Privacy & Trust

Privacy Policy

How GestaltPath collects, uses, and protects your data — and your child's data. Your family's privacy is at the heart of everything we build.

Effective Date: April 1, 2026  |  Last Updated: April 1, 2026

1. Introduction

GestaltPath ("we," "us," or "our") is committed to protecting the privacy of our users and the children whose language development is tracked through our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the GestaltPath mobile application, website, and related services (collectively, the "Service").

GestaltPath is an AI-powered language companion designed for parents and caregivers of gestalt language processors. It enables users to log utterances, track Natural Language Acquisition (NLA) stages, access coaching prompts, and monitor progress — all grounded in the clinical research of Marge Blanc and the NLA framework.

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address (used for authentication via one-time password)
  • Display name (optional)
  • Account role (parent/caregiver or speech-language pathologist)

2.2 Child Profile Data

When you add a child profile to GestaltPath, we collect:

  • Child's first name or nickname
  • Date of birth
  • Relevant diagnoses or developmental notes (as entered by the parent/caregiver)
  • Language preferences and communication context

2.3 Utterance & Language Data

The core of GestaltPath revolves around language samples you log. This includes:

  • Text entries — utterances typed manually into the Quick Language Logger
  • Voice recordings — audio captured through the app's voice recording feature, which is transcribed and then processed
  • AI classification results — NLA stage assignments, confidence scores, and gestalt identification performed by our AI classification cascade
  • User overrides — any corrections or stage reassignments you make to AI classifications
  • Contextual metadata — timestamps, session context, and tags you assign

2.4 Coaching & Practice Data

  • Daily coaching prompt history and user interactions
  • Live Practice session recordings, transcriptions, and post-session summaries
  • Gestalt Library entries (saved gestalts with categories and notes)

2.5 Usage & Device Data

  • Device type, operating system, and app version
  • General usage patterns (feature engagement, session frequency)
  • Crash reports and performance diagnostics
What we do not collect: We do not collect location data, contacts, photos (beyond what you explicitly upload), browsing history, or advertising identifiers.

3. How We Use Your Information

We use the information we collect for the following purposes:

PurposeData Used
Provide core featuresUtterance logging, NLA stage classification, progress tracking, coaching prompts, Gestalt Library
AI language processingUtterance text and voice transcriptions are processed through our AI classification cascade to determine NLA stages and generate coaching content
Account authenticationEmail address for OTP-based login
Progress dashboardsHistorical utterance data, stage distributions, and session activity to generate visual progress reports
Team collaborationWhen an SP adds a child profile to their team, active team SPs can view that child's utterance history, gestalt library, progress, and coaching history
Product improvementAggregated, de-identified usage data to improve features, AI accuracy, and user experience
CommunicationsEmail address for account-related notifications (e.g., OTP codes, critical updates). We do not send marketing emails without explicit opt-in

4. AI & Language Processing

GestaltPath uses a three-tier AI classification cascade to analyze language data:

  • Tier 1 (Fast classification): Performs initial NLA stage classification and gestalt identification
  • Tier 2 (Validation): Reviews Tier 1 results for accuracy, especially in ambiguous or low-confidence cases
  • Tier 3 (Expert review): Handles complex multi-stage utterances and generates detailed clinical reasoning
How your data flows through AI: When you log an utterance, the text (or transcribed audio) is sent to our AI providers for classification. Only the utterance text, child's current stage context, and minimal metadata are transmitted. Your name, email, and other personal identifiers are not sent to AI providers.

4.1 Voice Recordings

Voice recordings captured through the app are transcribed into text. The transcription is used for AI classification. Audio files are stored temporarily for transcription and are automatically deleted within 24 hours of processing. Only the resulting text transcription is retained as part of the utterance record.

4.2 AI Training

We do not use your personal data or your child's language data to train general-purpose AI models. Your utterance data may be used in aggregate, de-identified form to improve GestaltPath's own NLA classification accuracy. You can opt out of this in Settings > Data & Privacy.

5. Team Data Sharing

GestaltPath supports team-based caseload management for speech-language pathologists (SPs). Understanding how your child's data may be accessed within a team is important:

5.1 How Teams Work

An SP can create one team and add other SPs and client profiles (CLs) to it. When a child profile is added to a team, all active SPs on that team can view the child's utterance history, gestalt library, progress dashboard, and coaching prompt history.

5.2 What Team SPs Can See

  • Child profile information (name, date of birth, diagnoses)
  • Utterance history and NLA stage classifications
  • Gestalt Library entries
  • Progress dashboard data
  • Coaching prompt history

5.3 What Team SPs Cannot See

  • Parent/caregiver email address, phone number, or other personal information
  • Account credentials or authentication details
  • Data from other children not linked to the team
Important: Team features are SP-side only. Parents and caregivers are not currently notified when their child's profile is added to a team. We are evaluating an optional parent consent flow for a future release. If you have concerns about SP access to your child's data, please contact privacy@gestaltpath.com.

5.4 Deactivation & Access Revocation

When an SP is deactivated or removed from a team, their access to all team client data is revoked immediately. Active sessions are invalidated within 60 seconds. All team management actions are logged in an audit trail.

6. Third-Party Sharing

We do not sell, rent, or trade your personal information or your child's data to third parties. We share data only in the following limited circumstances:

RecipientPurposeData Shared
AI service providersNLA stage classification and coaching generationDe-identified utterance text and stage context only
Cloud infrastructureData storage and processingEncrypted data at rest and in transit
Analytics providersApp performance and crash reportingAggregated, de-identified usage metrics
Law enforcementLegal obligationsAs required by valid legal process (subpoena, court order)

All third-party service providers are bound by data processing agreements that restrict their use of data to the specific purposes outlined above. We evaluate providers for their privacy practices and data protection standards.

7. Children's Privacy (COPPA)

COPPA Compliance: GestaltPath is designed for use by parents, caregivers, and speech-language pathologists — not directly by children. We take children's privacy seriously and comply with the Children's Online Privacy Protection Act (COPPA).

7.1 Parental Control

All child data in GestaltPath is entered and managed by the parent or caregiver. Children do not have their own accounts and do not interact with the app directly. The parent/caregiver is the sole controller of their child's profile and data.

7.2 Parental Consent

By creating a child profile and entering data about your child, you provide verifiable parental consent for us to collect and process that data for the purposes described in this policy. You may review, modify, or delete your child's data at any time through the app's Settings > Data & Privacy section.

7.3 Data Minimization

We collect only the child information necessary to provide language tracking and coaching services. We do not collect photos, videos, precise location, social media identifiers, or any data beyond what is explicitly entered by the parent/caregiver for clinical purposes.

7.4 Deletion Rights

Parents can request complete deletion of their child's data at any time by using the in-app deletion feature (Settings > Data & Privacy > Delete Child Profile) or by emailing privacy@gestaltpath.com. Deletion is permanent and includes all utterances, classifications, coaching history, Gestalt Library entries, and progress data associated with that child profile.

8. Data Storage & Security

8.1 Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Voice recordings are encrypted during upload and processing.

8.2 Access Controls

We implement row-level security (RLS) policies to ensure that users can only access data they are authorized to view. Team membership and status are enforced at the database level — deactivated or removed SPs cannot access team client data regardless of cached tokens or sessions.

8.3 Authentication

GestaltPath uses OTP-based authentication (one-time password via email). We do not store passwords. OTP codes expire after 10 minutes and are single-use.

8.4 Audit Logging

All significant data access and team management actions are logged with actor identity, timestamp, and action type. These logs are retained for compliance and security review purposes.

8.5 Infrastructure

GestaltPath data is hosted on industry-standard cloud infrastructure with SOC 2 Type II compliance. Regular security audits and penetration testing are conducted.

9. Data Retention

Data TypeRetention Period
Account informationRetained while account is active; deleted within 30 days of account deletion request
Child profile & utterance dataRetained while account is active; immediately queued for deletion upon parent request
Voice recordings (audio)Deleted within 24 hours of transcription
AI classification resultsRetained as part of the utterance record for as long as the utterance exists
Coaching & practice dataRetained while account is active
Team membership recordsRetained while team is active; anonymized 90 days after team is archived
Audit logsRetained for 2 years, then purged
De-identified analyticsRetained indefinitely (no personal identifiers)

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

RightDescriptionHow to Exercise
AccessRequest a copy of all personal data we hold about you and your childSettings > Data & Privacy > Export Data, or email privacy@gestaltpath.com
CorrectionUpdate or correct inaccurate dataEdit directly in the app, or contact us
DeletionRequest deletion of your account and all associated dataSettings > Data & Privacy > Delete Account, or email privacy@gestaltpath.com
PortabilityReceive your data in a structured, machine-readable formatSettings > Data & Privacy > Export Data (JSON/CSV format)
Opt-OutOpt out of de-identified data use for product improvementSettings > Data & Privacy > Analytics Preferences
Restrict ProcessingRequest that we limit how we process your dataEmail privacy@gestaltpath.com

We will respond to all privacy requests within 30 days. For requests related to children's data, we may ask for identity verification to protect against unauthorized access.

California Residents (CCPA/CPRA): You have additional rights under the California Consumer Privacy Act, including the right to know what personal information is collected, the right to delete, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact privacy@gestaltpath.com.

11. Cookies & Analytics

11.1 Mobile App

The GestaltPath mobile app does not use cookies. We use minimal analytics SDKs for crash reporting and performance monitoring. These tools collect de-identified device and usage metrics only.

11.2 Website

The GestaltPath website (gestaltpath.com) uses the following:

  • Essential cookies: Required for authentication and session management on the team management portal. These cannot be disabled.
  • Analytics cookies: Used to understand how visitors use our website. These are anonymized and do not track individual users across sites. You can opt out via your browser settings or our cookie banner.

We do not use advertising cookies, tracking pixels, or retargeting technologies.

12. International Users

GestaltPath is operated from the United States. If you are accessing the Service from outside the United States, please be aware that your data may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

For users in the European Economic Area (EEA) and United Kingdom, we process personal data on the legal bases of consent (which you provide by creating an account and entering data), legitimate interest (for product improvement using de-identified data), and contractual necessity (to provide the services you've signed up for).

If you have concerns about cross-border data transfers, please contact us at privacy@gestaltpath.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

  • We will update the "Last Updated" date at the top of this page
  • For significant changes, we will notify you via email or an in-app notification
  • For changes affecting children's data or COPPA compliance, we will seek renewed parental consent where required

We encourage you to review this page periodically for the latest information on our privacy practices.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

ChannelDetails
Emailprivacy@gestaltpath.com
General inquirieshello@gestaltpath.com
Supportsupport@gestaltpath.com
Mailing addressGestaltPath
Attn: Privacy Team
[Street Address]
[City, State ZIP]

For COPPA-related inquiries or to exercise parental rights regarding your child's data, please include "COPPA Request" in the subject line of your email.