Your Data on Reflective

At Reflective, we recognize the critical nature of privacy and security in the digital age, especially when it comes to sensitive health information. Our commitment extends beyond compliance; it is embedded in the fabric of our operational ethos. Reflective’s team, regardless of their direct use of the platform, undergoes comprehensive HIPAA Compliance training, emphasizing the dual importance of legal and moral obligations to user data privacy. This holistic approach to privacy and security is a cornerstone of our organizational culture.

Reflective is engineered with HIPAA compliance as its foundation, ensuring the highest standards of data protection and privacy. Our system employs advanced encryption, secure data storage, and regular audits as part of our comprehensive strategy to protect user information from unauthorized access, use, or disclosure. We also adhere to the principles of GDPR and CCPA, reinforcing our commitment to data privacy on a global scale.

For therapists joining Reflective, access to necessary information is granted solely to specific team members who have completed HIPAA training and only for the purposes of customer support and product development. Patient information remains confidential, accessible only to their respective therapists. Our internal protocols ensure that while we can assess the volume of patient engagement, the specifics of patient identity and their therapeutic activities remain private.

Reflective champions the privacy of user-generated content, including Thought Records, Mood Trackers, Journals, custom assignments and more. By default, these submissions are shared with the user’s therapist, with the option for users to adjust privacy settings according to their comfort level. This feature underscores our dedication to providing a secure, user-centric platform.

Our commitment to enhancing Reflective’s user experience and clinical efficacy involves analyzing aggregated data. This process helps inform product development and clinical advisory without compromising individual privacy. Decisions to maintain user anonymity in customer support underscore our priority of user privacy over operational convenience.

To protect user data, Reflective employs AES-256 encryption for data at rest and TLS protocols for data in transit. This dual-layered approach ensures that both stored and transmitted data are shielded with the highest level of security, reflecting our commitment to leveraging cutting-edge technology for data protection.

Reflective’s policy stipulates clear exceptions for data sharing, which include compliance with law enforcement requests validated by legal requirements. Our procedures for such scenarios are designed to minimize exposure, adhering strictly to HIPAA guidelines and ensuring that any data sharing is conducted with the utmost care for privacy.

We are grateful for the trust you place in Reflective and are committed to transparency regarding our privacy and security practices. For a more detailed exploration of our policies, we invite you to review our Terms and Conditions as well as our Privacy Policy. Your questions, comments, and concerns are invaluable to us, and we encourage you to reach out to or directly to Avi Zuber at