Jenny Palmer Therapy

Security & Data Protection

Last updated: 2026

Our Security Commitment

At Jenny Palmer Therapy, protecting your privacy and the security of your personal and clinical information is our highest priority. We implement industry-leading security measures to ensure your data remains confidential and secure throughout your therapy journey.

Data Encryption

All data transmitted between your device and our servers is encrypted using:

  • SSL/TLS Encryption: Industry-standard 256-bit encryption protects all data in transit
  • HTTPS Protocol: Secure connections ensure that all communications are encrypted
  • Encrypted Storage: Sensitive data is encrypted at rest using advanced cryptographic protocols
  • End-to-End Encryption: Therapy session communications use secure, encrypted video conferencing

Access Controls & Authentication

We limit access to your information through:

  • Multi-factor authentication for staff accounts
  • Role-based access controls ensuring only authorized personnel can access your data
  • Secure password policies requiring strong, regularly updated credentials
  • Session timeouts to prevent unauthorized access on shared devices
  • Complete audit trails tracking who accesses your information and when

Infrastructure Security

Our systems are protected by:

  • Secure Servers: Data hosted on protected, monitored servers with intrusion detection systems
  • Firewalls: Multiple layers of firewalls preventing unauthorized access
  • Regular Backups: Redundant backups ensure data availability and recovery capability
  • Network Monitoring: 24/7 monitoring for suspicious activity and security threats
  • Vulnerability Assessments: Regular security testing and penetration testing to identify and address weaknesses

Legal & Regulatory Compliance

We comply with all applicable data protection and privacy regulations, including:

  • UK Data Protection Act 2018: Full compliance with UK data protection law
  • General Data Protection Regulation (GDPR): Adherence to GDPR requirements for data processing and rights
  • Health and Care Professions Council (HCPC): Compliance with professional standards for therapist conduct
  • British Association for Behavioural and Cognitive Psychotherapies (BABCP): Adherence to CBT standards and ethical guidelines
  • NHS Standards: Alignment with NHS data security and information governance requirements

Therapy Session Security

Your therapy sessions are protected through:

  • Encrypted video conferencing technology
  • Secure login requirements for session access
  • Session recording options (only with explicit consent) using encrypted storage
  • Private, confidential session environments
  • No recording, monitoring, or sharing of sessions without your written consent

Staff Training & Confidentiality

All staff members are:

  • Trained in data protection and security procedures
  • Required to sign strict confidentiality agreements
  • Subject to professional codes of conduct
  • Trained in identifying and reporting security incidents
  • Bound by therapist-client privilege

Incident Response & Notification

In the unlikely event of a security breach, we have protocols in place to:

  • Immediately investigate and contain the incident
  • Notify affected individuals without undue delay
  • Notify regulatory authorities as required by law
  • Document the incident and implement preventative measures

Third-Party Vendors & Sub-processors

Any third-party service providers we work with (hosting, payment processing, communications) are:

  • Carefully vetted for security practices and compliance
  • Required to sign Data Processing Agreements (DPAs)
  • Bound by GDPR and data protection obligations
  • Audited regularly to ensure continued compliance
  • Restricted from using your data for any purpose other than providing agreed services

Your Device Security

To protect your information on your end, we recommend:

  • Keep your device operating system and software updated
  • Use a strong, unique password for your account
  • Enable two-factor authentication if available
  • Use secure, private Wi-Fi networks for therapy sessions
  • Avoid accessing your account on public or shared computers
  • Log out after each session, especially on shared devices
  • Use up-to-date antivirus and anti-malware software

Right to Audit

You have the right to audit our security and data protection practices. If you have concerns or would like to understand more about our security measures, please contact us for a detailed information security assessment.

Continuous Improvement

Security is an ongoing process. We:

  • Conduct regular security reviews and assessments
  • Stay current with emerging security threats and best practices
  • Update our security measures as technology evolves
  • Solicit feedback from clients about security concerns
  • Participate in security training and certifications

Security Concerns & Reporting

If you discover a security vulnerability or have concerns about how we handle your data, please contact us immediately:

Jenny Palmer Therapy
Email: jennypalmertherapy@outlook.com
Address: 4th Floor, Silverstream House, 45 Fitzroy Street, Fitzrovia, London, W1T 6EB

We take all security reports seriously and investigate them thoroughly. We do not tolerate retaliation against individuals who report security concerns in good faith.