Practice Vault is an optional security feature that gives you an extra layer of protection over your most sensitive clinical data. When enabled, your records are secured with a personal passphrase that only you know — meaning your records can only be accessed with the passphrase you set.
It's designed to give therapists the confidence that their clinical records are protected to the highest level our platform offers.
What's protected
Once Practice Vault is enabled, the following are secured with your personal passphrase: session notes, client documents and intake form submissions, and sensitive client profile information.
How it works
When you set up Practice Vault, you create a personal passphrase — a memorable phrase that only you know. This passphrase is used to secure your records directly in your browser, so your data is protected before it ever reaches our servers.
You'll also be given a recovery key during setup — a unique set of 24 words that acts as a backup in case you ever forget your passphrase. Store both your passphrase and recovery key somewhere safe, such as a password manager or a secure note. If you lose both, there is no way to recover your data.
Once set up, your vault unlocks automatically on devices you trust. On a new or unrecognised device, you'll be prompted to enter your passphrase to gain access.
Setting it up
- Go to Settings → Security.
- Click Set up Practice Vault.
- Choose a strong, memorable passphrase and confirm it. You'll see a passphrase strength indicator to help you choose a secure phrase.
- Write down or securely save your 24-word recovery key. Check the confirmation box to confirm you've stored it safely.
- Click Finish setup. Your existing records will then be secured — keep the window open while this runs, as it may take a few minutes depending on how many clients you have.
Using Practice Vault day to day
Once your vault is set up, it works quietly in the background. You'll see a shield icon in the top right of your browser indicating whether your vault is active on that device.
When you visit a client's notes or documents on a device where your vault is unlocked, everything appears as normal. On a device where the vault is locked, you'll see a prompt to enter your passphrase — your records remain hidden until you do.
New data — such as incoming intake form submissions — will appear as pending and prompt you to add them to your vault. You can do this immediately or decide later, in which case a reminder will persist in your Client Center until it's secured.
Managing registered devices
Once you unlock your vault on a device, that device is registered and will unlock automatically on future visits without needing your passphrase again. You can see all registered devices and manage access from Settings → Security → Manage devices.
If you no longer use a device — or if you think a device has been compromised — you can revoke its access. That device will then require your passphrase to unlock the vault again. You can re-register it at any time by entering your passphrase on that device.
Recovering access
If you forget your passphrase, you can recover access using your 24-word recovery key. Go to Settings → Security and select Forgot passphrase? You'll be prompted to enter your recovery key and choose a new passphrase.
If you have lost both your passphrase and your recovery key but still have an active unlocked device, you can disable Practice Vault from that device to restore access to your data. See Disabling Practice Vault below.
Disabling Practice Vault
You can disable Practice Vault at any time from Settings → Security. Your vault must be unlocked to do this. Once disabled, your records are moved back to It's Complicated's standard security infrastructure — they remain safe and accessible, just without the additional passphrase protection.
Disabling Practice Vault is a deliberate process and will ask for your confirmation before proceeding.