Legal
The short version
We have four legal documents. They're thorough because your data matters, but we know not everyone wants to read thousands of words of legal text. Here's what each one says, in plain language. The full documents are always linked below each summary.
Privacy Policy
This policy covers what we collect, why, and who we share it with. The short version: we collect what we need to run the service, we don't sell your data, and we don't track you with ads.
What we collect
| What | Why | Details |
|---|---|---|
| Account basics | To identify you and run your account | Name, email, phone (optional), role |
| Professional profile | To match you with the right licensure rules | License type, pathway (LCSW, LMFT, LPCC), state |
| Licensure data | This is the core of the service | Logged hours, session details, supervisor signoffs |
| Auth credentials | To keep your account secure | Hashed passwords (Argon2id), OAuth connections, OTP codes |
| Usage analytics | To improve the product | Page views, feature usage, session duration (cookieless, anonymous, via PostHog) |
| Error reports | To find and fix bugs | Crash data and diagnostics (no personal identifiers) |
| Server logs | Operational security | IP address, timestamps, browser type (retained in AWS CloudWatch) |
We don't collect protected health information (PHI), social security numbers, advertising identifiers, or cross-site tracking data. We don't store your payment card details (Stripe handles that).
Who processes your data
| Provider | Role | What they see |
|---|---|---|
| AWS | Cloud infrastructure | All service data (encrypted) |
| Neon | Database hosting | All structured data (encrypted) |
| PostHog | Analytics | Anonymized usage events only |
| Stripe | Payments | Name, email, payment method (not stored on our servers) |
| Amazon SES | Transactional email | Email address, message content |
Your rights
You can access, export, correct, or delete your data at any time. California residents have additional rights under the CCPA, including the right to know what's collected and the right to delete. We respond to requests within 45 days (up to 90 for complex cases). Contact: legal@licent.io
Terms of Service
These are the rules for using Licentio. The key points: everything is free during beta, you own your data, we provide a tracking tool (not legal or clinical advice), and there are some things you agree not to do.
You must be 18+ and US-based
The service is for clinical professionals pursuing licensure in the United States.
Your data is yours
You own everything you enter. We just store and process it for you. You can export anytime.
We're a tool, not an advisor
Licentio tracks and validates hours, but it's not a substitute for verifying requirements with your licensing board.
Don't store client information
Licentio is not for PHI or client-identifying data. It's a licensure tracker, not a clinical records system.
Billing
Everything is free during beta. After beta, three plans: associates, supervisors (free), and organizations. Annual billing, cancel anytime, access through end of billing period. See the pricing page for current rates.
Disputes
Governed by California law. Most disputes are resolved through binding arbitration (you can opt out within 30 days of signup). Small claims and certain statutory claims may go to court instead.
Cookie Policy
This is probably the shortest cookie policy you'll ever read. We use one cookie. That's it.
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| Session token | Keeps you logged in so you don't have to sign in on every page | End of session or 90 days | First-party, strictly necessary |
No analytics cookies (PostHog runs cookieless). No advertising cookies. No third-party tracking. No social media widgets. Because we only use a strictly necessary cookie, no consent banner is required.
Data Retention Policy
Clinical licensure records are career-critical. This policy explains what happens to your data while your account is active, and what happens if you delete it.
We keep all your data for as long as your account is active. We don't delete accounts due to inactivity. Your records are available whenever you need them.
If you delete your account
Deleted within 45 days
- Email and phone number
- Password and authentication credentials
- Non-shared events and session data
- Progress calculations and pathway status
- Subscription and billing metadata
- Notification preferences and app settings
Retained indefinitely
- Your display name (as it appears in other users' records)
- Shared events and supervisor signoffs
When a supervisor signs off on an associate's hours, that signoff becomes part of both users' records. If one person deletes their account, removing the signoff would damage the other person's licensure documentation. This is why shared data is retained for as long as the linked user's account is active, or for six years after the last supervisory event, whichever is later.
Deletion timeline
Account deactivated, login disabled
Personal data queued for deletion. Contact legal@licent.io to cancel.
Personal data deleted from live systems. May persist in encrypted backups for up to 30 more days. Shared data retained.
Other retention periods
| Data type | Retention | Notes |
|---|---|---|
| Database backups | 30 days | Encrypted, disaster recovery only |
| Server logs | 90 days | IP, timestamps, error diagnostics |
| Analytics data | 24 months | Anonymized, not linked to accounts |
Have a question about any of these policies? Reach out to legal@licent.io and we'll get back to you within one business day.