KVB-Certified P2P Psychotherapy Platform with WebRTC
The Problem
A German healthcare technology company set out to build the first KVB-certified video platform dedicated to online psychotherapy. Existing telehealth tools were built for general medical consultations — cluttered interfaces, unnecessary features, and security implementations that didn't meet the specific compliance standards required for psychotherapy in the German healthcare system. They needed a purpose-built platform where privacy, simplicity, and clinical focus were the architecture — not afterthoughts.
Why Building a Certified Psychotherapy Video Platform Is Hard
A peer-to-peer psychotherapy platform combines the compliance rigor of German healthcare certification with the intimacy demands of therapeutic environments and the technical requirements of encrypted real-time communication:
- KVB certification is not a checkbox — it's an architecture constraint that mandates specific encryption standards, data handling, session isolation, and audit capabilities
- Peer-to-peer encryption with zero trust — media streams must never traverse or be stored on intermediate servers
- The UI must serve the therapeutic environment — standard video conferencing interfaces actively undermine the therapeutic setting
- Consent-based recording with legal rigor — explicit dual-consent workflows, secure storage, and deletion capabilities
- Session note-taking integrated with clinical workflows without disrupting the face-to-face experience
- WebSocket signaling with connection resilience — handling reconnection without breaking the therapeutic flow
What We Did
Architecture & Security Foundation
- Designed privacy-first architecture with Node.js backend — strict separation between control plane and media plane
- Implemented WebRTC for true peer-to-peer encrypted video — no server-side media processing or interception
- Established WebSocket signaling for session establishment, presence management, and encrypted real-time chat
Therapeutic Interface Design
- Built Angular frontend with minimalist, calming design — muted colors, generous whitespace, centered video connection
- Developed therapy-focused interaction model — single-click join, automatic AV setup, distraction-free full-screen mode
- Implemented secure in-session encrypted chat for sharing links and notes alongside video
Clinical Tooling & Consent Workflows
- Built consent-based session recording — explicit dual-consent workflow with visible recording indicator
- Developed secure note-taking system — encrypted, session-linked notepad accessible only with therapist credentials
- Implemented session management — scheduling, patient management, session history with notes
KVB Certification & Compliance
- Conducted full KVB certification — documenting encryption, data handling, session isolation, and audit capabilities
- Implemented comprehensive audit logging in tamper-evident formats
- Built data protection framework — data minimization, right-to-deletion workflows, GDPR-compliant processing
Key Results
In Their Words
Webprax Face2Face is the first platform where the technology truly disappears during a therapy session. Our therapists say it feels like the patient is sitting across from them — that's the highest compliment a telehealth platform can receive.
Their proactive team gets things done as if it were their own project.
What We Learned
The Best Interface Is One the Patient Forgets
Every pixel in a therapy session UI carries emotional weight. A notification badge creates anxiety. A busy toolbar creates distance. We removed features more often than we added them, and every UI element had to answer: "Does this serve the therapeutic relationship?"
True P2P Encryption Is a Trust Signal
We could have built a server-mediated architecture that was "encrypted enough." Instead, we implemented true P2P WebRTC where the server handles only signaling. When a therapist tells a patient "nothing leaves this room," the architecture must make that literally true.
KVB Certification Is a Design Process
We didn't build the platform and then seek certification. We studied KVB requirements first and let them shape architectural decisions from day one. The certification review confirmed what the design guaranteed, rather than revealing gaps to patch.
Need a Certified Telehealth Platform?
Book a 30-minute architecture session — we'll discuss your healthcare platform requirements and the infrastructure decisions that matter most. No pitch deck. Just engineering clarity.