1. Information We Collect

CenTex Therapies LLC (“we,” “us,” “our”) operates the Clarity platform. This Privacy Policy describes how we collect, use, and protect your personal information when you use our Service.

1.1 Information You Provide

1.2 Information Collected Automatically

2. How We Use Your Information

We use the information we collect for the following purposes:

• Provide the Service — operate and maintain Clarity, process supervision records, generate documents, and manage your account;
• Process Payments — bill subscriptions, manage trials, and handle access codes through Stripe;
• Verify Compliance — validate professional license credentials and maintain signature audit trails;
• Communicate — send transactional emails, account notifications, access code reminders, and support responses;
• Improve the Service — analyze usage patterns (in aggregate) to improve features, fix bugs, and guide product development;
• Prevent Abuse — detect and prevent fraud, trial abuse, and unauthorized access; and
• Legal Compliance — comply with applicable laws, regulations, and legal processes.

We do not sell your personal information to third parties. We do not use your supervision records for advertising or marketing purposes.

3. Information Sharing and Disclosure

We share your information only in the following limited circumstances:

3.1 Supervision Relationships

When you are in a supervision relationship on the platform, your supervisor (or supervisee) will see the records shared within that relationship. This is core to the Service’s functionality.

3.2 Service Providers

We use trusted third-party providers to operate the Service:

• Supabase — database hosting, authentication, and backend infrastructure
• Stripe — payment processing (we do not store full card numbers)
• Email service provider — transactional and notification emails

These providers are contractually bound to use your information only for the purposes of providing their services to us.

3.3 Legal Requirements

We may disclose your information if required by law, subpoena, court order, or government investigation, or if we believe disclosure is necessary to protect rights, safety, or property.

3.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of the transaction. We will provide notice before your data becomes subject to a different privacy policy.

4. Data Storage and Security

Your data is stored on servers operated by Supabase in the United States. We implement appropriate technical and organizational measures to protect your data, including:

• Encryption in transit (TLS) and at rest;
• Row-level security (RLS) ensuring users can only access their own data;
• Full audit logging of every entry change with timestamp, actor, IP, and user-agent;
• Regular security reviews and monitoring; and
• Principle of least-privilege access controls.

No method of electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

5. Data Retention

We retain your data as follows:

• Active accounts — data is retained for the duration of your active subscription;
• Cancelled accounts — data is retained in a read-only state for seven (7) years following cancellation, in alignment with Texas Behavioral Health Executive Council recordkeeping expectations and the typical window for board audits, complaints, and credential re-verification. During this period you may resubscribe or export your records at any time. After seven years of continuous inactivity, data may be permanently deleted;
• Audit trail data — event logs (signatures, submissions, exports) are retained for the duration of the account plus seven (7) years to support compliance, board audits, and dispute resolution;
• Payment records — billing history is retained as required by tax and financial regulations; and
• Anonymized analytics — aggregated, de-identified usage data may be retained indefinitely for product improvement.

You may request early deletion of your data by contacting us at [email protected]. We will process requests within 30 days, subject to legal retention obligations.

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

• Access — request a copy of the personal information we hold about you;
• Correction — request correction of inaccurate or incomplete information;
• Deletion — request deletion of your personal information, subject to legal retention requirements;
• Data Export — request a machine-readable export of your supervision records;
• Opt Out — unsubscribe from non-essential communications at any time; and
• Restrict Processing — request that we limit how we use your data in certain circumstances.

To exercise any of these rights, please contact us at [email protected]. We will verify your identity before processing any request.

7. Cookies and Tracking Technologies

Clarity uses essential cookies required for authentication and session management. We do not use third-party advertising cookies or cross-site tracking.

We may use minimal, privacy-respecting analytics to understand aggregate usage patterns. No personal data is shared with advertising networks.

8. Children’s Privacy

The Service is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from minors. If we learn that we have collected information from a child under 18, we will delete that information promptly.

9. HIPAA Disclaimer

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and by posting the revised policy on this page with an updated effective date at least 30 days before changes take effect. Your continued use of the Service after changes become effective constitutes your acceptance of the revised policy.

11. Contact Us

For questions or concerns about this Privacy Policy or our data practices, please contact us: