SimplePractice Privacy Policy

Last Updated: February 1, 2024


This Privacy Policy describes how SimplePractice LLC (“SimplePractice” or “we” or “us” or “our”) uses and discloses the Personal Information our customers (“Customers” or “you”) provide to us or that we collect when you use our websites, mobile applications, software, platforms and services that we operate and that link to this Privacy Policy (“Services”). Before using the Services or otherwise providing Personal Information to us, please review this Privacy Policy carefully.


Certain SimplePractice Services may use a different privacy policy to provide notice to you about how we use and disclose the Personal Information we collect in the context of that Service. To the extent that we post or reference a different privacy policy, that different privacy policy, not this Privacy Policy, will apply to your Personal Information collected in the context of that Service.


This Privacy Policy is not a contract and does not create any legal rights or obligations.

1. Note to SimplePractice Customers and their Clients

This Privacy Policy does not apply to the Personal Information we may collect about our customer’s patients and clients (“Clients”) in the context of providing the Services. Please refer to the Client Portal Privacy Policy to understand how we may collect and process Client personal information on behalf of our Customers. Our treatment of Client Personal Information is further governed by our agreements with our customers, including our Terms of Service and HIPAA Business Associate Agreement, as applicable (our “Agreement”). If any provision in our Agreement conflicts with any provision in this Privacy Policy, the provision in our Agreement will control to the extent of such conflict.


We have a limited relationship with the Clients of our Customers. If we receive inquiries or requests from Clients about their Personal Information, we will honor those requests as required by applicable data privacy laws. We will also direct Clients to our Customers, the controller of their personal information.

2. Personal Information We Collect

“Personal Information” is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household, such as your name, email address, IP address, telephone number, and broader categories of information such as your professional, educational or health information, commercial information and internet activity. Personal information does not include aggregated or de-identified information that is maintained in a form that is not capable of being associated with or linked to a person.


In the course of our business and in providing our Services to you, we may collect Personal Information directly from you and automatically through our use of cookies and other data collection technologies. We may also collect your Personal Information from third-party sources, such as our business partners, affiliates and social media platforms (if you interact with us through your social media account). We will treat Personal Information collected from third-party sources in accordance with this Privacy Policy but we are not responsible for the accuracy of information provided by third parties or for their policies or practices.


The categories of Personal Information we collect from you depend on your interactions with us. For example, we may collect:


  • Identifiers and contact information, such as your name, email address, mailing address, phone numbers, government-issued IDs (such as driver’s licenses), IP addresses, and unique identifiers such as your usernames and passwords. We collect this information directly from you and from third-party sources for the purpose of creating and managing your SimplePractice account (“Account”), for communicating with you, verifying your identity, and providing our Services to you.
  • Professional and employment-related information, such as your business name, your license information, calendar and scheduling information, and other information related to your business. We collect this information directly from you for the purpose of administering your Account and providing you our Services, including facilitating your use of our Continuing Education (CE) Marketplace.
  • Billing information, such as credit or debit card numbers and tax IDs. We collect this information directly from you in order to process your payments for our Services. We also collect your insurance information in order to process payments made to you by your Clients.
  • Audio, electronic and visual information, such as your photograph or image, your voice and other similar information. We process this information to enable your use of our Telehealth service and to verify your identity when you send in images of your government-issued IDs. We may also use video of you, with your consent, for optional customer testimonials that we share internally.
  • Internet, device, and other electronic network activity information, such as your browsing history, search history, and your interactions with our Services and advertisements. We collect this information through our cookies and other tracking technologies to conduct business analytics in order to improve our business functionality and Services to you. Please review the “Data Collection Technologies and Cookies” section below to learn more about our use of cookies and data collection technologies.
  • Commercial information, such as products and services you have purchased from us. We collect this information to maintain customer records, identify trends in our customer relationships, and conduct business analytics.
  • Profile information and inferences, such as information about your preferences and characteristics. We collect profile information by drawing inferences from the above categories of Personal Information in order to understand your preferences and tailor our services and communications to you.
  • Sensitive personal information, such as your account login information, credit or debit card number, social security number, race or ethnic origin, sexual orientation and preferences, and religious or philosophical beliefs. We collect this information in order for you to login, access, and pay for the Services. Your social security number (SSN) is only collected if you choose to enter it in your Billing Settings. The last four digits of your SSN may also be collected if you choose to apply for an Online Payments account. Race, ethnic origin, sexual orientation and preferences, and religious or philosophical beliefs are only collected if you choose to enter it into the Services for your Professional Website, as applicable.

3. How We Use Personal Information

In addition to the purposes for collection described above, we also collect and use your Personal Information for the following general purposes:


  • To maintain and service your Account, including to send you requested product and Service information, and to send you product and Service updates;
  • To respond to your customer service requests and address your questions and concerns;
  • To send you newsletters and marketing communications; you have the ability to opt-out of our marketing and promotional communications as described in the “Access and Choice” section of this Privacy Policy;
  • To administer and improve services (including the Services) and marketing efforts, including, but not limited to, measuring the effectiveness of the websites, diagnosing problems with our servers, and analyzing traffic;
  • To understand and respond to your needs and preferences, including to contact and communicate with you regarding surveys, research, and evaluations; you have the ability to opt-out of product research communications as described in the “Access and Choice” section of this Privacy Policy;
  • To develop, enhance, market, sell or otherwise provide products and services;
  • To develop and manage our databases, businesses, and operations;
  • To engage in business transactions, including the provision of products and services involving us and other third parties with whom we establish a relationship;
  • To detect security incidents, to protect against malicious, deceptive, fraudulent or illegal activity, and to comply with our policies and procedures;
  • To comply with our legal, regulatory and risk management obligations, including establishing, exercising and/or defending legal claims;
  • Any other purpose with your consent.


Referral Program: SimplePractice has a referral program that allows our existing customers to refer our Services to others. If a customer refers someone to SimplePractice, we will let that person know that a referral was generated. For those that receive a referral to our Services, we may collect their contact information from their colleague in order to send you the referral content. Please visit our Refer-a-Colleague page for more information about the terms of our referral program.

4. How We Share and Disclose Personal Information

We may share your Personal Information in the following circumstances:


  • Publicly, but only with your permission: We may share your Personal Information publicly with your permission. For example, with your permission, we may publicly post your photograph, your name, professional titles, and comments on the “Reviews” section of our websites.
  • To Service Providers: We may share your Personal Information with companies that provide services to us, such as for hosting, marketing and communication services, professional advising services, and payment processing (“Service Providers”). When you use our CE Marketplace, we may also share, with your permission, your name and license information with Service Providers to generate course completion certificates. Our policy is to authorize these Service Providers to use your Personal Information only as necessary to provide services for us, and we require that the appropriate contracts are in place to ensure they do not use or disclose your Personal Information for any other purpose.
  • To parties outside of SimplePractice:
    • If you join our Services as a result of a referral under our referral program, we may share your name and the fact that you joined our Services with the person who referred you.
    • We may share your Personal Information with our parent and affiliate companies in order for them to provide analytics across the entire corporate family and for other internal business purposes.
    • We may share your Personal Information with third parties, such as insurance payers, who we work with to improve and enhance our Services.
    • From time to time, we may be required to provide Personal Information to a third party in order to comply with a subpoena, court order, government investigation, or similar legal process.
    • We may also share your Personal Information to third parties, such as law enforcement agencies, when we, in good faith, believe that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
    • To any other third party for whom you have given your consent for us to share your Personal Information.
  • In a corporate transaction: If SimplePractice is involved in a corporate transaction, such as a bankruptcy, merger, acquisition, reorganization, or sale of all or a portion of its assets, we may share or transfer your Personal Information as part of any such transaction.

5. Access and Choice

Account Settings: If your Personal Information changes, or if you no longer desire our Services, you may modify or remove it by logging into your Account and making the changes in your Account settings.


Marketing Opt-out Preferences: You can opt out of receiving marketing emails by using the unsubscribe link contained in the email. We may still send you emails about your relationship with us and your transactions, including Account information and alerts, purchase confirmations, and updates to our products, services and policies.


Account Deletion: SimplePractice customers may cancel and delete their Accounts at any time. Before canceling and deleting your account, please export your data using a private internet connection that is password protected. SimplePractice is not responsible for any lost or stolen data resulting from a customer’s lack of diligence or failure to follow reasonable security protocols during or after the data export process. Please note, if you do not export your data before deleting your account, there may be no way to retrieve the data.


After you have exported your data and stored it in a secure location, you may proceed to canceling and deleting your account by navigating to “Subscription Information” under “Settings.” You will see a link on the bottom of the page that says “Cancel my account” You may select this option, follow the prompts and proceed to cancel and delete your account.


If you would like a copy of our HIPAA Business Associate Agreement, please visit https://www.simplepractice.com/baa/. Please understand that we will not be able to provide you certain Services if you cancel and delete your account. 


Product Research Opt-out Preferences: Occasionally, we may contact you regarding opportunities to participate in product research, surveys, or other product testing. We will provide you with clear and concise instructions, specific to the method we use to contact you, regarding how to opt-out of product research communications.

6. Data Collection Technologies and Cookies

As is true of many digital properties, we and our third-party partners may automatically collect certain information from or in connection with your device when visiting or interacting with our Services, such as:


  • Log Data, including internet protocol (IP) address, operating system, device type and version, browser type and version, browser ID, the URL visited and the referring page/campaign, date/time of visit, other user agent string data, the time spent on our Services, and any errors that may occur during the visit to our Services. Log data may overlap with the other categories of data below.
  • Analytics Data, including the electronic path you take to our Services, through our Services and when exiting our Services, UTM source, as well as your usage and activity on our Services, such as the time zone, activity information (first and last active date and time), usage history (emails opened, total log-ins) as well as the pages and links you view, click or otherwise interact with.
  • Location Data, such as general geographic location which can be inferred based on your IP address.


We and our third-party Service Providers may use (i) cookies or small data files that are sent to your browser from a web server and stored on your computer’s hard drive and (ii) other, related technologies, such as web beacons, pixels, SDKs, embedded scripts, and data collection technologies (“cookies”) to automatically collect this information. We may use this information to monitor and analyze how you use and interact with our Services.


We use information gathered from these technologies so that we can analyze trends, administer the Services, and track users’ movements around the Services.


If you would prefer not to accept cookies, most browsers will allow you to change the setting of cookies by adjusting the settings on your browser to: (i) notify you when you receive a cookie, which lets you choose whether or not to accept it; (ii) disable existing cookies; or (iii) set your browser to automatically reject cookies. Be aware that disabling cookies may negatively affect the functionality of this and many other websites that you visit. Disabling cookies may result in also disabling certain functionalities and features of the Services.


Depending on your device and operating system, you may not be able to delete or block all cookies. In addition, if you want to reject cookies across all your browsers and devices, you will need to do so on each browser on each device you actively use. You may also set your email options to prevent the automatic downloading of images that may contain technologies that would provide us with information about your access to and engagement with the email and its contents.

Do Not Track: Please note that our Services are not presently configured to respond to “do not track” or “DNT” signals from web browsers or mobile devices. As such, we do not recognize or respond to Do Not Track requests. We do, however, recognize and respond to Global Privacy Control or “GPC” browser signals, which allow you to control your online privacy by communicating your personal tracking preferences to participating websites.

7. Retention and Security

We will retain your Personal Information for as long as your Account is active, as needed to provide you Services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.


We follow generally accepted standards to protect the Personal Information submitted to us, both during transmission and once we receive it. For example, when you enter sensitive information (such as your login credentials), we encrypt the transmission of that information using secure socket layer technology (SSL). However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.

8. Data Privacy Statement

Residents of certain states have specific rights under their state’s privacy laws. The disclosures and privacy rights below apply to individual residents of the state of California, Colorado, Connecticut, Nevada, Utah, and Virginia.


Personal Information Disclosures: In general, within the preceding 12 months:


  • We have collected the categories of Personal Information listed in Section 2 above.
  • We have collected these categories of Personal Information directly from you, when you use our Services, automatically through data collection technologies, and from third parties for the purposes described in Sections 2 and 3 above.
  • We have disclosed the following categories of Personal Information for business purposes: Identifiers and contact information; professional and employment-related information; billing information; audio, electronic, and visual information; commercial information; profile information and inferences; and internet network activity information.
  • We have not sold your Personal Information.


Data Privacy Rights: Customers who wish to exercise the rights listed below should send an email to privacy@simplepractice.com or fill out this form.


  • The right to know. You have the right to request to know (i) the specific pieces of Personal Information we have about you; (ii) the categories of Personal Information we have collected about you in a designated time period; (iii) the categories of sources from which that Personal Information was collected; (iv) the categories of your Personal Information that we sold or disclosed in a designated time period; (v) the categories of third parties to whom your Personal Information was sold or disclosed in a designated time period; and (vi) the purpose for collecting and selling your Personal Information.
  • The right to deletion. You have the right to request that we delete the Personal Information that we, including our third-party Service Providers, have collected or maintain about you. We may deny your request under certain circumstances, such as if we need to comply with our legal obligations or complete a transaction for which your Personal Information was collected. If we deny your request for deletion, we will let you know the reason why.
  • The right to correct. You have the right to request correction of any inaccurate Personal Information we have about you.
  • The right to access and data portability. You have the right to easy and portable access to all pieces of Personal Information that we have collected or maintain about you.
  • The right to opt-in and opt-out of selling of your Personal Information. We do not sell your Personal Information.
  • The right to opt-in and opt-out of sharing of your Personal Information for cross-contextual behavioral advertising, otherwise referred to as targeted advertising. You can manage your preferences here.
  • The right to limit use and disclosure of sensitive personal information. You have the right to restrict the ways in which we use and disclose your sensitive personal information. We do not use, share, or disclose your sensitive personal information in any way, except as outlined in this privacy policy for the purposes of providing our Services to you. We do not exchange sensitive personal information for targeted advertising, nor for any commercial or monetary purposes.
  • The right to opt-out of profiling based upon personal data. You have the right to opt-out of any processing of personal data for the purposes of profiling for decisions that produce legal effects or similarly significant effects on you. We do not use your Personal Information for this purpose.
  • The right to equal service. If you choose to exercise any of these rights, we will not discriminate against you in any way. If you exercise certain rights, understand that you may be unable to use or access certain features of our Services.


We will take steps to verify your identity before processing your privacy rights requests. We will not fulfill your request unless you have provided sufficient information for us to verify you are the individual about whom we collected Personal Information. If you have an Account with us and use our Services, we will use our existing Account authentication practices to verify your identity. If you do not have an Account with us, we may request additional information about you to verify your identity. We will only use the Personal Information provided in the verification process to verify your identity or authority to make a request and to track and document request responses, unless you initially provided the information for another purpose.


You may use an authorized agent to submit a privacy rights request. When we verify your agent’s request, we may verify both your and your agent’s identity and request a signed document from you that authorizes your agent to make the request on your behalf. To protect your Personal Information, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on their behalf.


Appealing Privacy Rights Decisions: You may appeal a decision we have made in connection with your privacy rights request. All appeal requests should be submitted by emailing us at privacy@simplepractice.com with the subject line “Privacy Request Appeal.”


Shine the Light: Our California customers are also entitled to request and obtain from SimplePractice once per calendar year information about any of your Personal Information shared with third parties for their own direct marketing purposes, including the categories of information and the names and addresses of those businesses with which we have shared such information. To request this information please contact us at privacy@simplepractice.com.

9. Additional Information

Information for Visitors from Outside of the United States: We are committed to complying with this Privacy Policy and the data protection laws that apply to our collection and use of your Personal Information. We are located in the United States, where the laws may be different and, in some cases, less protective than the laws of other countries. By providing us with your Personal Information and using the Services, you acknowledge that your Personal Information will be transferred to and processed in the United States and other countries where we and our vendors operate.


Social Media Widgets: Our Services may include social media features, such as the Facebook Like button, and widgets, such as the “Share this” button, or interactive mini-programs that run on our websites (collectively referred to as “Features”). These Features may collect your IP address, which page you are visiting, and may set a cookie to enable the Feature to function properly. The Features are either hosted by a third party or hosted directly on our Services. Your interactions with these Features on a third-party site are governed by the privacy policy of the company providing it.


Links to Other Sites: The Services may contain links to other sites that are not owned or controlled by SimplePractice. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage you to be aware when you leave our site and to read the privacy statements of each and every website that collects Personal Information. This Privacy Policy applies only to information collected by our Services.


Children’s Privacy: The Services we provide to our Customers are not directed to, nor do we knowingly collect any Personal Information from children under 13. If we learn that we have received any Personal Information directly from a child under the age of 13 without first receiving the child’s parent’s verified consent, we will use that Personal Information only to respond directly to that child (or the parent or legal guardian) to inform the child that he or she cannot use the Services. We will then subsequently delete that child’s Personal Information. If you believe that a child under 13 may have provided us with Personal Information, please contact us at privacy@simplepractice.com.


Changes to This Policy: We may update this Privacy Policy to reflect changes to our information practices. If we make any material changes, we will notify you by email (sent to the email address specified in your Account) or by notice through our Services prior to or upon the change becoming effective. We encourage you to review this page periodically for the latest information on our privacy practices.

10. Contact Us

For help with matters not related to exercising your rights under the aforementioned privacy laws, please contact us at SimplePractice Support.