Privacy Policy

1. Overview

Lateral ("we", "our", "us") is committed to protecting your privacy. This policy explains what information we collect, how we use it, and your choices.

2. Information We Collect

Account information

When you create an account we collect your name, email address, and a hashed password (managed by Netlify Identity / GoTrue). We never see or store your plaintext password.

Billing information

Payments are processed by Stripe. We store only the therapist email associated with an active subscription and a Stripe customer/subscription ID. Full card details are never transmitted to or stored on our servers.

Usage data

Our hosting provider (Netlify) collects standard server logs including IP addresses and request metadata for security and operational purposes. We do not add additional analytics or tracking cookies.

Session content

We do not record, transmit, or store any video, audio, or clinical session content. The bilateral stimulation runs entirely inside Zoom's sandboxed app environment on each participant's device.

3. How We Use Your Information

• To create and manage your account
• To process subscription payments and verify license status
• To respond to support requests
• To send transactional emails (account confirmation, password reset, billing receipts) — no marketing email without explicit opt-in

4. Data Sharing

We do not sell your data. We share limited information only with the service providers necessary to operate the platform:

• Netlify — hosting, serverless functions, identity, and database
• Stripe — payment processing
• Zoom — the app runs within Zoom's platform; see Zoom's Privacy Policy

5. Data Retention

Account data is retained as long as your account is active. After account deletion, personal data is removed within 30 days except where retention is required by law (e.g. billing records).

6. Security

All data is transmitted over HTTPS. Passwords are hashed server-side. Database access is restricted to our serverless functions via a private connection string. We follow Netlify's security recommendations for all infrastructure.

7. Your Rights

Depending on your jurisdiction you may have the right to access, correct, or delete your personal data. To exercise these rights, contact us and we will respond within 30 days.

8. Cookies

We do not use tracking or advertising cookies. Netlify Identity uses a session token stored in localStorage (not a cookie) to keep you signed in.

After you authorize the Lateral app inside Zoom, our server sets one functional, HttpOnly cookie (emdr_license) on your browser. This cookie stores a signed record of your license status so the app can verify your subscription without repeating the Zoom OAuth flow on every session. It expires after 24 hours, is never used for tracking, and is not accessible to client-side JavaScript. No third-party cookies are set.

9. California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know — You may request disclosure of the categories and specific pieces of personal information we have collected about you and the purposes for which we use it.
• Right to Delete — You may request deletion of your personal information, subject to certain exceptions permitted by law (e.g., retention required for billing records).
• Right to Non-Discrimination — We will not discriminate against you for exercising any of your CCPA rights.
• Right to Opt-Out of Sale — We do not sell personal information. No opt-out action is required.

To exercise any of these rights, contact us and we will respond within 45 days.

10. Children's Privacy

The Service is intended for licensed professionals aged 18 and over. We do not knowingly collect personal data from minors.

11. Changes to This Policy

We may update this policy from time to time. The "Last updated" date at the top of this page will reflect any changes. Continued use of the Service constitutes acceptance.

12. Contact

Privacy questions or data requests? Contact us.