Secret Chat Logo

Private AI for Therapists and Coaches:
Handling Sensitive Notes

Launch Chat 

Published June 22, 2026

Confidentiality is not a feature of therapy and coaching — it is the foundation the work stands on. A client opens up only because they trust that what they say stays between the two of you. That trust is exactly why AI sits in an awkward spot for practitioners. A model could draft progress notes, tidy a session summary, or help you prepare psychoeducation handouts in a fraction of the usual time. But the raw material of that work — a client's struggles, diagnoses, relationships, fears — is among the most sensitive information a person ever shares.

Here is the plain truth up front: putting client material into any cloud AI tool involves risk, and no product can honestly claim to erase it — this one included. What a privacy-minded setup can do is make the work safer than typing notes into a default consumer chatbot. The decision about what is appropriate to share, and the duty to protect the person who confided in you, stay with you. Below is where the real risk comes from, what "safer" genuinely offers, and the habits that keep your clients protected.

This is general information, not legal, clinical, or ethics advice. Follow your licensing board's rules, your professional code of ethics, and — where it applies to you — your obligations for protected health information. When in doubt, check with your supervisor or professional body.

Why Therapy and Coaching Notes Are at the Far End of Sensitive

Mental-health and personal-development records are not ordinary documents. They can contain diagnoses, medication details, trauma histories, family conflicts, and disclosures a client might never repeat to anyone else. If that material surfaced where it should not, the harm is rarely abstract — it can affect a client's job, relationships, custody arrangements, insurance, or sense of safety. The vulnerability is the whole point of the relationship, and it raises the stakes of any tool you let near it.

When notes go into a typical consumer chatbot, a few realities usually follow:

  • The conversation is retained. Many tools keep your chats, tied to an account, sometimes for long periods.
  • It may feed model training or human review. Unless you opt out, free tools often reserve the right to learn from what you type, and some allow staff to review samples.
  • It is linked to your identity. A standard account connects sensitive prompts to a real, verified person — you — along with the time and device behind each request.

For licensed therapists there is an added layer: client information is frequently treated as protected health information under privacy law, with strict rules about who may process it and under what agreement. Coaches are usually outside that regime, but the ethical duty of confidentiality does not depend on a statute. Either way, the safe assumption is that anything you feed an AI tool should be treated as if it could be seen by someone other than you.

The Word Is "Safer," Not "Safe" — and the Gap Matters

It helps to be exact about what a privacy-focused tool can and cannot do, and to put the limits before the benefits.

What it improves: less of your material accumulating in a cloud account, fewer threads tying your prompts to your real identity, and clearer handling of a conversation once you are done with it. Against a default chatbot, that is a real drop in exposure.

What it does not improve: to answer you, the model must read what you send. With a multi-model cloud service like this one, your text is forwarded to whichever provider you pick — the company behind GPT, Claude, Gemini, Grok, or Perplexity — so it can generate a reply. The content is processed off your computer by an external company. This is cloud AI, not on-device AI, and it is not encrypted in a way that hides the content from the model provider. A privacy tool narrows specific risks; it does not turn a cloud assistant into a private filing cabinet, and it does not move your duty of confidentiality onto the software.

One point worth stating clearly for clinicians: Secret Chat is not a substitute for a formal compliance arrangement, and it does not, on its own, satisfy the legal requirements that govern protected health information. If your obligations require a signed agreement with any vendor that processes client data, a general-purpose AI gateway will not meet that bar. The most dependable protection in that situation is to keep identifiable client information out of the prompt entirely.

What Secret Chat Changes for the Better

Secret Chat is a multi-model gateway built around privacy-conscious defaults. It will not make cloud AI confidential, but it removes several of the habits that make mainstream chatbots a poor place for sensitive notes.

  • Your history stays with you. Conversations are stored in your browser's local storage rather than a cloud archive on Secret Chat's servers, and uploaded files are held locally too. The ongoing record of your work lives on your own device.
  • Registration asks for very little. An email address is all that is needed — no name, no phone number — so less about you is attached to your prompts.
  • Your network is hidden from the provider. Requests are routed through Secret Chat's infrastructure, so the model provider does not see your IP address directly.
  • Deletion is requested, and reported plainly. Where a provider supports it, Secret Chat asks for processed content to be deleted or not stored, and each message can produce a Session Privacy Report (PDF) showing what actually happened — including when a deletion step did not succeed, instead of pretending otherwise.
  • Several models, one workspace. You can choose the assistant that suits a task and compare results without scattering your work across multiple provider accounts.

On documents: uploads currently support images and PDFs. If your notes or worksheets live in a word-processor file, you would export the relevant pages to PDF first — a natural moment to leave out anything that should not travel. Support for office document formats is planned for a future release.

For the Most Sensitive Cases: Keeping AI In-House

When the material is so delicate that no outside party should ever touch it, the strongest option is to keep it off third-party servers altogether. A practice or organization can run AI on infrastructure it controls, or a practitioner can run an open-source model locally on their own machine. Nothing is transmitted, and there is no external provider to compel, breach, or rely on.

The honest cost is capability. The open-weight models you can self-host today tend to be clearly less capable than the flagship models the major labs offer only through their paid APIs — weaker at nuanced summarizing, reasoning, and drafting. A common compromise is to split the work: a local model for anything truly identifiable or high-risk, and a privacy-focused gateway to the stronger commercial models for general, de-identified tasks — with careful redaction applied regardless of which route a task takes.

Habits That Protect Your Clients

The most powerful safeguard is not a toggle; it is restraint about what you enter. Every identifying detail you leave out is one that cannot be exposed, whatever happens after you hit send.

  • De-identify before you type. Strip names, ages, locations, employers, and distinctive specifics. Refer to "the client," and keep any key linking that back to a real person offline and separate.
  • Generalize the specifics. Many questions about technique, framing, or planning can be asked in the abstract, without a single client-identifying fact.
  • Send the fragment, not the file. Paste the one passage or upload the single page you actually need help with — not an entire case file.
  • Clean documents first. Before exporting to PDF, remove comments, tracked changes, and hidden details, and keep only the pages that matter.
  • Check what comes back. Treat AI output as a draft to review, not guidance to follow blindly; models can be confidently wrong, and clinical or coaching judgment is yours alone.
  • Fit the tool to the risk. For anything truly identifiable or high-stakes, fall back to offline or in-house options rather than any cloud service.

A way to put a model to work without revealing who your client is:

Act as a documentation assistant. I have removed every identifying detail and refer to the person only as "the client." Turn these rough session notes into a structured summary with presenting concerns, approaches used, and follow-up steps, and flag anything that looks unclear or incomplete. Here are the notes:

Where AI Genuinely Helps in Practice

With those habits in place, AI can take real weight off the parts of the work that do not require exposing anyone:

  • Shaping de-identified notes into a clean summary, a structured plan, or a list of follow-up questions.
  • Drafting psychoeducation material — explainers, worksheets, and between-session resources you then tailor and review.
  • Summarizing a PDF such as a research article or a generic worksheet before you read it in full.
  • Exploring approaches in the abstract by asking different models how they would frame an intervention, then comparing.
  • Translating jargon into plain, warm language for clients — or simplifying your own reading.

The split never changes: AI handles the mechanical drafting; you bring the clinical or coaching judgment, the ethics, and the protection of the person behind the notes.

The Takeaway

Therapists and coaches deserve modern tools without putting a client's trust on the line. The responsible framing is the measured one: a privacy-focused tool like Secret Chat makes AI use with sensitive notes safer — through on-device storage of chats and files, minimal-information sign-up, IP shielding, and transparent deletion handling — but never risk-free. The model provider still reads your prompt, and protecting client and personal data stays in your hands.

Keep identifiers out, verify what the model gives back, and reserve the most sensitive material for offline or in-house tools. Looking for a more private place to handle the lower-risk work? Try Secret Chat — and bring your own de-identification and review discipline with you.

Frequently Asked Questions

  1. Is it safe to put therapy or coaching notes into AI?

    No cloud AI tool is fully "safe" for client notes, because the model provider has to read your prompt to respond. A privacy-focused tool can be safer by reducing how much is stored and how directly it links back to you, but the duty of confidentiality stays with you. Keep identifying details out and share only what a task truly requires.

  2. Is Secret Chat compliant for protected health information?

    No. Secret Chat is a privacy-focused gateway, not a formal compliance solution, and it does not by itself satisfy the legal requirements for protected health information or provide the kind of signed vendor agreement those rules often demand. If your obligations cover client health data, the safest approach is to keep identifiable information out of the prompt and consult your own compliance requirements.

  3. What documents can I upload?

    Uploads currently support images and PDFs. If your material is in a word-processor file, export the relevant pages to PDF first — and use that step to drop anything that should not be shared. Support for office document formats is planned for a future release.

  4. Does the tool automatically remove client names or identifying details?

    No. Assume nothing is stripped for you. If you do not want a name, age, location, or other identifier processed, take it out before sending. Handling personal and sensitive data remains your responsibility.

  5. What should I use for the most sensitive material?

    For information that no outside party should ever see, keep it off third-party servers — a practice-controlled deployment or an open-source model running locally and offline. The trade-off is that self-hosted open-weight models are generally less capable than the top-tier models available only through the providers' APIs, so many practitioners reserve local tools for the most sensitive work and use a privacy-focused gateway for everything else.