Last updated: April 13, 2026
Effective date: April 13, 2026
Tendly is operated by The Price Group Holdings LLC, a limited liability company, doing business as Tendly ("Tendly", "we", "us", or "our"). We provide a practice management platform for wellness practitioners, therapists, coaches, and other healthcare and wellness professionals.
For all privacy enquiries:
Email: privacy@tendly.health
This Privacy Policy applies to:
This policy explains how we collect, use, disclose, and protect personal information about:
Important distinction: Tendly is a business associate under HIPAA and a data processor under GDPR. When practitioners use the App to store information about their clients, Tendly processes that information on behalf of the practitioner (the covered entity or data controller). The practitioner is responsible for their own privacy obligations toward their clients. Tendly's obligations in respect of that data are governed by the Business Associate Agreement ("BAA") that every practitioner signs upon account creation.
Section 9 below contains specific information about how we handle protected health information ("PHI").
On the Site (marketing):
On the App (practitioner accounts):
Client records created by practitioners:
On the Site:
On the App:
We may receive limited information from:
| Purpose | Legal basis (GDPR) |
|---|---|
| Responding to waitlist signups and enquiries | Legitimate interests / performance of pre-contractual steps |
| Sending product updates to people who opted in | Consent |
| Measuring and improving the Site via analytics | Legitimate interests |
| Running interest-based advertising on Meta using the Meta Pixel | Legitimate interests (see Section 12.3 for opt-out options) |
| Complying with legal obligations | Legal obligation |
| Purpose | Legal basis (GDPR) |
|---|---|
| Creating and managing your account | Performance of contract |
| Processing payments and subscriptions via Stripe | Performance of contract |
| Providing the App and all its features | Performance of contract |
| Sending transactional communications (account alerts, invoices, security notices) | Performance of contract / Legitimate interests |
| Sending product and feature update communications | Legitimate interests (you may opt out at any time) |
| Preventing fraud, abuse, and security incidents | Legitimate interests / Legal obligation |
| Improving and developing the Services | Legitimate interests |
| Complying with legal obligations including HIPAA | Legal obligation |
We process client data entered by practitioners solely:
We do not use client data, session note content, transcripts, or any protected health information to train, fine-tune, or improve any artificial intelligence or machine learning models — ours or any third party's.
We do not sell your personal information. We do not share your personal information with third parties for their own marketing purposes.
We share information only in the following circumstances:
We use the following third-party services that process personal information on our behalf. All subprocessors handling PHI have signed a Business Associate Agreement with Tendly.
| Subprocessor | Purpose | Data processed | BAA in place |
|---|---|---|---|
| Supabase | Database hosting and storage | All account and client data | Yes |
| Vercel | Application hosting and deployment | Access logs, application requests | Yes (Enterprise) |
| Stripe | Payment processing | Billing information (not PHI) | No (not required) |
| OpenAI | AI note generation (Whisper + GPT-4o) | Session audio/text for note drafting only | Yes |
| Daily.co | HIPAA-compliant telehealth video | Video session content | Yes |
| Twilio | SMS reminders and notifications | Phone numbers, appointment details | Yes |
| Resend | Transactional email delivery | Email address, email content | Yes |
| Claim.MD | Insurance claim submission and ERA processing | Claim and billing data for insurance billing add-on | Yes |
| Google Analytics | Site analytics (marketing site only) | Anonymised usage data — not used on pages containing PHI | No |
| Vercel Analytics | Site and app performance | Anonymised usage data | No |
| Meta (Facebook) | Advertising measurement via Pixel (marketing site only) | Page views and standard events — not used inside the App | No |
We may disclose information where required by applicable law, regulation, court order, or lawful governmental request. Where legally permitted, we will notify you of such a request before disclosing.
If Tendly is involved in a merger, acquisition, or sale of all or a portion of its assets, personal information may be transferred as part of that transaction. We will notify affected users via the email address on their account before any such transfer occurs and before personal information becomes subject to a different privacy policy.
We may disclose information where necessary to protect the rights, property, or safety of Tendly, our users, or the public, and to detect or prevent fraud or security incidents.
We may share information for other purposes with your explicit consent.
Tendly is based in the United States. If you are located in the European Economic Area ("EEA"), the United Kingdom, or another jurisdiction with data transfer restrictions, your personal information will be transferred to and processed in the United States.
We rely on the following transfer mechanisms:
EU and UK Representative: Tendly does not currently have a physical establishment in the EEA or UK. We are in the process of appointing local representatives as required by Article 27 of the GDPR and the UK GDPR. Until appointed, please direct all privacy enquiries to privacy@tendly.health.
The Site and App are intended for adult professionals. We do not knowingly collect personal information directly from individuals under the age of 18 through account registration or the Site. If we become aware that we have inadvertently collected personal information from a child under 13 without verifiable parental consent in violation of COPPA, we will take steps to delete that information promptly.
Practitioners using Tendly may provide care to clients who are minors. In such cases:
If you believe we have received personal information relating to a minor in error, please contact privacy@tendly.health immediately.
To request deletion of your personal information, email privacy@tendly.health. We will respond within 30 days. Note that we may be required to retain certain information by law (for example, billing records) and will inform you of any such limitations at the time of your request.
This section applies to practitioners using the Tendly App and to client data stored within the App.
Tendly operates as a Business Associate under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (collectively, "HIPAA"). Every practitioner who creates a Tendly account enters into a Business Associate Agreement ("BAA") with Tendly at the point of account creation. This BAA governs Tendly's obligations with respect to protected health information.
When a practitioner uses the AI note generation feature, session audio or text descriptions are transmitted to OpenAI for processing. OpenAI has signed a BAA with Tendly covering this use. Session content submitted to the AI feature is not stored beyond the processing of the immediate request and is not used to train AI models.
When a practitioner uses the insurance billing add-on, claim data including PHI is transmitted to Claim.MD for claim submission and ERA processing. Claim.MD has signed a BAA with Tendly covering this use.
In the event of a breach of unsecured PHI, Tendly will notify affected practitioners without unreasonable delay and no later than 60 days following discovery of the breach, as required by the HIPAA Breach Notification Rule. Practitioners are responsible for notifying their affected clients and, where required, HHS and applicable media outlets in accordance with HIPAA.
Subject to applicable law, you have the right to:
To exercise any of these rights, contact privacy@tendly.health. We will respond within 30 days of receiving your request. We may need to verify your identity before fulfilling the request.
In addition to the above, if you are located in the EEA, you have the right to:
If you are located in the United Kingdom, the same rights described in Section 10.2 apply under the UK GDPR. You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
This section applies to California residents and supplements the rest of this policy. It is provided pursuant to the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA").
In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:
| Category | Examples | Collected? |
|---|---|---|
| Identifiers | Name, email address, IP address | Yes |
| Personal information (Cal. Civ. Code §1798.80) | Name, address, payment card information | Yes (limited) |
| Protected classification characteristics | None | No |
| Commercial information | Subscription and billing history | Yes |
| Internet or network activity | Browsing activity on our Site, app usage | Yes |
| Geolocation data | Approximate location derived from IP address | Yes |
| Professional or employment information | Professional credentials, license number | Yes (practitioners only) |
| Inferences | None | No |
| Sensitive personal information | Health information (client data only, processed as business associate) | Yes |
We use the above categories for the purposes described in Section 4. We do not use or disclose sensitive personal information for purposes other than those specified in CCPA Regulation 7027(m).
We do not sell your personal information.
We do not share your personal information with third parties for cross-context behavioural advertising, except that we operate a Meta Pixel on the marketing Site which may constitute "sharing" under the CCPA. You may opt out of this by:
California residents have the right to:
To exercise your CCPA rights, contact privacy@tendly.health with the subject line "California Privacy Request". We will respond within 45 days (extendable by a further 45 days with notice). We will verify your identity before fulfilling the request. You may designate an authorised agent to make a request on your behalf.
We use cookies and similar technologies on the Site and App for the following purposes:
| Category | Purpose | Can be declined? |
|---|---|---|
| Strictly necessary | Authentication, security, session management, cookie consent preferences | No — required for the Services to function |
| Analytics | Google Analytics, Vercel Analytics — measuring Site performance and usage | Yes — via our cookie consent tool |
| Advertising | Meta Pixel — measuring ad campaign performance on the marketing Site | Yes — via our cookie consent tool |
When you first visit the Site, we display a cookie consent banner that allows you to accept or decline non-essential cookies. You can update your preferences at any time by clicking the "Cookie settings" link in the Site footer.
We do not deploy analytics or advertising cookies inside the authenticated App environment where PHI may be present.
We operate a Meta Pixel on the marketing Site (tendly.health) to measure the effectiveness of our advertising campaigns on Meta platforms (Facebook and Instagram). The Pixel collects:
We do not pass email addresses, names, or any other personally identifying information to Meta via the Pixel.
The Pixel is not present on any page of the App (app.tendly.health). It operates on the marketing Site only.
To opt out of Meta's use of this data for advertising targeting, you can:
Our Site does not currently respond to Do Not Track signals from browsers. We do honour the Global Privacy Control (GPC) signal as described in Section 11.3.
We implement technical and organisational measures designed to protect your personal information from unauthorised access, loss, misuse, disclosure, alteration, and destruction. These measures include:
No method of transmission over the internet or electronic storage is 100% secure. While we work hard to protect your information, we cannot guarantee absolute security. In the event of a security incident affecting your personal information, we will notify you as required by applicable law.
The Site and App may contain links to third-party websites and services. This policy does not apply to those sites. We encourage you to review the privacy policies of any third-party sites you visit.
We may update this Privacy Policy from time to time. When we make material changes, we will:
Your continued use of the Services after the effective date of any changes constitutes acceptance of the updated policy. If you do not agree with the changes, you may close your account and request deletion of your data.
For all privacy-related enquiries, requests, or complaints:
The Price Group Holdings LLC (DBA Tendly)
Email: privacy@tendly.health
We will respond to all enquiries within 30 days.
If you are an EEA or UK resident and are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority. A list of EU supervisory authorities is available at edpb.europa.eu. The UK supervisory authority is the Information Commissioner's Office at ico.org.uk.
This Privacy Policy was last reviewed by legal counsel on April 13, 2026.