← Insourcing

Privacy

Last updated: 12 May 2026

The short version

Insourcing is a private reflective practice journal for healthcare professionals, therapists, teachers, social workers and coaches. Your reflections are stored, encrypted in transit and at rest, in our managed database, and access is restricted to your account. We do not sell your data, share it with advertisers, or train AI models on it.

What we store

  • Account: email address, hashed password, name you provide, and your accent/theme preferences.
  • Reflections: the free-text content you write, the framework used, the date, optional patient initials, and any tags you add.
  • Daily check-ins: mood, body tension, breath rating, and any notes.
  • Supervision notes (if you use Supervisor Hub): names and notes you choose to record about your supervisees.
  • Subscription status if you upgrade to Pro.

What you should NOT store here

Insourcing is a reflective tool, not a clinical record. Please do not write patient names, dates of birth, NHS / medical record numbers, addresses, or any other directly identifying information. Initials and anonymised case material are fine. Anything you do paste in is your responsibility under your professional body's confidentiality rules.

Who can see your data

Only you. Database row-level security restricts every reflection, check-in and supervision note to the account that created it. Our staff do not browse user content; access to the underlying infrastructure is logged and limited to engineers responding to a specific support request you initiate.

Where it lives

Data is hosted in the EU on managed Supabase / PostgreSQL with encryption at rest. Backups are encrypted and retained for 7 days. Application traffic is HTTPS only.

Your rights (GDPR)

  • Access: download a complete JSON export of your data at any time from Dashboard → Privacy controls.
  • Erasure: delete your account and every row of data we hold, immediately, from the same panel.
  • Rectification: edit any reflection or check-in directly in the app.
  • Portability: the JSON export above is machine-readable.

What we DON'T do

  • We do not run advertising trackers.
  • We do not sell, rent or share your data with third parties.
  • We do not feed your reflections into AI models — yours or anyone else's.
  • We don't email you marketing without explicit opt-in.

Contact

Questions, concerns, or a data request: privacy@insourcing.app