Privacy & Digital Hygiene

Choosing a Video Platform for Therapy: Privacy, Security & AI ?

video chat in browserOnline sessions are now a normal part of therapeutic work. That convenience comes with an obvious question:

“If I’m talking about personal things on a video call, who else is involved?”

This page explains which video platforms I use for therapy, which I avoid, and why. The aim isn’t technical perfection, but a clear, defensible approach to privacy, security, and unnecessary data capture.

Encryption protects the connection. Privacy depends on everything that happens around it.

What actually matters for therapy calls

When you strip away product marketing, a few questions matter far more than brand names:

  1. Is the call end-to-end encrypted, or merely encrypted in transit?
  2. Who controls the servers the call runs on?
  3. Is anything recorded, transcribed, summarised, or analysed by AI?
  4. What metadata is collected about who spoke to whom, and when?
  5. What is the platform’s business model?

Therapy involves vulnerability. Platforms designed for meetings, productivity, or analytics often optimise for exactly the wrong things.

Jitsi: open-source and self-hosted

What it is: Jitsi Meet is an open-source video platform that can be run on a private server rather than a large third-party service.

Security and control

  • Encrypted media streams as standard.
  • Optional end-to-end encryption in supported configurations.
  • When self-hosted, call infrastructure and logs remain under local control.

AI and data use

  • No built-in AI transcription or summarisation.
  • No advertising or behavioural profiling model.

Therapy view: This is my preferred video platform. It is transparent, predictable, and does not quietly expand its scope.

Signal: privacy by design

What it is: Signal is a privacy-focused messaging app offering end-to-end encrypted voice and video calls.

  • End-to-end encryption is on by default.
  • Encryption keys live on user devices, not central servers.
  • No built-in AI summaries or silent recording features.

Therapy view: An excellent option for one-to-one work when both parties already use it.

WhatsApp: encrypted content, revealing metadata

What it is: A widely used messaging and calling platform owned by Meta. Familiar and convenient, which makes its trade-offs easy to overlook.

Encryption and limits

WhatsApp uses end-to-end encryption for calls and messages. The provider cannot listen to the content of a call.

Metadata matters

What WhatsApp can still collect is metadata: who communicates with whom, when, how often, for how long, from which device, and from roughly where. This information is not protected in the same way as message content.

Earlier in my career, I worked as a developer on a UK police records system (the CRIS platform, built on VAX hardware with an Ingres database). One of the most valuable data points was “known associates”: not because people were suspected of wrongdoing, but because patterns of connection often revealed more than individual records ever could.

This is why the phrase “if you’ve done nothing wrong, you’ve nothing to fear” doesn’t hold up. Metadata is not about guilt. It’s about mapping relationships, habits, and vulnerabilities over time.

Therapy view: Available where it is the most practical option, but treated as a compromise rather than a default.

A note on security standards and real-world practice

In earlier work with a payment gateway provider, I was involved in security audits that required disabling all transport protocols below TLS 1.3. This wasn’t because older versions had suddenly failed, but because auditors wanted entire classes of configuration risk removed, not merely managed.

TLS 1.3 enforces forward secrecy and eliminates legacy options. That level of conservatism is normal for systems handling financial data.

The contrast is instructive: platforms handling deeply personal conversations often operate under looser standards than systems handling card payments. “Encrypted in transit” alone says very little about what happens after the connection is established.

Why I don’t use Zoom or Microsoft Teams

Zoom and Microsoft Teams are capable platforms designed for meetings, collaboration, recording, transcription, and organisational oversight. Those strengths are also the reason I don’t use them for therapy.

Both platforms are increasingly oriented around automation and AI-driven analysis. Secure configuration requires paid subscriptions, constant attention to changing defaults, and trust that features remain disabled over time.

Therapy view: I do not use Zoom or Microsoft Teams for therapy sessions.

How I work

  • Primary platforms: self-hosted Jitsi and Signal.
  • WhatsApp: used only where it is genuinely the most practical option.
  • Zoom and Teams: not used for therapy sessions.
  • No silent AI tools: nothing records or analyses a session without explicit agreement.

Bottom line: Privacy is not a feature toggle. It’s a boundary. The choice of platform is part of how that boundary is maintained.