Privacy & Data

The short version

• ✓Your session data is stored in scrambled form — even we can't read it
• ✓Data is stored in the UK (Supabase London region)
• ✓Your data is never used to train AI models
• ✓No human at CDRA reads your session content
• ✓Audio is processed on your device — it never leaves it
• ✓You can request complete data deletion at any time

What data we collect

To provide the CDRA service, we collect and store:

• Your email address (for authentication)
• Your professional registration details (for verification)
• Session transcripts and reflections you enter
• AI analysis outputs generated from your sessions
• Client pseudonyms and notes (no real names required or recommended)

Audio processing

If you use audio upload, your recording is processed entirely within your browser using on-device AI. The audio file itself never reaches our servers. Only the text transcript — which you can review before submitting — is stored.

AI processing

Session content is sent to Anthropic's Claude API for clinical analysis. Anthropic does not use data submitted via API to train their models. For details, see Anthropic's privacy policy.

Data retention

Your data is retained for as long as your account is active. On account deletion, all data is permanently removed within 30 days. You can request deletion at any time by emailing privacy@cdra.ai.

Your rights (UK GDPR)

You have the right to: access your data, correct inaccuracies, request deletion, restrict processing, and data portability. Contact privacy@cdra.ai to exercise any of these rights.

Client consent

As a therapist using CDRA, you are responsible for obtaining appropriate consent from your clients to use AI-assisted reflection tools. We recommend:

• Disclosing AI reflection tool use in your client contract
• Using only pseudonyms — never real names — in session notes
• Reviewing your professional body's guidance on AI use