session.do
Privacy

Privacy Policy

This policy describes what we collect, how we use it, who we share it with, and the choices available to people who use Session.do.

Effective date: May 9, 2026

Contact: [email protected]

Service-first collection

We collect information needed to run Session.do, support users, protect the service, and improve the product.

No sale of personal data

We do not sell personal information and do not share it for cross-context behavioral advertising.

Practitioner-controlled records

Practitioners decide what client, booking, session, and invoice information they add to their workspace.

Security by design

We use technical and organizational safeguards to protect information, while recognizing no system is perfect.

This page is written for clarity, but privacy obligations can depend on where users are located and how each practitioner uses the product. Practitioners should make sure their own client notices match their practice and local requirements.

1. Scope

This Privacy Policy explains how Session.do collects, uses, discloses, and protects personal information when you visit www.session.do, useapp.session.do, use public booking pages, communicate with us, or otherwise interact with our services.

Session.do is built for practitioners and small teams who manage live-session practices. When a practitioner adds client records, booking details, session notes, invoices, or related business data to Session.do, the practitioner is usually responsible for deciding what information is collected and why. Session.do processes that information to provide the service.

2. Information we collect

We collect information from the following sources, depending on how you use Session.do:

  • Account and profile information: name, email address, phone number, login details, organization name, role, settings, and preferences.
  • Practice and client information: contacts, client notes, tags, session history, services, schedules, booking details, packages, invoices, payment status, and communications you choose to store in the product.
  • Booking information: information a client submits when booking or managing a session, such as name, contact details, selected service, time, answers to booking questions, and cancellation or rescheduling details.
  • Payment and billing information: plan, invoice, transaction, payment-provider status, billing contact details, and related records. Payment providers may collect card, bank, wallet, or other payment details directly under their own terms.
  • Support and communications: messages, feedback, waitlist submissions, survey responses, and information you provide when contacting us.
  • Device, usage, and log information: IP address, browser and device type, pages viewed, referring pages, timestamps, approximate location derived from IP address, diagnostics, and security logs.

Please do not add protected health information, highly sensitive identity numbers, or other regulated data unless Session.do has expressly agreed in writing to support the applicable obligations for that data.

3. How we use information

We use personal information to:

  • provide, maintain, secure, and improve Session.do;
  • create and manage accounts, organizations, booking pages, schedules, packages, invoices, and payments;
  • send service messages, confirmations, reminders, product updates, support replies, and administrative notices;
  • monitor service health, prevent fraud, debug issues, enforce terms, and protect users and the public;
  • understand feature usage and improve onboarding, product quality, and reliability;
  • send marketing communications where permitted, with the ability to opt out; and
  • comply with legal, tax, accounting, security, and dispute-resolution obligations.

4. Cookies and similar technologies

We may use cookies, local storage, pixels, and similar technologies to keep the service working, remember preferences, measure usage, improve performance, and protect against abuse. Some cookies are essential for authentication, security, and product operation.

You can control cookies through your browser settings. Blocking some cookies may affect parts of Session.do, including sign-in, booking, or security features.

5. How we share information

We share personal information only as needed for the purposes described in this policy:

  • Service providers: hosting, storage, analytics, email delivery, support tooling, security, payment processing, and other vendors that help us operate Session.do.
  • Practitioners, clients, and team members: information may be visible to workspace members and booking participants based on product features, permissions, and the actions of the practitioner or organization.
  • Payment providers: transaction information is shared with payment providers to process payments, reconcile invoices, prevent fraud, and meet compliance obligations.
  • Legal and safety reasons: we may disclose information to comply with law, respond to valid legal process, enforce our terms, or protect rights, safety, and security.
  • Business transfers: information may be transferred if we are involved in a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate safeguards.

We do not sell personal information and do not share personal information for cross-context behavioral advertising.

6. Retention

We keep personal information for as long as needed to provide Session.do, maintain business records, resolve disputes, enforce agreements, protect the service, and comply with legal obligations. Retention periods vary based on the type of information and the reason we keep it.

Practitioners and organizations can delete or export certain workspace data through product features where available. Some information may remain in backups, logs, payment records, tax records, or security records for a limited period.

7. Security

We use administrative, technical, and organizational safeguards designed to protect personal information. These safeguards may include access controls, encryption in transit, monitoring, logging, vendor review, and separation of duties.

No internet service can guarantee absolute security. You are responsible for using a strong password, limiting access to your workspace, keeping devices secure, and promptly telling us about suspected unauthorized access.

8. Privacy choices and rights

Depending on your location, you may have rights to access, correct, delete, restrict, object to, or receive a copy of personal information.

  • Account information: practitioners can update certain account and organization details in the product.
  • Marketing: you can opt out of marketing emails by using the unsubscribe link or contacting us.
  • Client records: if your information is managed by a practitioner using Session.do, we may direct your request to that practitioner.
  • California and other regional rights: eligible users may request access, deletion, correction, portability, opt-out of sale or sharing, limitation of sensitive information, and non-discrimination for exercising privacy rights.

To make a privacy request, email [email protected]. We may need to verify your request before acting on it.

9. International transfers

Session.do may process and store information in countries other than where you live. When information is transferred internationally, we use safeguards designed to protect it in accordance with applicable law.

10. Children

Session.do is not directed to children under 13. We do not knowingly collect personal information directly from children under 13. If you believe a child has provided personal information directly to us, contact us so we can review and delete it where appropriate.

11. Changes to this policy

We may update this Privacy Policy as Session.do changes or as legal, technical, or business needs evolve. If changes are material, we will take reasonable steps to notify users, such as updating the effective date, posting a notice, or sending an email.

12. Contact us

Questions or privacy requests can be sent to [email protected].

Privacy questions

Email us and we will route the request to the right team.

Email privacy