1. What data we keep and why
• User profile: e-mail address, role (Therapist, Partner A, Partner B) – used for sign-in, screen-level visibility and communication.
• Couple record: the two partner e-mails, the therapist’s e-mail and an couple display name – used to link homework to the right people.
• Homework tasks: assignment title, instructions, due date, each partner’s completion check-box and any attached file link – used to track progress and compliance.
2. Row-Owner security
Glide’s server sends a row only when the signed-in e-mail matches at least one owner column in that row.
– In the Users table, each profile row is owned by its e-mail address.
– In the Tasks table, each homework row is owned by the therapist’s e-mail and the two partner e-mails.
Rows that belong to other couples or other therapists never leave the database or appear in the app bundle.
3. Transport & storage protection
• All traffic is encrypted with TLS (HTTPS).
• Data at rest are encrypted with AES-256 on Google Cloud (Iowa, USA).
• Uploaded worksheets or PDFs are stored in a private bucket; download URLs are time-bound and inherit Row-Owner checks.
4. Authentication
• Password-free “magic link” sign-in (one-time code sent to the e-mail on file).
• Codes expire after 15 minutes and can be used once.
• We do not store passwords.
5. In-app visibility rules
• Screens for therapists (Dashboard, Homework Library, Invite Couples) appear only when Role = Therapist.
• Couple screens appear only when Role = Partner A or Partner B.
• A user with no role yet sees only the onboarding/profile screen until a role is assigned.
7. Data retention & deletion
• Therapists may permanently delete a couple (removes the couple and all related homework).
• Any user may request account deletion; we erase their profile and anonymise remaining homework to meet GDPR Article 17 and HIPAA requirements.
8. Third-party processors
We do not sell or share personal data with advertisers.
Sub-processors: Glide, Inc. (hosting on Google Cloud) and Glide Mail/SendGrid (transactional e-mail). Both hold ISO 27001 and SOC 2 Type II certifications; all traffic is TLS-encrypted.
9. Incident response
Access logs and Row-Owner mismatch alerts are monitored continuously. If a data breach occurs, affected users will be notified within 72 hours in accordance with GDPR Articles 33/34 and HIPAA breach-notification rules.
Contact
Privacy Officer — info@partnerpulseapp.com
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.