Sens8Focus

Sign in
Terms of ServicePrivacy PolicyHIPAA NoticeSecurity Overview

Privacy Policy

Last updated: March 28, 2026

1. Introduction

Your intimate data deserves extraordinary protection.

At Sens8Focus, we understand that the information you share with our Service is deeply personal. This Privacy Policy explains how we collect, use, protect, and handle your information when you use our sensate focus therapy tracking platform.

We built Sens8Focus with privacy as a foundational principle, not an afterthought. Every architectural decision we make considers the sensitivity of the data you entrust to us.

2. Information We Collect

We collect the following categories of information:

Account Information

  • Email address and display name
  • Authentication credentials (managed by our identity provider)
  • Subscription and billing information (processed by Stripe)

Health-Related Information

  • Sensate focus exercise logs and progress data
  • Self-reported comfort levels, anxiety ratings, and session notes
  • Journal entries and personal reflections
  • Partner-shared data (when you choose to share)

Technical Information

  • Device type, browser type, and operating system
  • IP address (anonymized after session end)
  • Usage patterns and feature interactions (aggregated and anonymized)

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Generate your personal progress visualizations and insights
  • Facilitate partner sharing features when you explicitly opt in
  • Communicate with you about your account, updates, and support requests
  • Ensure the security and integrity of the Service
  • Comply with legal obligations, including HIPAA requirements

We never use your health data for advertising, marketing profiling, or any purpose unrelated to providing you with the Service.

4. HIPAA and Protected Health Information (PHI)

Sens8Focus treats applicable user health data as Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA). This means:

  • We maintain administrative, physical, and technical safeguards as required by the HIPAA Security Rule.
  • We limit internal access to PHI to authorized personnel on a need-to-know basis.
  • We enter into Business Associate Agreements (BAAs) with all third-party vendors who may access PHI.
  • We provide you with rights to access, amend, and request an accounting of disclosures of your PHI.

For full details, please see our HIPAA Notice of Privacy Practices.

5. How We Protect Your Data

We employ multiple layers of security to protect your information:

AES-256 Encryption at Rest

All stored data is encrypted using AES-256, one of the strongest encryption standards available.

TLS 1.3 Encryption in Transit

Every connection to Sens8Focus is protected with TLS 1.3, ensuring your data is secure as it travels between your device and our servers.

Field-Level Encryption

Sensitive fields such as journal entries and session notes are individually encrypted, providing an additional layer of protection even within our own database.

For a comprehensive overview of our security measures, visit our Security Overview.

6. Your Private Journal

Your journal entries are among the most sensitive data in Sens8Focus. We protect them with special care:

  • Journal entries are protected with field-level encryption, meaning they are encrypted individually before being stored.
  • Only you can access your journal entries. They are not visible to Sens8Focus staff, your partner, or your clinician unless you explicitly choose to share them.
  • Journal entries are never included in aggregated analytics or used for any purpose beyond displaying them to you.
  • When you delete a journal entry, it is permanently removed from our systems within 30 days.

7. Data Sharing

We do not sell your data. Ever.

We may share limited information with third parties only in these circumstances:

  • Service providers: Trusted vendors who help us operate the Service (e.g., cloud hosting, payment processing), all bound by BAAs and strict confidentiality agreements.
  • With your consent: When you explicitly choose to share data with a partner or clinician through our sharing features.
  • Legal requirements: When required by law, court order, or governmental regulation, and only to the minimum extent necessary.

We do not share your data with advertisers, data brokers, or any third party for marketing purposes.

8. Your Rights

You have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Export: Download your data in a portable, machine-readable format.
  • Restriction: Request that we limit the processing of your data in certain circumstances.
  • Objection: Object to certain types of processing.

Account Deletion: You can delete your account at any time from the Settings page in the app. When you delete your account, your personal information is permanently removed. However, certain data — including audit logs and anonymized session metadata — is retained for up to 7 years as required by HIPAA. Stripe billing records are retained independently per Stripe's data retention policy.

To exercise any of these rights, contact us at privacy@sens8focus.com. We will respond within 30 days.

9. Data Retention

We retain your personal information only for as long as necessary to provide the Service and fulfill the purposes outlined in this policy. Specifically:

  • Active accounts: Data is retained for the duration of your account.
  • Cancelled accounts: We retain your data for 30 days after cancellation to allow for reactivation, then permanently delete it.
  • Legal holds: We may retain certain data longer if required by law or to resolve disputes.
  • Audit logs: Security audit logs are retained for up to 7 years as required for HIPAA compliance.

10. Children's Privacy

Sens8Focus is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@sens8focus.com.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and/or a prominent notice within the Service at least 30 days before the changes take effect.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes become effective constitutes your acceptance of the updated policy.

12. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Team:

Sens8Focus Privacy Team

privacy@sens8focus.com