Does HIPAA compliance mean a platform can't use my data?

No. HIPAA governs how protected health information is handled, not what rights you grant in the terms of service. A HIPAA-compliant tool can still claim a broad license to your data.

What should I look for in therapy software terms of service?

Search for 'User Data,' 'License,' 'perpetual,' 'derivative works,' and in the privacy policy 'train' and 'model.' Check whether rights survive account termination and whether AI use is opt-out.

Did Zoom train AI on user content?

In August 2023 Zoom's terms briefly allowed it, but after backlash Zoom reversed course and stated it does not use customer content to train AI models.

What Therapy Software Can Legally Do With Your Patient Data

Therapy platforms' terms of service often grant broad rights over your data. Here's what the fine print actually allows — with real clauses from SimplePractice, Zoom, and others.

Many therapy platforms' terms of service grant themselves a broad, often perpetual license to use the data you upload — including to develop and improve their products. "HIPAA compliant" doesn't limit this; it only governs how protected health information is handled, not what rights you sign away in the terms. Always read Sections on "User Data" and "License."

What the fine print often says

Platform	What the terms allow	Source

|---|---|---|

SimplePractice	Perpetual, irrevocable license to use User Data (incl. PHI) to "develop, improve, and market" its products	ToS §9.2 (2023)
Zoom	Briefly claimed AI-training rights, then reversed after backlash	ToS update, Aug 2023
Eclio	No license claimed; you keep ownership; no training	Eclio terms

SimplePractice §9.2 (verbatim, 2023)

The clause grants "a non-exclusive, worldwide, royalty-free, perpetual, irrevocable… license to use, reproduce, distribute, prepare derivative works of… such User Data… for the purposes of providing you the Services and further developing, improving, and marketing SimplePractice's products." "User Data" is defined to include Protected Health Information, video, image, and sound data.

The June 2026 update

A SimplePractice email confirmed that from June 16, 2026 it would retain de-identified session transcripts "to continuously improve existing and upcoming AI features," with retention on by default for Note Taker users.

Zoom shows pushback works

In August 2023, Zoom updated its terms to claim broad rights to use customer content for "machine learning, artificial intelligence, training." After public backlash, Zoom reversed course, adding: "Zoom does not use any of your… content to train Zoom or third-party artificial intelligence models." Terms can change — both ways.

How to read your platform's terms in 5 minutes

Open the Terms of Service and search for "User Data" and "License."
Look for "perpetual," "irrevocable," "derivative works."
Open the Privacy Policy and search "train," "model," "improve our services."
Check whether rights survive account termination.
Confirm whether AI data use is opt-in or opt-out.

A 2023 FTC settlement fined BetterHelp $7.8 million for mishandling sensitive mental-health data (FTC, 2023) — a reminder that terms and real-world practices both matter. For the privacy-law side, see GDPR for therapists storing notes abroad and HIPAA for online therapists explained.

Where Eclio stands

Eclio claims no license over your content. You own every note, we never train AI on your data, and you can delete everything permanently. Our local mode in development goes further — your data never reaches our servers at all.