Present Practice

Privacy and data handling.

Anything you write into this intake, and any files you upload, are stored in a private database I control. No one else reads it. The intake is part of the work we will do together, and it is treated with the same care I would give a written document you handed me in person.

What is stored.

Your responses, any files you upload, the email address you give me so I can send you a way back to the draft, and a small amount of technical metadata so I can keep the application stable and resist abuse. No protected health information should ever be in your responses, and the intake reminds you of this above any field that could collect it. If you accidentally include something client-identifying, reply to the confirmation email and I will redact it for you.

Who has access.

Only me, through a read-only link the system sends me when you submit. The database is hosted on Supabase, which encrypts data at rest by default. No one else at Present Practice reads your intake; there is no one else at Present Practice.

How long it is kept.

I keep your submitted responses and uploaded files for ninety days after you submit them, then delete the files and clear the response text. A small amount of non-substantive metadata is retained for accounting (when the submission arrived, which service it was for, when it was deleted). If you want a copy of your submission before that window closes, ask and I will send you one. If you want it removed sooner, ask and I will do that on the same day.

How saving and resuming works.

Your answers save automatically each time you advance a step. The first time you give me your email, the system emails you a private link you can use to come back to your draft. That link is yours alone and is what makes the come-and-go pattern work. Do not forward it. The link is valid for thirty days from your last visit; after you submit, the same link becomes a way to download a copy of what you sent.

A note on HIPAA.

Present Practice does not certify HIPAA compliance, and this intake is not a HIPAA-compliant collector of protected health information. It is a private, encrypted, server-mediated form for the kind of professional reflection and workflow context this engagement asks for. The simplest rule is the one above every field that could collect client material: keep client names, dates, locations, and anything that could identify a person out of your responses and files.

If you have a question or a request.

Reply to any email I have sent you. I read those directly.