Client notes, session transcripts, call recordings, payment data. Practions is built so you can trust what the system does with that information at every step, and walk away without leaving anything behind.
Audio and video flow directly between your browser and your client's, with WebRTC's built-in DTLS-SRTP encryption. Our servers don't see the media stream.
Your client clicks an invite link and connects instantly. No app, no download, no account. The link is valid for a few hours and tied to a specific session. During the call our STUN/TURN servers only help establish the connection. The call content does not pass through them.
Optional 2FA with an authenticator app like Authy, Google Authenticator or 1Password. Set up once.
Passwords are not stored in readable form. On loss, you set a new password through a time-bound token.
All traffic to app.practions.com and practions.com runs over TLS. HTTP requests are forced to HTTPS.
Sessions are time-bound. You can sign out from all devices at any time from Settings.
Enter the 6-digit code from your authenticator app.
Real-time transcription and AI session notes use a sub-processor (Azure OpenAI). The agreements live in the Data Processing Agreement and on the Sub-processors list.
AI draft notes stay in review status until you approve them, so your client sees nothing until then. Anything you put in a private note stays private: it is not shared with the client and not included in approved portal versions.
Deleting a session or note also removes the associated transcript, within our normal processing cycle. For recording or transcription, Practions surfaces client consent as part of the standard session flow.
Online payments via iDEAL, Bancontact or card go through Mollie, a Dutch payment service provider. Practice data, VAT and invoices sync to Moneybird via an authorised connection when you opt in. See Sub-processors for the full list and purpose binding.
You can request a full machine-readable export (clients, sessions, notes, invoices, transactions, transcripts). No export gate when you cancel.
Fully in-product. Production data is removed within the periods set out in the Privacy Policy. Backups roll off per the rotation stated there.
For when a client exercises their right to be forgotten. Fully in-product, no detour through support.
Hosted in the EU. For transfers to third countries (for example for AI features), the European Commission's Standard Contractual Clauses apply.
At this point Practions has no ISO 27001 certification, no SOC 2, no NEN 7510, and no HIPAA attestation.
There is no external penetration test report published yet. If and when one exists, we'll list it here.
Notes are encrypted in transit and at rest, but Practions can read content to perform AI operations. That's a deliberate trade-off so the AI features work.
If any of these points are critical to your situation, email [email protected] before subscribing.
Send details to [email protected]. Give us reasonable time to respond before going public. We appreciate responsible disclosure.
Fourteen days, every feature, every security control. No credit card. Stop whenever you want and take everything with you.
Start your free trial