Skip to main contentSkip to navigation
matchyourtherapymatchyourtherapy
MatchingTherapistsLearn
Loading...
MatchYourTherapy logomatchyourtherapy

Find the right psychotherapy in Austria, anonymous, free, and easy to understand.

Navigation

  • Home
  • About us
  • Find Therapists
  • By city
  • By topic
  • Knowledge & Self-Help
  • Pricing for Therapists

Legal

  • Security
  • Privacy Policy
  • Terms of Service
  • Imprint
  • Data Processing Agreement
  • Accessibility

Contact

  • info@matchyourtherapy.at
  • Instagram (opens in new tab)

In an acute crisis? Help is available right now.

If you or someone else is in immediate danger, contact one of these services NOW, they are free and reachable 24/7.

  • 142 — Telefonseelsorge (24/7 helpline)
  • 147 — Rat auf Draht (children & teens)
  • 0800 222 555 — Women's helpline against violence
  • 144 — Emergency services
See all emergency numbers →

© 2026 MatchYourTherapy. All rights reserved.

Made with in Austria

Encrypted + GDPR-compliant

Your inquiry is encrypted. Always.

Psychotherapy inquiries contain especially sensitive health data. On most platforms they sit in plaintext in the database, in the provider's email inbox, and in the server logs. Not with us.

AES-256-GCMGDPR Art. 9EU servers30-day deletion

Why we're different here

If you write on a platform „I'm looking for trauma therapy after a sexual assault five years ago“, that's information which in the wrong hands can mean insurance discrimination, job-related stigma, or just embarrassing exposure to acquaintances. GDPR treats this as „special category“ (Art. 9), the strictest protection class. We build our platform accordingly, instead of treating it as a standard web form.

Four protection layers, stacked

For patient data to leak, ALL of these layers would have to be compromised at the same time:

1

AES-256-GCM encryption in the database

Name, email, phone number and message are encrypted with AES-256-GCM before they are written to the database. Even with a full DB leak an attacker would only see ciphertext. The key is held exclusively in our application-server environment, never with database, backup, or other subprocessors.

2

The email to the therapist contains no content

Other platforms send the full inquiry text by email to the therapist. The email provider (e.g. SendGrid, Mailgun) then has the complete content in its mail logs. With us the email contains only a login link, the content stays encrypted in our DB and is decrypted only after the therapist logs in.

3

Automatic deletion after 30 days

A daily cron job scans inquiries older than 30 days and removes name, email, phone and message content along with the topic, severity and postcode-region data. Only a pseudonymous remainder is kept (therapist ID, timestamp, match score and technical status flags), which is deleted entirely 12 months after anonymization.

4

EU infrastructure + redacted logs

Database (Neon, EU), hosting (Vercel, Frankfurt), email delivery (Brevo, France), analytics (PostHog, EU). Personally identifiable data does NOT appear in our server logs, we log structured IDs, never plaintext emails or message content.

Compared

What's standard with us, and what's typical on most comparable platforms.

Security aspect
How it should be
MatchYourTherapy
Typical on other platforms
Inquiry content in the databaseAES-256-GCM encryptedPlaintext
Content in the email to the therapistLogin link only, no contentFull content in the mail body
Retention of plaintext contentAutomatically deleted after 30 daysOften indefinite
DB server locationEU (Frankfurt)Often USA
Personal data in server logsRedacted (IDs only)Often plaintext
Tracking cookiesOnly with active consentOften auto-enabled
Account deletion also clears marketing listsFully + automaticallyOften only the user table

Inquiry content in the database

MatchYourTherapy

AES-256-GCM encrypted

Typical on other platforms

Plaintext

Content in the email to the therapist

MatchYourTherapy

Login link only, no content

Typical on other platforms

Full content in the mail body

Retention of plaintext content

MatchYourTherapy

Automatically deleted after 30 days

Typical on other platforms

Often indefinite

DB server location

MatchYourTherapy

EU (Frankfurt)

Typical on other platforms

Often USA

Personal data in server logs

MatchYourTherapy

Redacted (IDs only)

Typical on other platforms

Often plaintext

Tracking cookies

MatchYourTherapy

Only with active consent

Typical on other platforms

Often auto-enabled

Account deletion also clears marketing lists

MatchYourTherapy

Fully + automatically

Typical on other platforms

Often only the user table

What we cannot promise

Marketing language often says „100% secure“, that's not honest. Here are the limits of our protection:

We say this not because we have to, but because honest disclosure builds more trust than overpromising. You should know where we help and where we can't.

1

The therapist's email inbox

Once the notification email lands in the therapist's inbox we are out of the loop. If their email account is taken over, the attacker can use the login link, but they would also need to log in on our side (2FA-capable). Professional confidentiality (§ 45 PthG 2024, Austria) is the therapist's duty regardless.

2

Complete compromise of our server

The encryption key lives as an environment variable on our application server. Whoever compromises Vercel login + 2FA simultaneously could read the key and decrypt all inquiries of the last 30 days. Mitigated by: hard 2FA on all our service accounts, internal audit logs, short retention.

3

End-to-end encryption (patient-side keys)

True zero-knowledge would only be possible if you as a patient generated a key per inquiry and made it accessible only to your therapist. That is UX-heavy (browser cryptography, key recovery, mobile sync) and not implemented. We carry the risk that our server has to be trustworthy, and we are transparent about it.

For the technically interested

Want to know exactly what we do? The privacy policy lists all subprocessors with location, legal basis and protection measures. The data processing agreement (AVV) holds the contractual details for therapists.

Privacy policyView AVV

Found a security issue?

We are grateful for responsible disclosure. Write to support@matchyourtherapy.at, we respond within 24 hours.

Find therapy with peace of mind.

You don't have to choose between „seeking help“ and „protecting your data“. With us, both work.

Find a therapistHow does matching work?
AES-256-GCM
GDPR Art. 9
EU servers
30-day deletion