practicewize ← Back to Home

Security & Data Protection

Last updated: March 2026

At practicewize, we understand that therapists are working with highly sensitive personal information. Protecting your data — and your clients' data — is a core part of how the platform is designed and operated.

Data Ownership

Therapists retain 100% ownership of all client data and clinical records at all times.

practicewize acts as a data processor, storing and handling data only on your behalf and under your instruction. We do not access, use, or share your client data except as required to provide the service.

GDPR Compliance

practicewize is designed in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We support therapists in meeting their own data protection obligations by providing secure systems, clear data handling practices, and the ability to manage and control client information.

Data Security

We take appropriate technical and organisational measures to protect data, including:

  • Encryption of data in transit using HTTPS
  • Secure cloud hosting infrastructure
  • Password hashing and authentication safeguards
  • Access controls to restrict unauthorised access

We continually review our systems to maintain a high standard of security appropriate to the sensitivity of the data stored.

Sensitive Data

practicewize is designed to handle special category data, including health and therapy-related information.

We recognise the additional responsibility this carries and apply heightened care in how this data is stored, accessed, and protected.

Data Access & Portability

You have full access to your data at all times. We support:

  • Access to all stored client information
  • Data export in standard, readable formats (such as PDF or CSV)
  • Data deletion upon request

This ensures you are never locked into the platform.

Sub-processors

We work with trusted third-party providers to deliver our service. These may include:

  • Cloud hosting providers (e.g. DigitalOcean)
  • Payment processors (e.g. Stripe)
  • Email and communication services

All sub-processors are selected based on their security standards and compliance with applicable data protection laws.

Data Processing Agreement (DPA)

We provide a Data Processing Agreement (DPA) for customers who require it.

This sets out our responsibilities as a data processor, including how data is handled, protected, and managed in line with GDPR.

Data Breach Procedures

In the unlikely event of a data breach, we will:

  • Investigate and contain the issue promptly
  • Notify affected users where required
  • Take appropriate steps to prevent recurrence

Ongoing Improvements

Security is an ongoing process. We continuously review and improve our systems, policies, and practices to ensure we are meeting appropriate standards for handling sensitive data.

Contact

If you have any questions about security or data protection, please contact us at:

Email: contact@practicewize.com

This policy is provided for general information and does not constitute legal advice.