Skip to main content

Security, Privacy & Support

Last updated: 18 June 2026

Hypno Admin Pro is built for professional hypnotherapists, so client information, session notes, scripts, bookings, and audio files are treated as confidential practice material. This page explains the practical safeguards in place today on the US service (AWS in the United States).

How Your Data Is Stored

On the US service, account authentication runs on Amazon Cognito. Database storage uses AWS RDS and files use AWS S3, under our HIPAA Business Associate Agreement with AWS. Access is account-based and scoped in application code so users only reach their own workspace.

Connections to the service use HTTPS encryption. Audio files and other saved materials are stored in AWS S3 rather than on your local device only, so a lost laptop or crashed browser does not remove your workspace data.

Sensitive client fields — including session notes, intake and consent details, and contact information — are additionally encrypted at rest using AES-256 application-level encryption, so the most personal information is stored as ciphertext rather than plain text. Stored third-party access tokens and integration keys are encrypted the same way.

Access Logging

Access to client records is recorded in a tamper-evident audit log. Each time a client record is viewed, created, edited, deleted, or exported, the system stores who performed the action and when. These entries are write-once: account holders can review their own trail, but it cannot be edited or deleted from within the app.

Payments And Card Details

Subscription payments for Hypno Admin Pro are processed by Stripe. Hypno Admin Pro stores subscription status and related Stripe identifiers so your account can be managed, but it does not store your card details.

Optional client session payments use Stripe Connect: when you connect Stripe in booking settings, clients can pay for paid bookings by card. Those payments are processed by Stripe and paid out to your connected Stripe account — Hypno Admin Pro does not hold client session fees.

AI Processing

AI features use OpenAI to process prompts and generate draft content. Hypno Admin Pro is designed so the practitioner stays in control: you review, edit, and approve any AI output before using it with clients.

Do not include identifiable client information in AI prompts unless you have a proper professional basis for doing so. In normal use, client names and private session notes do not need to be included in prompts.

Account Protection

Users can enable two-step verification with an authenticator app from the dashboard security settings. The dashboard also signs users out after a period of inactivity to reduce the risk of an unattended session staying open.

Data Breach Preparedness

Security is handled as an ongoing responsibility, not a one-time claim. The business maintains insurance cover that includes data breach scenarios, and any serious security or privacy incident would be handled according to legal notification duties and the practical needs of affected users.

HIPAA-Aligned Security Practices

Hypno Admin Pro follows HIPAA-aligned security practices: encryption of sensitive data at rest, encrypted connections, account-based access controls, a tamper-evident access log, and Business Associate Agreements with key sub-processors that handle data on our behalf (including OpenAI and Google).

To be clear about the boundary: this means the platform is built with HIPAA-aligned safeguards — it is not independently certified as “HIPAA compliant,” and it is not marketed as a HIPAA medical-records system. HIPAA compliance is a shared responsibility, so practitioners remain responsible for using the platform in a way that fits their own professional, legal, and regional obligations.

Support Policy

During the MVP stage, support is handled directly by email at info@hypnoadminpro.com. We aim to respond within 1-2 working days, with urgent access or billing issues prioritised where possible.

This is an actively maintained product. Bugs, support requests, and practitioner feedback are reviewed directly and used to guide improvements.

Responsible Disclosure

We welcome responsible disclosure of genuine security issues. If you believe you have found a vulnerability, please email the details and clear reproduction steps to info@hypnoadminpro.com and allow reasonable time for it to be reviewed and resolved before any public disclosure.

Hypno Admin Pro does not operate a paid bug bounty program and does not offer monetary rewards for reports. Please do not access, modify, or delete data that is not your own, and do not run automated scanning that could disrupt the service for other users.

More Detail

For the full legal privacy wording, including data types, retention, third-party services, read the Privacy Policy.