Secure by design
Secure by design
A privacy-first platform built to protect clinicians and clients.
Security you can trust
Psychology Tools is built on a foundation of robust information security, combining internationally recognized standards with thoughtful, privacy-first design. Security is more than a feature – it’s a core part of how we build, operate, and continuously improve our platform.
We take information security extremely seriously, so you can focus on providing effective therapy.
ISO 27001 Certified
We maintain full certification to ISO / IEC 27001, the leading international standard for information security management.
This means:
Clear and demonstrable security controls.
Systematic risk assessment and mitigation.
Ongoing monitoring, review, and improvement.
Regular external audits by an accredited body.
HIPAA-Aligned Platform
For customers in the United States, the Psychology Tools platform is designed to support compliance with HIPAA, with appropriate administrative, technical, and physical safeguards for protected health information (PHI). HIPAA compliance depends on appropriate use of the platform and, where required, a Business Associate Agreement (BAA) between Psychology Tools and the covered entity.
HIPAA-aligned safeguards include:
Secure storage and handling of sensitive data.
Strict access controls.
Encrypted communication and file delivery.
Security monitoring, logging, and access auditing.
Policies and processes aligned with the HIPAA Security Rule.
Built with privacy in mind
Security isn’t something we bolt on – it’s baked into the platform from the ground up. Psychology Tools acts as a data processor, supporting clinicians and organisations who remain in control of clinical decisions and patient data. The platform supports therapist-led care and does not provide diagnosis, treatment recommendations, or automated clinical decision-making, and is not intended to function as a medical device.
Privacy by design
We design features to minimize data exposure, protect sensitive information, and ensure clinicians maintain control.
Encrypted data flows
Client resource delivery – including worksheets and audio – is encrypted in transit using modern security protocols, with data encrypted at rest within our secure infrastructure.
Secure email delivery
Any sensitive emails sent through the platform use a specialist encrypted email provider, keeping your communications protected.
Least-privilege access
Access rights are strictly controlled to ensure data is only accessible to those who need it.
Regular penetration testing
We work with independent security specialists to proactively identify and remediate vulnerabilities.
Why security matters in clinical practice
Therapists and mental health services handle some of the most sensitive information a person can share. Strong security enables clinicians to:
Meet ethical and legal obligations.
Protect client confidentiality.
Reduce the risk of data breaches.
Work confidently in remote or hybrid settings.
Use digital tools while upholding professional standards.
Our platform is designed to support secure, responsible therapy delivery across all contexts.
Who benefits from a secure platform?
Individual clinicians and private practices
NHS, public health-system, and insurance-based services
Multidisciplinary and stepped-care teams
Organizations requiring HIPAA-aligned workflows
Clinicians working remotely or sharing materials digitally
Clients who need reassurance that their information is protected
A secure foundation for modern therapy
Your work is important – and it deserves a platform that safeguards your clients’ data at every step.
Start supporting better outcomes today
Explore evidence-based resources designed to help clinicians deliver effective therapy between sessions.