Lerean

Privacy Policy

1. Introduction

Lerean ("we", "our", or "us") provides software designed for psychologists and mental health professionals to securely manage client records, session notes, and related information.

We are committed to protecting the privacy and security of all data processed through our platform.

This Privacy Policy explains what information we collect, how we use it, how it is protected, and the rights of users and their clients.

2. Information We Collect

Account Information

When a psychologist creates an account, we may collect:

  • Name
  • Email address
  • Authentication information
  • Subscription and billing information

Client Information

Users may store:

  • Client names
  • Contact details
  • Session notes
  • Assessments
  • Treatment plans
  • Attachments
  • Other information entered by the psychologist

Technical Information

We may collect:

  • Login timestamps
  • Device and browser information
  • IP addresses
  • Error logs
  • Security audit logs

3. End-to-End Encryption

Lerean is designed with end-to-end encryption (E2EE).

Client records and session notes are encrypted before being transmitted to our servers. Encryption keys are controlled by the user and are not accessible to Lerean.

As a result:

  • We cannot read your client notes.
  • We cannot access encrypted records.
  • We cannot recover encrypted data if encryption credentials are lost.
  • Our servers store encrypted content only.

This architecture is intended to ensure that only authorized users can access client records. Privacy-focused applications commonly rely on this "zero-knowledge" model to reduce the impact of potential server breaches.

4. How We Use Information

We use collected information to:

  • Provide and maintain the service
  • Authenticate users
  • Process payments
  • Improve performance and reliability
  • Detect abuse and security incidents
  • Provide customer support

We do not sell personal data.

We do not use client notes or session records to train artificial intelligence models.

Many privacy-focused journaling and mental health applications explicitly follow similar principles.

5. Legal Basis for Processing

For users located in the European Economic Area (EEA), we process personal data under GDPR based on:

  • Performance of a contract
  • Legitimate interests
  • Legal obligations
  • Consent where required

6. Data Retention

Account information is retained while an account remains active.

Encrypted client records remain stored until:

  • The user deletes them;
  • The account is deleted; or
  • Retention periods required by law expire.

Upon account deletion, associated data will be removed or anonymized unless retention is legally required.

7. Security Measures

We implement security measures including:

  • End-to-end encryption
  • TLS encryption in transit
  • Password hashing
  • Access controls
  • Audit logging
  • Secure infrastructure
  • Regular security updates

While no system can guarantee absolute security, we take reasonable measures to protect information entrusted to us.

8. Third-Party Services

We may use third-party providers for:

  • Hosting infrastructure
  • Authentication
  • Email delivery
  • Payment processing
  • Error monitoring

These providers process only the minimum information necessary to provide their services.

9. International Data Transfers

If data is transferred outside the EEA, we implement appropriate safeguards required by GDPR, including Standard Contractual Clauses where applicable.

10. User Rights

Depending on applicable law, users may have the right to:

  • Access personal data
  • Correct inaccurate information
  • Request deletion
  • Restrict processing
  • Object to processing
  • Request data portability
  • Withdraw consent

Users may exercise these rights by contacting us.

11. Children's Privacy

Lerean is intended for use by licensed professionals and organizations.

We do not knowingly provide services directly to children.

12. Changes to This Policy

We may update this Privacy Policy periodically. Updated versions will be published with a revised effective date.

13. Contact Information

Data Controller: Lerean Serhii Dolhopolov

E-mail: privacy@lerean.com

Website: lerean.com