Data and Privacy

Where is my data stored?

All data is stored in a Supabase PostgreSQL database. Files (avatars, documents, attachments) are stored in Supabase Storage. Your data is not shared with other practitioners or third parties.

Row-Level Security (RLS)

Tendly uses PostgreSQL Row-Level Security to ensure you can only access your own data. Client portal users can only see data belonging to their linked practitioner. This is enforced at the database level, not just the application level.

AI and your data:

When you use AI features (note generation, transcription, treatment plans), your session data is sent to the AI provider (Anthropic for text, OpenAI for audio) for processing. The AI providers do not store or train on your data. AI features are optional and gated behind an explicit add-on — they're never used unless you initiate them.

Audit logging:

All data access events are recorded in the audit log (Settings → Audit Log). This includes viewing, creating, editing, and deleting records. Audit logs are retained according to HIPAA requirements.

Deleting your data:

Contact support to request account deletion. We'll remove your account and all associated data in compliance with applicable regulations.