Last updated: February 2026
TinyPractice is a client management app for therapists and counselors, developed and operated by BrookFord LLC. We are committed to protecting your privacy and the privacy of your clients. This policy explains what data the app collects and how it is handled.
All data you enter into TinyPractice — including client names, session notes, appointments, and invoices — is stored exclusively on your device. Your data is not transmitted to, stored on, or accessible by any external server operated by TinyPractice or any third party. We do not have access to your data.
TinyPractice collects only the minimum data necessary to provide subscription functionality:
TinyPractice does not collect analytics, usage data, crash reports, location data, or any personal information about you or your clients. We do not use third-party analytics or tracking services. The only data transmitted from the app is anonymous subscription billing data to RevenueCat as described above.
TinyPractice offers optional paid subscriptions processed through the Apple App Store. Payment processing is handled entirely by Apple. We use RevenueCat to manage subscription status. RevenueCat receives an anonymous device identifier, subscription status, purchase history, and the Apple receipt for verification — it does not receive any of the data you enter into the app (client information, session notes, etc.). For more information, see RevenueCat's privacy policy.
TinyPractice includes an optional PIN lock feature to restrict access to the app on your device. Because all data is stored locally, the security of your data depends on the security of your device. We recommend enabling a device passcode and keeping your operating system up to date.
Because all your clinical data is stored on your device, the security of that data ultimately depends on the security of your device. We strongly recommend:
TinyPractice is designed for licensed healthcare professionals who may be subject to HIPAA. Under HHS guidance, BrookFord LLC is not a HIPAA Business Associate because we do not create, receive, maintain, or transmit Protected Health Information on behalf of any covered entity. Your data is stored exclusively on your device and we never access it. However, if you are a covered entity under HIPAA (as most licensed therapists conducting covered transactions are), you remain responsible for ensuring your own HIPAA compliance, including device security, backup handling, and access controls. TinyPractice is a tool that supports your compliance — it is not a substitute for your own security practices.
Depending on your state of residence or practice, you may have additional privacy rights:
If you have questions about your state-specific privacy rights, contact us.
If we become aware of a security incident that affects TinyPractice users, we will notify affected users within 60 days of discovery via email (if available) or through an in-app notice. If the incident affects 500 or more individuals, we will also report it to the Federal Trade Commission as required by the FTC Health Breach Notification Rule.
As the sole controller of the data you enter into TinyPractice, you are responsible for ensuring your use of the app complies with any applicable privacy laws, regulations, or professional obligations. TinyPractice is a record-keeping tool and does not provide legal or compliance advice.
You can delete all data at any time from within the app via Settings. Because your data is stored only on your device, deleting the app also removes all associated data. We cannot recover deleted data.
TinyPractice is not directed at children under 13 and does not knowingly collect information from children.
We may update this privacy policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision.
If you have questions about this privacy policy, contact us at support@tinypractice.app.