Is Your Therapist Recording Your Sessions With AI? Here’s What That Means for Your Privacy

Is Your Therapist Recording Your Sessions With AI? Here’s What That Means for Your Privacy

More therapists are turning to AI tools to record, transcribe, and analyze their sessions. The promise is better notes, faster documentation, and even insights into patient progress. But for the person on the couch, this often comes as a surprise: Your most private conversations may be captured, stored in the cloud, and potentially shared in ways you never agreed to. A recent report by All About Cookies highlights exactly how widespread this practice has become—and how little patients are told about it.

If you are in therapy or considering starting, here is what you need to know about the data privacy risks, and what you can do to protect yourself.

How AI Recording Works in Therapy

The AI tools used in therapy are usually add‑ons to note‑taking or practice management software. During a session, a therapist might use a smartphone app or a desktop program that listens in real time, transcribes the conversation, and generates summaries. Some tools go further, analyzing tone of voice, word patterns, or emotional cues.

The key issue is where that data goes. Most of these tools run on cloud servers—meaning your session audio and transcript are uploaded to the company that makes the software. Even if the therapist later deletes the recordings, copies may remain on the provider’s infrastructure for training, debugging, or compliance.

Who Has Access to Your Session Data

The short answer is more people than you might think. The therapist has access, obviously. But so does the AI company, including its engineers, data annotators, and possibly subcontractors. Some companies use the data to improve their models—that is, your therapy session could become part of the training set for future versions of the software.

Third parties can also get involved. AI companies frequently rely on cloud storage vendors (Amazon Web Services, Google Cloud, Microsoft Azure), data processors, and analytics services. A breach at any one of these points could expose your personal history, mental health struggles, and identifying details.

Data Security Risks and Legal Gaps

Data breaches in healthcare are common. Mental health data is especially sensitive. Even if an attacker cannot attach a name to a recording, they might be able to combine it with other information to re‑identify you. Some AI companies have been caught using de‑identified data in ways that later proved to be re‑identifiable.

Legal protections are not as strong as many patients assume. In the United States, HIPAA applies to healthcare providers and their business associates. But many AI note‑taking tools are not considered business associates under HIPAA, or they are used in ways that fall outside the regulation. If a therapist simply records with a consumer app like Otter.ai or a free AI tool, HIPAA may offer little to no protection. State laws vary, but the patchwork is thin.

What You Can Do

The most important step is to ask. Before your first session, or at any point, ask your therapist: Do you use any AI recording or transcription tool? If yes, which one? Where is the data stored? Do you have a signed business associate agreement with the company? Can I request that my sessions not be recorded at all?

Many therapists will be happy to answer. Some may not have thought through the privacy implications themselves. If they cannot give clear answers or refuse to accommodate your request, that is a red flag.

You can also take practical steps:

• Read the privacy policy of the specific AI tool your therapist uses. Look for language about data retention, third‑party sharing, and whether your data is used for training.
• Opt out in writing. Even if the therapist says no recording is the default, confirm in an email or message.
• Choose encrypted platforms. Some teletherapy services offer end‑to‑end encryption and do not store recordings. If you are doing remote therapy, check whether the platform records sessions.
• Consider in‑person sessions. While that does not prevent a therapist from recording with a phone, it limits the number of digital intermediaries.
• Ask for consent‑based recording only. Some therapists will record only if you agree, and they may let you review or delete the recording afterward.

The Bottom Line

AI tools can make therapy more efficient, but they introduce real privacy risks that patients are rarely told about. You have the right to know how your most sensitive conversations are handled, and you have the right to refuse recording. If your therapist cannot guarantee that your data stays private, it may be worth looking for one who can.

Sources: All About Cookies, “Your Therapist May Be Using AI to Record Your Sessions. Here’s What Happens to That Data.” Additional research on HIPAA and AI therapy tools from legal and privacy experts.