← Back home

Compliance & Privacy

Plain-English explanation of how the platform handles your data.

The short version

Clocked & Supervised is a supervision tracking tool, not an EHR. It is intentionally designed to stay outside HIPAA scope by not collecting Protected Health Information (PHI). Use client initials or case numbers only when documenting supervision.

What you can store here

  • Intern profile data (name, license track, registration info)
  • Supervision session metadata (date, duration, modality, location)
  • Topics, themes, interventions discussed — described in general terms
  • Cases referenced by initials or case number only
  • Hours logs, milestones, evaluations, and uploaded supervision documents

What you should not store here

  • Client full names, dates of birth, addresses, phone, email, or SSN
  • Diagnoses tied to identifiable individuals
  • Photos, recordings, or session transcripts of clients
  • Insurance/billing identifiers belonging to clients

These rules are also part of our Terms of Use.

How we protect your data

  • Encryption in transit (TLS) and at rest
  • Row-level security — every record is scoped to the supervisor or intern who owns it
  • Authentication via email + password, with reset flows
  • Access to uploaded documents is restricted to the linked supervisor + intern
  • Hosted on enterprise-grade cloud infrastructure with isolated, audited environments
  • You can export or delete your data at any time

We don't train AI on your data

Your records, supervision notes, hours logs, uploaded documents, and support messages are never used to train AI models, ours or any third party's. The platform does not currently send your content to AI providers. If AI-assisted features are ever introduced, they will be opt-in and disclosed here before launch.

Why “no PHI” is a feature

HIPAA covers identifiable health information. Supervision documentation does not require client identifiers — boards want to see your hours, ratios, and milestones, not who your clients are. By keeping client references to initials or case numbers, you produce defensible board records and stay out of HIPAA scope. That keeps the platform fast, affordable, and simple.

Important disclaimer

This page describes how the platform is designed and operated. It is not legal advice. You are responsible for confirming your own state board's documentation requirements and for complying with HIPAA, state privacy laws, and any agreements you have with your employer or covered entity.

About the platformPrivacy PolicyTerms of Use