Legal

Privacy Policy

Effective date: February 27, 2026

This Privacy Policy ("Policy") describes how Guidara, LLC ("Guidara," "we," "us," or "our") collects, uses, shares, and safeguards personal information in connection with your use of our websites, applications, and related services (the "Service"). By using the Service, you consent to the practices described in this Policy.

1. Information We Collect

We collect information in the following ways:

Information you provide directly. When you create an account, subscribe, contact us, or use the Service, you may provide personal information such as your name, email address, professional credentials, phone number, billing address, and organization details. You may also upload or create content within the Service, including supervision notes, agreements, timesheets, and other documentation related to your supervision relationships.

Information collected automatically. When you access the Service, we may automatically collect technical information such as your IP address, browser type and version, device identifiers, operating system, referring URLs, pages visited, time spent on pages, and other usage data.

Payment information. Payment information is processed securely by Stripe, our third-party payment processor. Guidara does not store full credit card numbers, CVVs, or complete payment card details on our servers. Please refer to Stripe's Privacy Policy for details on how your payment data is handled.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process payments and manage subscriptions
  • Create and manage your account
  • Respond to inquiries and provide customer support
  • Improve the functionality, performance, and security of the Service
  • Send transactional communications (account confirmations, billing receipts, security alerts)
  • Send product updates and marketing communications where permitted and consistent with your preferences
  • Monitor and analyze usage patterns and trends
  • Detect, prevent, and address fraud, abuse, or technical issues
  • Comply with applicable laws, regulations, and legal processes

3. Legal Bases for Processing

Where required by law (such as under the GDPR for users in the European Economic Area), our legal bases for processing personal information include:

  • Contract performance: Processing necessary to provide the Service you have requested
  • Legitimate interests: Processing for purposes such as improving the Service, ensuring security, and communicating with users, where those interests are not overridden by your rights
  • Legal obligations: Processing required to comply with applicable laws
  • Consent: Where you have given explicit consent for specific processing activities (such as marketing emails), which you may withdraw at any time

4. Sharing of Information

We do not sell, rent, or trade your personal information to third parties. We may share personal information in the following circumstances:

  • Service providers: With third-party vendors who perform functions on our behalf, such as hosting and infrastructure, payment processing, email delivery, and analytics. These providers are contractually obligated to use your information only for the purposes of providing services to Guidara.
  • Within the Service: Certain information is shared between users as part of normal Service functionality. For example, supervisors and supervisees within the same supervision relationship can view shared supervision records, notes, and timesheets as determined by their roles and permissions within the platform.
  • Legal requirements: When required by law, legal process, or governmental request, or when we believe disclosure is necessary to protect the rights, safety, or property of Guidara, our users, or the public.
  • Business transfers: In connection with a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets. In such an event, we will notify affected users before personal information is transferred and becomes subject to a different privacy policy.
  • With your consent: In other circumstances where you have given explicit consent to the sharing.

5. Third-Party Service Providers

We use the following categories of third-party service providers to operate the Service. Each provider processes data only as necessary for the services they provide to Guidara:

  • Payment processing: Stripe
  • Email communications: MailerLite
  • Calendar integrations: Pyas (operated by BrutForce Technologies, LLC)
  • Cloud hosting and infrastructure: Cloud service providers for application hosting, data storage, and content delivery
  • Analytics: Tools that help us understand how the Service is used so we can improve it
  • Error monitoring: Services that help us identify and fix technical issues

We may update the specific providers we use from time to time. The categories above reflect the types of processing that occurs on our behalf.

6. Cookies and Tracking Technologies

We use cookies and similar technologies on our website and within the Service. Cookies are small text files stored on your device that help us provide and improve functionality.

Types of cookies we use:

  • Strictly necessary cookies: Required for the Service to function (authentication, security, session management). These cannot be disabled without breaking core functionality.
  • Functional cookies: Remember your preferences and settings to provide a more personalized experience.
  • Analytics cookies: Help us understand how visitors interact with our website so we can improve it. These collect aggregated, anonymized usage data.

We do not use advertising or third-party marketing tracking cookies.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service. Most browsers allow you to block or delete cookies, view what cookies are set, and manage them on a per-site basis.

7. Email Communications and Unsubscribe

If you provide your email address through our sign-up forms, early access form, or account registration, we will use it to send you the communications you requested, such as account notifications, product updates, and occasional marketing emails about Guidara. Each marketing email includes a clear, single-click unsubscribe link. If you unsubscribe, we will stop sending marketing emails unless you resubscribe. We will continue to send essential transactional emails (billing receipts, security alerts, account notices) regardless of your marketing preferences.

We use MailerLite as our email communications provider. MailerLite acts as a data processor on our behalf and processes personal data only for the purpose of delivering emails on our behalf. For more information, see MailerLite's Privacy Policy and Data Processing Addendum.

Our emails may include standard engagement tracking (such as open and click tracking) to help us understand aggregate engagement and improve our communications. You can disable the display of remote images in your email client to reduce tracking.

8. Calendar Integrations (Powered by Pyas)

Guidara uses Pyas, a calendar integration service operated by BrutForce Technologies, LLC, to enable secure connections to third-party calendar and video conferencing providers. Pyas is built and maintained by the same development team that supports Guidara and operates as affiliated technical infrastructure that powers calendar connectivity and synchronization features within the platform.

Pyas acts as a service provider and data processor on behalf of Guidara, LLC. It processes calendar-related information solely for the purpose of providing scheduling and synchronization functionality within Guidara. Depending on the features used, Pyas may process:

  • Calendar event metadata (such as event IDs, timestamps, recurrence rules, and meeting titles)
  • OAuth authentication tokens required to establish secure calendar connections
  • Basic scheduling information necessary to synchronize events between providers and Guidara

Pyas does not store supervision notes, uploaded documents, billing information, or therapy client records. Its processing is limited strictly to data required to enable calendar functionality within Guidara.

All data transmitted between Guidara, Pyas, and third-party providers is encrypted in transit using industry-standard TLS protocols. Sensitive credentials are encrypted at rest. Access to infrastructure is restricted through role-based access controls and logging mechanisms.

Guidara, LLC remains the data controller for user information collected within the platform. Pyas processes data only under Guidara's instructions and does not use calendar data for advertising, profiling, or any independent marketing purposes.

9. Clinical Data and HIPAA

Guidara is designed to document the supervision relationship between clinical supervisors and supervisees. The Service is not intended to store Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA). Guidara is not a covered entity or a business associate under HIPAA.

Supervision notes within Guidara are intended to document supervisory discussions, clinical feedback, competency development, and professional growth. They are not intended to serve as client therapy records. If you choose to reference client cases in your supervision documentation, you are responsible for de-identifying any client information or ensuring you have appropriate authorization to include it.

Guidara implements security measures consistent with industry standards to protect the data stored within the Service. However, users are solely responsible for determining whether their use of the Service complies with HIPAA, state privacy laws, and any other applicable regulations governing the information they enter.

10. Data Security

We implement commercially reasonable administrative, technical, and organizational measures to protect personal information from unauthorized access, use, alteration, or disclosure. These measures include:

  • Encryption of data in transit using TLS protocols
  • Encryption of sensitive data at rest
  • Role-based access controls limiting who can access user data
  • Regular security assessments and monitoring
  • Secure authentication mechanisms

We treat the security of your supervision records as a core responsibility. Our team actively monitors, tests, and improves our security practices on an ongoing basis. While no online system can guarantee absolute security, we are committed to protecting your data and responding quickly if a security concern arises. If you have questions about how we protect your information, reach out to us at support@guidara.io.

11. Data Retention

We retain personal information for as long as your account is active or as needed to provide you with the Service. Specific retention practices include:

  • Active accounts: Your data is retained for the duration of your account. You may export or delete your data at any time while your account is active.
  • Closed supervisor and organization accounts: After a supervisor or organization closes their account, Guidara retains their data for as long as necessary to support supervisee data portability. Because supervisee exports require supervisor information (names, credentials, attestations), we do not guarantee a specific deletion timeline for closed supervisor or organization accounts. If a supervisor or organization requests permanent deletion, records necessary to maintain supervisee data portability may be retained in a limited capacity.
  • Supervisee accounts: Supervisee accounts remain accessible in a read-only state even after the associated supervisor or organization cancels. Supervisees can continue to log in, view, and export their supervision records indefinitely.
  • Billing records: We retain billing and transaction records for up to 7 years as required for tax, accounting, and legal compliance purposes.
  • Marketing contacts: If you unsubscribe from marketing emails, we retain a record of your email address and unsubscribe preference to ensure we honor your opt-out.
  • Legal obligations: We may retain certain information beyond the periods above if required by law, legal process, or to resolve disputes and enforce our agreements.

12. Your Rights and Choices

Depending on your location and applicable law, you may have certain rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request that we correct inaccurate or incomplete personal information.
  • Deletion: Request that we delete your personal information, subject to certain exceptions (such as legal retention requirements).
  • Data portability: Request a copy of your data in a structured, commonly used, machine-readable format.
  • Restriction: Request that we restrict the processing of your personal information in certain circumstances.
  • Objection: Object to processing of your personal information based on legitimate interests.
  • Withdraw consent: Where processing is based on consent, you may withdraw that consent at any time.

How to exercise your rights: To submit a rights request, email us at privacy@guidara.io. We will acknowledge your request within 10 business days and respond substantively within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request. We will not discriminate against you for exercising any of these rights.

13. United States State Privacy Rights

Certain U.S. state laws provide additional privacy rights to residents of those states. This section addresses those requirements.

California (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (as amended by the California Privacy Rights Act) provides you with specific rights:

  • Right to know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share information.
  • Right to delete: You have the right to request deletion of your personal information, subject to certain exceptions.
  • Right to opt out of sale or sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
  • Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a request under the CCPA/CPRA, contact us at privacy@guidara.io.

Other U.S. States

If you are a resident of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, or another state with a comprehensive privacy law, you may have similar rights to access, correct, delete, and port your data, and to opt out of certain processing activities. We honor these rights to the extent required by applicable law. To exercise any such rights, contact us at privacy@guidara.io.

14. International Data Transfers

If you access the Service from outside the United States, please note that your information may be transferred to, stored, and processed in the United States or other countries where our servers and service providers are located. Such jurisdictions may have data protection laws that differ from those in your country of residence. By using the Service, you acknowledge this transfer. Where required by law, we rely on appropriate legal mechanisms (such as Standard Contractual Clauses) to facilitate lawful data transfers.

15. Children's Privacy

The Service is not directed to children under 18. We do not knowingly collect personal information from anyone under the age of 18. If we learn that we have inadvertently collected personal information from a child, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@guidara.io.

16. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice within the Service at least 15 days before the changes take effect. The updated effective date will be posted at the top of this Policy. Your continued use of the Service after the changes take effect constitutes acceptance of the revised Policy. If you do not agree with the revised Policy, you must stop using the Service.

17. Contact Information

If you have questions about this Policy, want to exercise your privacy rights, or have concerns about how your data is handled, please contact us:

Guidara, LLC
Florida, USA
Email: privacy@guidara.io

This Policy is intended to be legally binding. For advice specific to your jurisdiction, please consult qualified legal counsel.