Encrypted + GDPR-compliant

Your inquiry is encrypted. Always.

Psychotherapy inquiries contain especially sensitive health data. On most platforms they sit in plaintext in the database, in the provider's email inbox, and in the server logs. Not with us.

AES-256-GCMGDPR Art. 9EU servers30-day deletion

Why we're different here

If you write on a platform „I'm looking for trauma therapy after a sexual assault five years ago“, that's information which in the wrong hands can mean insurance discrimination, job-related stigma, or just embarrassing exposure to acquaintances. GDPR treats this as „special category“ (Art. 9) — the strictest protection class. We build our platform accordingly, instead of treating it as a standard web form.

Four protection layers — stacked

For patient data to leak, ALL of these layers would have to be compromised at the same time:

AES-256-GCM encryption in the database

Name, email, phone number and message are encrypted with AES-256-GCM before they are written to the database. Even with a full DB leak an attacker would only see ciphertext. The key is held exclusively in our application-server environment — never with database, backup, or other subprocessors.

The email to the therapist contains no content

Other platforms send the full inquiry text by email to the therapist. The email provider (e.g. Resend, SendGrid, Mailgun) then has the complete content in its mail logs. With us the email contains only a login link — the content stays encrypted in our DB and is decrypted only after the therapist logs in.

Automatic deletion after 30 days

A daily cron job scans inquiries older than 30 days and replaces name, email, phone and message content with clearly-marked placeholders. Aggregated data (count, topic, region) remain for statistics — patient identifiability does not.

EU infrastructure + redacted logs

Database (Neon, EU), hosting (Vercel, Frankfurt), email delivery (Brevo, France), analytics (PostHog, EU). Personally identifiable data does NOT appear in our server logs — we log structured IDs, never plaintext emails or message content.

Compared

What's standard with us — and what's typical on most comparable platforms.

Security aspect	How it should be MatchYourTherapy	Typical on other platforms
Inquiry content in the database	AES-256-GCM encrypted	Plaintext
Content in the email to the therapist	Login link only, no content	Full content in the mail body
Retention of plaintext content	Automatically deleted after 30 days	Often indefinite
DB server location	EU (Frankfurt)	Often USA
Personal data in server logs	Redacted (IDs only)	Often plaintext
Tracking cookies	Only with active consent	Often auto-enabled
Account deletion also clears marketing lists	Fully + automatically	Often only the user table

Inquiry content in the database

MatchYourTherapy

AES-256-GCM encrypted

Typical on other platforms

Plaintext

MatchYourTherapy

Fully + automatically

Typical on other platforms

Often only the user table

What we cannot promise

Marketing language often says „100% secure“ — that's not honest. Here are the limits of our protection:

We say this not because we have to — but because honest disclosure builds more trust than overpromising. You should know where we help and where we can't.

The therapist's email inbox

Once the notification email lands in the therapist's inbox we are out of the loop. If their email account is taken over, the attacker can use the login link — but they would also need to log in on our side (2FA-capable). Professional confidentiality (§ 45 PthG 2024, Austria) is the therapist's duty regardless.

Complete compromise of our server

The encryption key lives as an environment variable on our application server. Whoever compromises Vercel login + 2FA simultaneously could read the key and decrypt all inquiries of the last 30 days. Mitigated by: hard 2FA on all our service accounts, internal audit logs, short retention.

End-to-end encryption (patient-side keys)

True zero-knowledge would only be possible if you as a patient generated a key per inquiry and made it accessible only to your therapist. That is UX-heavy (browser cryptography, key recovery, mobile sync) and not implemented. We carry the risk that our server has to be trustworthy — and we are transparent about it.

For the technically interested

Want to know exactly what we do? The privacy policy lists all subprocessors with location, legal basis and protection measures. The data processing agreement (AVV) holds the contractual details for therapists.

Found a security issue?

We are grateful for responsible disclosure. Write to support@matchyourtherapy.at — we respond within 24 hours.

Find therapy with peace of mind.

You don't have to choose between „seeking help“ and „protecting your data“. With us, both work.

Find a therapist How does matching work?

AES-256-GCM

GDPR Art. 9

EU servers

30-day deletion

Why we're different here

Security aspect

How it should be

MatchYourTherapy

Typical on other platforms

Inquiry content in the database

AES-256-GCM encrypted

Plaintext

Content in the email to the therapist

Full content in the mail body

Retention of plaintext content

Automatically deleted after 30 days

Often indefinite

DB server location

EU (Frankfurt)

Often USA

Personal data in server logs

Redacted (IDs only)

Often plaintext

Tracking cookies

Only with active consent

Often auto-enabled

Account deletion also clears marketing lists

Fully + automatically

Often only the user table

For the technically interested

Found a security issue?

We are grateful for responsible disclosure. Write to support@matchyourtherapy.at — we respond within 24 hours.