivery
- Payment processing
- Error monitoring
These providers process only the minimum information necessary to provide their services.
9. International Data Transfers
If data is transferred outside the EEA, we implement appropriate safeguards required by GDPR, including Standard Contractual Clauses where applicable.
10. User Rights
Depending on applicable law, users may have the right to:
- Access personal data
- Correct inaccurate information
- Request deletion
- Restrict processing
- Object to processing
- Request data portability
- Withdraw consent
Users may exercise these rights by contacting us.
11. Children's Privacy
Lerean is intended for use by licensed professionals and organizations.
We do not knowingly provide services directly to children.
12. Changes to This Policy
We may update this Privacy Policy periodically. Updated versions will be published with a revised effective date.
13. Contact Information
Data Controller: Lerean Serhii Dolhopolov
E-mail: privacy@lerean.com