Video Therapy Platforms: Privacy, Security and AI

Online sessions are now a normal part of therapeutic work. That convenience comes with an obvious question:

“If I’m talking about personal things on a video call, who else is involved?”

This page explains which video platforms I use for therapy, which I avoid, and why. The aim is not technical perfection, but a clear, defensible approach to privacy, security, and unnecessary data capture.

Encryption protects the connection. Privacy depends on everything that happens around it.

What actually matters for therapy calls

When you strip away product marketing, a few questions matter far more than brand names:

1. Is the call end-to-end encrypted, or merely encrypted in transit?
2. Who controls the servers the call runs on?
3. Is anything recorded, transcribed, summarised, or analysed by AI?
4. What metadata is collected about who spoke to whom, and when?
5. What is the platform’s business model?

Therapy involves vulnerability. Platforms designed for meetings, productivity, advertising, analytics, or organisational oversight often optimise for the wrong things.

Jitsi: open-source and self-hosted

What it is: Jitsi Meet is an open-source video platform that can be run on a private server rather than a large third-party service.

Security and control

• Encrypted media streams as standard.
• Optional end-to-end encryption in supported configurations.
• When self-hosted, call infrastructure and logs remain under local control.
• Access can be controlled through private, tokenised session links.

AI and data use

• No built-in AI transcription or summarisation is used for sessions.
• No advertising or behavioural profiling model.
• No silent recording or automated analysis.

Therapy view: This is my preferred video platform. It is transparent, predictable, and does not quietly expand its scope.

Signal: privacy by design

What it is: Signal is a privacy-focused messaging app offering end-to-end encrypted voice and video calls.

• End-to-end encryption is on by default.
• Encryption keys live on user devices, not central servers.
• No built-in AI summaries or silent recording features.
• Minimal metadata compared with most mainstream messaging platforms.

Therapy view: Signal is an excellent option for one-to-one work when both parties already use it.

WhatsApp: encrypted content, revealing metadata

What it is: WhatsApp is a widely used messaging and calling platform owned by Meta. It is familiar and convenient, which makes its trade-offs easy to overlook.

Encryption and limits

WhatsApp uses end-to-end encryption for calls and messages. The provider should not be able to listen to the content of a call.

Metadata matters

What WhatsApp can still expose or collect is metadata: who communicates with whom, when, how often, for how long, from which device, and from roughly where. This information is not protected in the same way as message content.

Earlier in my career, I worked as a developer on a UK police records system: the CRIS platform, built on VAX hardware with an Ingres database. One of the most valuable data points was “known associates”: not because people were suspected of wrongdoing, but because patterns of connection often revealed more than individual records ever could.

This is why the phrase “if you’ve done nothing wrong, you’ve nothing to fear” does not hold up. Metadata is not about guilt. It is about mapping relationships, habits, and vulnerabilities over time.

Therapy view: WhatsApp is deprecated for therapy sessions. It may be familiar, but ownership, metadata exposure, and platform scope make it a poor default for confidential therapeutic work.

A note on security standards and real-world practice

In earlier work with a payment gateway provider, I was involved in security audits that required disabling all transport protocols below TLS 1.3. This was not because older versions had suddenly failed, but because auditors wanted entire classes of configuration risk removed, not merely managed.

TLS 1.3 enforces forward secrecy and eliminates legacy options. That level of conservatism is normal for systems handling financial data.

The contrast is instructive: platforms handling deeply personal conversations often operate under looser standards than systems handling card payments. “Encrypted in transit” alone says very little about what happens after the connection is established.

Why I don’t use WhatsApp, Zoom or Microsoft Teams for therapy

WhatsApp, Zoom and Microsoft Teams are capable platforms. That is not the issue. The issue is what they are built for, who controls them, and how easily their scope can expand beyond a simple private conversation.

Zoom and Microsoft Teams are designed for meetings, collaboration, recording, transcription, administration, and organisational oversight. Those strengths are exactly why I do not use them for therapy.

Both are increasingly oriented around automation and AI-driven analysis. Secure configuration requires paid subscriptions, constant attention to changing defaults, and trust that features remain disabled over time.

WhatsApp is different, but still not ideal. It is designed around convenience and network reach, not therapeutic boundaries. Even when content is encrypted, metadata still matters. A therapy platform should not make relationship mapping someone else’s business model. Strange that this needs saying, but here we are, lovingly supervised by the twenty-first century.

Therapy view: I do not use WhatsApp, Zoom or Microsoft Teams for therapy sessions.

How I work

• Primary platforms: self-hosted Jitsi and Signal.
• Deprecated for therapy sessions: WhatsApp, Zoom and Microsoft Teams.
• No silent AI tools: nothing records, transcribes, summarises or analyses a session without explicit agreement.
• Controlled access: private session links are used to reduce casual or accidental access.

Bottom line: Privacy is not a feature toggle. It is a boundary. The choice of platform is part of how that boundary is maintained.