Overview
Live stats from your TherAIpy service
A bird's-eye view of your whole service. These numbers update every 30 seconds.
Total users
—
All registered accounts
Active sessions
—
Sessions in progress now
Completed sessions
—
Therapy sessions finished
Mood logs
—
Total mood entries logged
Feature index
Quick links and descriptions of everything you can manage from this dashboard.
Service health
Live database status and API health check. Green = everything's running.
Users
Browse all accounts, view usage, change subscription plan or message limits for any user.
Personas
All 14 AI therapy personas. See which are free vs paid, their specialty, and approach style.
Subscription config
Edit the limits for free and paid tiers — daily messages, max message length, price.
Audit logs
Every security-relevant action (logins, logouts, data access) with severity levels. Alerts for suspicious activity.
Analytics
Onboarding and session conversion funnels. See where users drop off.
Rate limits
Which IPs or users are hitting API limits. Helps spot abuse or unusually heavy usage.
Settings
Environment config: OpenAI models, JWT expiry, CORS origins, debug mode and more.
Checks whether the server and database are responding normally. The health endpoint is publicly accessible — this is what uptime monitors should ping.
API status
—
GET /health
Database
—
Verified via /api/monitoring/health
Last response
—
All user accounts. Message limits come from subscription config; you can change plan and status here.
| User | Plan | Status | Messages today | Sessions | Joined | |
|---|---|---|---|---|---|---|
| Loading… | ||||||
Edit user
The AI therapy personas available in the app. Free-tier users can only access the 3 free personas. Paid users get all 14. Each persona has a distinct therapeutic style and speciality.
Daily caps and max message length per tier. Stored in app_config.
Per calendar day (UTC)
While status is trial and end date not passed
Every security-relevant action recorded by the system — logins, logouts, data exports, failed attempts. Colour-coded by severity. The "Suspicious activity" tab shows anything flagged high or critical.
| Time | Event | User | IP | Severity | Result |
|---|---|---|---|---|---|
| Loading… | |||||
Conversion funnels show how users move through key flows. Each step shows how many users reached it — a big drop between steps tells you where to improve the experience.
Onboarding funnel
How many new users completed each step of setup
Session funnel
How many users started, sent messages, ended, and gave feedback
Shows the top 20 API callers in the last hour, measured by request count. The auth endpoints have a separate, stricter limit (20 per 15 min) to prevent brute-force attacks.
| Identifier | Requests (last hour) | % of limit |
|---|---|---|
| Loading… | ||
Read-only view of environment-level configuration. To change these, edit the .env file in server-php/ and restart the server.
How TherAIpy structures every session — the phases the AI moves through, what therapeutic techniques each persona uses, and the rules that govern depth and safety.
Rule priority stack
Every AI response is shaped by five layers applied in strict priority order. A higher layer always overrides a lower one.
Global safety
No diagnosis, no medication, no harm facilitation. If imminent risk detected: stop therapy, send crisis resources, ask "Are you safe?"
Time version
Session length (5 / 20 / 40 min) sets the maximum emotional depth and what topics are allowed. A 5-min session cannot explore history or patterns.
Phase behaviour
The current phase (e.g. exploration, checkpoint, closing) sets the required tone and rules for every response in that phase.
Persona guide
The chosen persona (e.g. Dr. Reed CBT, Asha Trauma) adjusts tone, techniques, pacing, and what to do/avoid. Never overrides safety.
Mode (free / paid)
Free sessions may end early and gently suggest an upgrade after providing help. Safety and quality rules are identical in both modes.
Session phase flow
Every session moves through these phases in order. The AI cannot skip phases. Checkpoints may repeat inside the exploration phase.
Session time modes
The session length chosen at the start determines how deep the AI can go and what the session is for.
Therapeutic techniques by persona
Each of the 14 personas uses distinct evidence-based modalities. Click a persona to expand its full profile.
Browse all therapy sessions across all users. Click any row to see the full transcript, AI summary, and session metadata. Incognito sessions show metadata only — transcripts are never stored.
| User | Persona | Date | Length | Mood change | Themes | Flags |
|---|---|---|---|---|---|---|
| Loading… | ||||||
Session detail
Everything TherAIpy records, why it records it, and what users can control. This section explains the full data and privacy model.
What is stored per session
Mood ratings
Baseline (start) and closing (end) mood scores 1–5
Session themes
AI-generated thematic summary (what the session was about)
Transcript
Full conversation — only if not incognito. Encrypted at rest.
Techniques used
Which therapeutic techniques the AI applied (from summary)
Safety checkpoint results
Whether safety checks passed, any escalation triggered
Real names or identifying details
AI is instructed never to elicit or store names, locations, or identifiers
Diagnosis or medical records
TherAIpy does not diagnose. No diagnostic labels are stored.
Trauma specifics
Persona memory rules explicitly prohibit storing detailed trauma content
Memory consent lifecycle
Memory between sessions is opt-in. Here is how it works:
Step 1 — Session ends
AI proposes themes to remember (non-identifying). User is asked for consent at the closing phase.
Step 2 — Consent given
Themes are saved as pending. No identifiers. User can edit or delete in the Memory Vault screen.
Step 3 — Memory approved
On next session with same persona, approved themes are injected into the AI prompt so context carries over.
No consent path
If consent is not given, all session content is discarded at session end. Nothing carries to the next session.
What gets logged
The audit log records every security-relevant action. Here is what each event type means.
| Event type | Plain-English meaning | Severity |
|---|
Audit event frequency
How often each event type has occurred across all time. From GET /api/audit/statistics.
Data rights (GDPR)
Data export
Users can download all their data via Settings → Privacy → Export my data. Returns JSON with all sessions, mood logs, memory and account info.
Incognito mode
Transcripts are never written to disk. Mood ratings and session metadata still recorded. User can enable per-session in settings.
Account deletion
Deletes all sessions, mood entries, memory, refresh tokens and user record. Cascade-deletes via database FK constraints. Irreversible.
How TherAIpy's AI system is assembled for each response — the prompt compiler, safety logic, checkpoint system, and memory injection.
Prompt compiler — how each AI response is built
Before every AI reply, the prompt compiler assembles two prompts: a System Prompt (stable safety + phase rules) and a Developer Prompt (runtime state: time, persona, memory, instructions). This prevents "just GPT" behaviour.
System prompt (stable)
- Global safety rules (hard constraints)
- Current phase + required tone
- Phase rules (numbered)
- Max emotional depth budget
- Response length instruction (short / medium)
- Crisis protocol (UK 999 / Samaritans 116 123)
- Product disclaimer (not a therapist, not a medical device)
Developer prompt (runtime)
- Mode (FREE / PAID), session length, time remaining
- Persona style and ID
- Time intent (what this session length is for)
- Soft guidance list (do / avoid)
- Pre-session context (user's stated reason + initial mood)
- Memory block (consented themes only, if any)
- Output instructions (one question, validate first, apply technique)
- FORCE CLOSING flag when ≤3 minutes remain
- FREE TIER UPGRADE block (only when ethical to show)
Safety interrupt logic
This fires before any other logic. It cannot be overridden by any persona or session state.
A safety_escalation flag is set on the session. These are visible in the Sessions Browser and Audit logs as escalation.
Checkpoint system
Checkpoints interrupt the exploration phase at regular intervals to ensure the user is not overwhelmed. They cannot be skipped.
5 min
1 checkpoint after ~3 messages
20 min
Checkpoint around message 8–10
40 min
Checkpoint around message 15 and 25
At a checkpoint the AI asks: "Is this session helping?"
If yes / neutral: return to exploration phase, continue with current approach
If worse: slow down, offer grounding, offer to stop or change approach. Move to integration or closing.
Phase transition logic
The backend controller decides when to move phases — not the AI model. This prevents the AI from deciding to skip to closing early or stay in exploration forever.
emotional_baseline → agenda
agenda → exploration
exploration → checkpoint (if message count threshold reached)
exploration → closing (if time_remaining ≤ 5 min)
checkpoint → exploration (if result == OK)
checkpoint → integration (if result == worse)
integration → closing
closing → end
Memory injection
How approved themes from past sessions are safely used in future sessions.
therapeutic_memories row for this (user, persona) pair is fetched.MEMORY CONTEXT.Free vs paid — what actually changes
Changes with paid plan
- Higher daily message limit (default 100 vs 3)
- Longer max message length (default 600 vs 250 chars)
- Access to all 14 personas (free: 3 only)
- No upgrade suggestion shown mid-session
- Longer session length options available
Never changes regardless of plan
- Safety interrupt logic — identical
- Phase structure and checkpoint system — identical
- Persona therapeutic quality — identical
- Memory consent and privacy rules — identical
- GDPR rights (export, delete) — identical
- Crisis resources always provided — identical