Privacy Policy

EMDR Matters is a therapist-built browser tool for running EMDR sessions online. It is designed so that what is said in a session stays in the session — there is no recording, transcript, or clinical record store.

Last updated: 30 May 2026 · Operated from New Zealand by Stefan Nagler (Psychmatters).

1. Who is responsible

The software is provided by Stefan Nagler (Psychmatters, New Zealand). When a registered therapist uses EMDR Matters with their own clients, that therapist is the clinician responsible for the therapeutic relationship, for obtaining client consent, and for meeting their own professional and legal obligations in their jurisdiction. EMDR Matters provides the connection technology; it is not the clinician and is not a health-record system.

2. What we do not collect or store

• No video or audio recordings. Sessions are never recorded on our servers.
• No transcripts or clinical notes. Nothing said or typed in a session is archived by us.
• No EMDR content — targets, SUD/VOC ratings, or session details are not stored.
• No long-term client accounts or persistent client health records.
• No screenshots of the session. No images of either participant's screen are transmitted or stored.

3. What we do collect (minimal and short-lived)

To connect a client to the right therapist and keep a live call in sync, a small amount of operational data exists only while it is needed:

Data	Why	How long
Client display name (often just a first name or initials — the client chooses)	So the therapist can recognise who is waiting and admit them	Removed automatically when the session ends or the invitation expires
Anonymous device ID and waiting-room / queue status	To manage the waiting room and the admit/active-session flow	Terminal queue entries are deleted on a scheduled purge (within ~7 days)
Real-time connection signals (WebRTC offer/answer/ICE) and bilateral-stimulation settings (e.g. ball speed/colour)	To establish the direct video link and keep the moving target in sync between both screens	Live during the session only; stale data is pruned automatically
Therapist initials and session duration (owner-only operational metric)	To monitor service usage and connection reliability	Retained for operational monitoring; contains no client identity

A client's chosen display name is also kept in that client's own browser (local storage on their device) purely as a convenience for rejoining. That copy stays on the client's device and can be cleared by clearing their browser data.

4. How your video and audio travel

EMDR Matters uses WebRTC, the same real-time technology built into modern browsers. Where the network allows, the video and audio flow directly between the therapist's browser and the client's browser — they are not routed through, or stored on, a central media server.

When two networks cannot connect directly (for example behind strict firewalls), the connection falls back to a TURN relay server. A relay only forwards the encrypted media so the call can connect; it does not record or retain it. Optional voice-clarity processing (noise reduction) runs inside the browser on the device, not on a server.

5. Third-party services we rely on

We use a small number of reputable providers to run the service. We do not sell personal data to anyone.

• Google Firebase / Google Cloud — website hosting, the temporary signaling/queue database described above, and serverless functions. Operational data lives here under the short retention rules above.
• Cloudflare — provides TURN relay connectivity for calls that cannot connect peer-to-peer. Used only to relay the live connection.
• Stripe — processes optional donations and subscriptions. If you choose to donate or subscribe, your payment details are handled by Stripe under Stripe's own privacy policy; we do not see or store full card numbers.
• Email delivery — if a therapist sends a client an invitation by email, an email provider is used to deliver that message. Email addresses used this way are for sending the invitation, not for building a client directory.
• Google Analytics 4 — on our public marketing pages (home, about, support) we use Google Analytics to understand general, aggregated visit traffic. Analytics is not used to track the content of therapy sessions. You can block analytics with your browser's privacy settings or an ad/tracker blocker.

Therapists who require a formal Business Associate Agreement (BAA) or specific regional data-processing terms should review and configure those arrangements directly with the relevant providers before relying on the tool for regulated clinical use.

6. Cookies and local storage

The session and waiting-room pages use your browser's local storage to remember practical things like your chosen display name, role, and session preferences. The public marketing pages use Google Analytics cookies for aggregated visit statistics. We do not use advertising or cross-site tracking cookies.

7. Data retention and deletion

• Client display names are removed from our database when a session ends or an invitation expires.
• Terminal waiting-room/queue entries are deleted automatically on a scheduled clean-up (within roughly 7 days).
• Only a small, capped number of recent ended-session records (without client names) are kept per therapist for operational continuity, and older ones are pruned.
• Real-time connection data is short-lived and pruned automatically.

Because there are no client accounts and operational data is deleted on a schedule, there is generally nothing to "delete on request" after a session beyond what is already purged automatically. If you have a specific concern, contact us (below).

8. Security

Connections are encrypted in transit (HTTPS for the site; the standard encryption WebRTC applies to media). Access to the temporary operational database is restricted by security rules, and stored text fields are length-limited to prevent misuse. No system is perfectly secure, but the strongest protection here is structural: we simply do not keep the sensitive clinical data in the first place.

9. Children

EMDR Matters is a tool used by therapists with their clients. Where a client is a minor, the responsible therapist and the child's parent/guardian manage consent in line with the therapist's professional and legal requirements.

10. International use

The service is operated from New Zealand and uses global cloud infrastructure. Operational data may be processed in data-centre regions operated by the providers listed above. Therapists are responsible for confirming that this arrangement is appropriate for their own clients and jurisdiction.

11. Regulatory and professional status

EMDR Matters is browser software for licensed clinicians to run remote EMDR sessions. It is a session connection and bilateral-stimulation tool — not healthcare treatment, clinical supervision, accredited EMDR training, or a substitute for your professional judgement.

We design the product to minimise stored data and avoid session recordings, but we do not claim that the service is certified, registered, or approved as a medical device or regulated health product in New Zealand (including WAND/Medsafe) or in any other country. We also do not represent EMDR Matters as a HIPAA-compliant business associate or as meeting any particular statutory privacy or security standard on its own.

Security scans or privacy-oriented architecture describe how the product is built; they are not a guarantee of regulatory compliance for your practice. If you work under rules such as HIPAA, GDPR, or local health-privacy law, you remain responsible for client consent, your professional registration, record-keeping, and any Business Associate Agreements or data-processing arrangements you need with third-party providers (see section 5).

12. Changes to this policy

We may update this policy as the product evolves. Material changes will be reflected here with a new "last updated" date.

13. Contact

Questions about privacy? Email stefan@psychmatters.co.nz or visit psychmatters.co.nz.