At the core of It's Complicated is an understanding of how important it is to be able to exchange personal thoughts in a private, secure space. Every piece of data you share, store or send is protected, and all our processes and infrastructure are designed to meet GDPR standards.
Messages and video calls
All messages exchanged between you and your clients are encrypted in transit using SSL — meaning they are protected as they travel between your browser and our servers. No message content is ever sent over an unprotected connection.
Video calls are powered by Stream, a HIPAA and GDPR-compliant provider using the WebRTC protocol. All video data is encrypted in transit and no calls are recorded or stored on our servers without your knowledge.
Stored data
All data stored on It's Complicated — including messages, appointments, invoices and account information — is encrypted and held in secure, GDPR-compliant data centres in Europe. We use multiple layers of protection between your data and the outside world, and our infrastructure is designed to keep your clients' information private and secure.
Session notes and client documents
Your session notes and client documents benefit from the same secure infrastructure as the rest of your data. For therapists who want an additional layer of privacy on top of this, we offer Practice Vault — an optional feature that protects your notes, client documents and intake form submissions with a personal passphrase that only you know. With Practice Vault enabled, even our own team cannot read your records.
Learn more about Practice Vault →
GDPR compliance
All our data is stored on servers in Europe and our processes are fully compliant with GDPR. You can find more detail in our Privacy Policy and Data Processing Agreement.