Built to support clinicians — and to respect client privacy.
AfterSession is designed to support HIPAA-aligned clinical workflows from the ground up. Compliance isn't something we added later — it's foundational to how the product works.
We sign a Business Associate Agreement (BAA) with every paid subscriber. This formalizes our commitment to protecting the information you entrust to us. The free trial doesn't require a BAA — you'll sign one when you upgrade.
For us, HIPAA compliance is not a feature — it's a baseline requirement.
AfterSession supports HIPAA-aligned workflows. A Business Associate Agreement (BAA) is available for paid plans and is accepted during the upgrade process.
AfterSession processes therapist-written notes and brief voice recordings made after sessions. These are your reflections and observations — not recordings of the session itself.
AfterSession does not record therapy sessions
It does not monitor or listen to live conversations
Audio (if used) is processed and deleted immediately
The only data we handle is what you choose to provide after your sessions are complete.
We take a layered approach to security, with protections at every level of the system.
Encryption in transit and at rest — your data is protected whether it's being transmitted or stored
US-based, HIPAA-eligible cloud infrastructure
Strict access controls — your notes are accessible only to you and your authorized account.
Least-privilege internal access — our team only accesses what's necessary to support you, and never your clinical content
We want to be clear about what AfterSession is — and what it isn't.
We do not record therapy sessions
We do not listen to live sessions
We do not train AI models on client data
We do not sell or share client data
We do not replace clinical judgment
AfterSession is built on HIPAA-eligible AWS services and is designed to minimize the handling and retention of sensitive data.
Audio recordings are processed only to generate session notes and are deleted immediately after processing. We do not store raw audio.
Transcription and note generation are performed using HIPAA-eligible AWS services under a Business Associate Agreement (BAA). Data is not used to train public or third-party models.
All generated notes remain drafts until reviewed and explicitly saved by the clinician.
You stay in control of what is written, edited, and saved. AfterSession generates a draft based on your input, but nothing is finalized without your review.
AfterSession supports documentation — it does not make clinical decisions. Your professional judgment remains at the center of every note.
AfterSession was built with the understanding that trust is earned.
We aim to be transparent, respectful, and careful with the information you entrust to us — because that responsibility matters.
Questions about our privacy or security practices? Contact us at privacy@aftersession.com.
For a deeper look at how AfterSession was built and why, see our About page.