Engagement Monitor
New floating window for therapists to track participant activity in real-time.
- Shows all participants with stroke counts and activity progress bars
- Time filters: 1 min, 5 min, 15 min, 30 min, or all session
- Sort by highest or lowest activity
- Hover on rows to see last activity time
- Draggable and resizable window
- Toggle from the toolbar (chart icon)
Helps therapists identify who is actively participating and who may need encouragement.
Quick Session Participant Renaming
You can now rename participants in quick sessions for better organization and identification.
Video Window Drag & Resize Indicators
- Added grip icon in header to indicate the window can be dragged
- Improved resize handle with larger clickable area and visual feedback
- Better hover and active states for resize corner
Performance Indicators
- Two small icons in the header showing connection health
- Network indicator (WiFi icon): measures latency to server
- Device indicator (Monitor icon): measures local drawing performance
- Color-coded: green (good), yellow (moderate), red (poor)
- Icons flash when not green to alert you
- Hover for detailed values in milliseconds
Video Grid Expanded
Video window now shows up to 16 participants (4x4 grid) before pagination. Previously limited to 9 participants (3x3).
Tablet Support Improvements
- Header and toolbar now scroll horizontally on narrow screens
- Dropdowns (participants, mood selector, performance) appear above the toolbar instead of being clipped
- All buttons remain accessible on tablets without switching to mobile view
Performance Warning Overlay
- Shows a prominent warning when network or device performance is poor
- Appears on center-left of screen with dismiss button
- Only triggers when performance is genuinely bad (>300ms network, >100ms device)
- Includes suggestions for improving performance
Smudge Tool
- New smudge/blend tool for mixing and smearing colors on canvas
- Real-time sync between clients
- Proper handling for late joiners - smudge operations are stored and replayed
- Images stay images, all other art can be smudged
Personal Image Library (My Assets)
Build and maintain your own curated library of images to reuse across sessions.
- My Assets - Upload and organize your personal collection of session images
- Drag and drop - Quickly add images from your library to the canvas
- Reusable resources - Use your favorite therapy materials across multiple sessions
Canvas Renaming & Multiple Canvases
- Rename canvases - Double-click on a canvas tab to give it a custom name
- Multiple canvases - Create and switch between multiple canvases during your session
- Better organization - Keep your work organized with meaningful canvas names
Emotion Check-in
New emotion check-in button in the top toolbar allows participants to select their current emotional state during sessions.
- Quick selection - Choose from a range of emotions with a single click
- Session tracking - Emotion states are recorded throughout the session
- Post-session stats - View emotional journey data in session analytics after the session ends
Session Notes for Therapists
Therapists can now take private notes during sessions using the notes button in the bottom-right corner.
- Private notes - Only visible to the therapist, not shared with participants
- Real-time saving - Notes are automatically saved as you type
- Session context - Notes are linked to the session for easy reference later
We are rolling out First Access!
We are happy to share what we have built so far with the community and look forward to any therapist interesting to try us out. You can sign up directly and start using or contact us at support@frameshare.org to get a personal intro and tour of FrameShare (from Stefan, himself!) and how we hope to add to your practice and workflow.
We’ll listen closely to where we can add features that make your work easier, and our current development focus is centered on building what clinicians need most.
How FrameShare Ensures HIPAA Compliance
FrameShare implements comprehensive security measures that meet and exceed HIPAA Security Rule requirements. Here's how we protect your clients' Protected Health Information (PHI):
Your Sessions Are Completely Private
-
•
No Sharing Without Consent
Drawings, chat messages, and session notes are NEVER shared or visible to anyone except the therapist and their authorized patients. Each session is completely isolated.
-
•
Self-Hosted Video
Unlike other platforms that use third-party services (Zoom, Google Meet, etc.), we host all video sessions on our own secure servers. Your therapy sessions never leave our HIPAA-compliant infrastructure.
-
•
Zero Platform Visibility
Even FrameShare's administrators cannot view your encrypted session content, messages, or patient data. Only you and your authorized patients have access.
Administrative Safeguards
-
•
Comprehensive Audit Logging (§164.312(b))
Every access to PHI is tracked: WHO accessed WHAT, WHEN, and from WHERE. Audit logs are immutable and include all creates, reads, updates, and deletes.
-
•
Automatic Session Timeout
Sessions automatically expire after 30 minutes of inactivity, preventing unauthorized access from unattended devices.
-
•
Account Security & Lockout
Accounts are locked for 10 minutes after 5 failed login attempts, protecting against brute force attacks. IP-based tracking identifies suspicious access patterns.
Technical Safeguards
-
•
Field-Level Encryption (§164.312(a)(2)(iv))
All sensitive data is encrypted using AES-128 encryption (Fernet). This includes patient profiles, session notes, messages, and drawing data - both in transit and at rest.
-
•
Data Integrity Controls (§164.312(c)(1))
SHA-256 checksums verify data hasn't been tampered with. Any unauthorized modifications are immediately detectable.
-
•
Complete Data Recovery (§164.308(a)(7))
Full history tracking allows recovery of any accidentally deleted or modified data. Every change is versioned with timestamps and user attribution.
-
•
Secure Infrastructure
All data transmission uses HTTPS/TLS encryption. AWS infrastructure provides additional security layers with VPC isolation and security groups.
Data Protection Features
-
•
Soft Delete Protection
PHI is never permanently deleted immediately. Deleted records are retained and can be restored if needed, preventing accidental data loss.
-
•
Role-Based Access Control
Therapists can only access their own clients' data. Staff have restricted access based on their role. All access is logged and auditable.
-
•
Privacy-First Design
Therapist locations shown only at state level. Anonymous visitor tracking respects privacy. Patient data is segregated and encrypted.
-
•
Complete Data Isolation
No artwork, chat messages, or session notes are ever shared without explicit consent. Only the therapist who created the session and their authorized patients can access session data.
-
•
Self-Hosted Video Infrastructure
All video sessions are self-hosted on our secure servers. No third-party video services have access to your therapy sessions, ensuring complete privacy and HIPAA compliance.
-
•
Therapist-Controlled Data
All patient data, health records, and session content is encrypted and saved exclusively with the therapist's account. No other users, including platform administrators, can view this protected information.
HIPAA-Compliant Technology Stack
-
•
django-auditlog
Provides comprehensive, immutable audit trails for all PHI access and modifications.
-
•
django-simple-history
Maintains complete version history of all records, enabling data recovery and change tracking.
-
•
django-fernet-fields
Implements transparent field-level encryption using industry-standard AES-128 encryption.
-
•
django-axes
Monitors and blocks suspicious login attempts, preventing unauthorized access.
HIPAA Compliance Summary
Need more information about our HIPAA compliance?
Contact us at support@frameshare.org
We can provide our complete HIPAA compliance documentation, Business Associate Agreement (BAA), or schedule a security assessment review.