Client Data Safety

Category: For Practitioners Reading time: ~3 min

Overview

Practitioners have a professional and legal duty to protect client information. TheraScripts is designed from the ground up to work without requiring identifying client data — meaning the system never needs a client's name, contact details, or any personally identifiable information.

The non-identifying design

When you create a client profile in TheraScripts, the system asks for:

Session goals
Relevant clinical context (where appropriate)
Intake survey responses (anonymous snapshots)
Delivery preferences and constraints

It never requires, stores, or processes:

Client names
Contact information
Date of birth
NHS or other ID numbers
Any field that would identify the individual

If you choose to use the optional Client Alias field (a label you create to identify the profile in your own records — such as "Client A" or a case reference), that label is stored separately from the clinical data and never enters the AI generation pipeline.

What goes into the AI pipeline

When a script is generated, the AI receives a structured clinical snapshot — a set of non-identifying attributes describing the session context. No free-text fields containing client information are included. No PII enters the prompt.

Encryption and data handling

All data is encrypted at rest and in transit using industry-standard encryption. Your workspace data is accessible only to you and any workspace members you have explicitly added.

TheraScripts operates under UK GDPR. For full details on how data is handled, retained, and deleted, see the Data & Privacy section of the help centre.

Your responsibilities

TheraScripts removes most of the data risk from the script-generation workflow, but you remain responsible for: