— Privacy

Privacy Policy

Last updated: May 18, 2026

The Bowerbirds (“we,” “us”) provides back-office operations services to solo therapy practices. This Privacy Policy explains what information we collect from visitors to the-bowerbirds.com and from partners using the Bowerbirds Partner Portal, how we use that information, and the limited circumstances in which we share it.

This Privacy Policy describes general information practices. If you are a client of a therapist who uses Bowerbirds, the therapist’s own Notice of Privacy Practices governs how your protected health information (PHI) is handled. We act as a business associate to the therapist under HIPAA, and our handling of PHI is also governed by the Business Associate Agreement between us and that therapist.

What we collect

From visitors to the marketing site:

Information you submit through the contact form (name, practice name, email, phone, message).
Basic server logs (IP address, user agent, request path, timestamp) for ten days of operational diagnostics.

From partners using the portal:

Account information you provide (name, email, practice name, timezone, NPI, license details, billing/payment info).
Operational data you enter or that flows through the portal: client records, appointments, session notes, intake forms, communications, documents you upload, calendar events you synchronise.
Authentication metadata (last sign-in time, browser, IP) and an audit log of access to PHI as required by HIPAA §164.312(b).

How we use it

To provide and operate the portal and run the back-office services partners hire us for.
To respond to your inquiries and provide support.
To meet legal, regulatory, and contractual obligations — including HIPAA recordkeeping and tax/billing records.
To investigate and prevent abuse, fraud, and security incidents.

We do not sell personal information. We do not use protected health information for marketing, analytics, or targeted advertising.

Who we share it with

We use a small set of vendors to operate the service. Each one receives only the data necessary to do its job:

Supabase — primary database and authentication.
Cloudflare — application hosting and content delivery.
Stripe — billing and partner-payout processing.
Resend — transactional email delivery.
Google — optional Calendar/Gmail integrations the partner connects.

We disclose information when legally required (subpoena, court order, valid government request), to enforce our terms, or to protect rights, safety, or property. We do not voluntarily disclose information to law enforcement absent a valid legal process.

How long we keep it

We retain operational records for the duration of the partner relationship and afterwards as needed to meet HIPAA’s six-year retention requirement, professional licensing rules, and our own legal obligations. Marketing inquiries are retained for up to two years unless we have an ongoing conversation.

Security

We encrypt data in transit (TLS 1.2+) and at rest. Access to the portal requires authentication; partner sessions are automatically signed out after 20 minutes of inactivity. We log every read and write of PHI for audit. We are working toward executing Business Associate Agreements with all vendors that touch PHI; that work is in progress and will be disclosed transparently as it completes.

Your choices

You can request access to, correction of, or deletion of personal information by emailing hello@the-bowerbirds.com.
Clients of partner therapists should direct PHI requests to the therapist; HIPAA gives the therapist’s practice the authority to act on those requests.
You can disconnect any third-party integration (Google Calendar, Gmail, etc.) at any time from Settings → Integrations.

Children

The portal is intended for use by licensed therapy practices. We do not knowingly collect information directly from children under 13 through the marketing site.

Changes

We may update this Privacy Policy as the product evolves. Material changes will be announced in-portal and via email to active partners. The “last updated” date above always reflects the current version.

Contact

Questions about this Privacy Policy or our data practices:
The Bowerbirds · hello@the-bowerbirds.com · (951) 223-5782

← Back to The Bowerbirds