Privacy Policy

1. Introduction

This Privacy Policy (“Policy”) explains how MINDCANOPY SERVICES LLP (“Mind Canopy”, “we”, “us”, “our”) collects, uses, shares, and protects personal information of individuals who visit our website or use our online mental health platform and related services.

By accessing or using our website and services, you agree to the collection and use of your information in accordance with this Policy and our Terms of Use.

Mind Canopy provides an online platform that connects clients with independent mental health professionals (“Therapists”) for counselling and related services. Mind Canopy itself does not provide clinical services or act as your treating clinician; those services are provided solely by Therapists who are listed on our platform under agreements with us.

Mind Canopy is not an emergency or crisis service. If you are in immediate danger, considering self-harm, or experiencing any other emergency, please contact your local emergency number or visit the nearest hospital or crisis service immediately.

2. Who We Are and How to Contact Us

MINDCANOPY SERVICES LLP
Bren Edgewaters, Bengaluru, Karnataka, India
Email (support and privacy): support@mindcanopy.in

If you have any questions, complaints, or requests relating to this Privacy Policy or your personal data, you may contact us at support@mindcanopy.in, and we will review your request in accordance with applicable law, including the Digital Personal Data Protection Act, 2023 (“DPDP Act”).

3. Who This Policy Applies To

This Policy applies to:

• Visitors to our website.
• Individuals who create an account and use Mind Canopy to seek or receive counselling or therapy (“Clients”).
• Mental health professionals who register and list their services on Mind Canopy (“Therapists”).

For personal data processed through our platform, Mind Canopy acts as a data fiduciary under the DPDP Act.

4. Age and Eligibility

Mind Canopy is designed for:

• Adults (18+); and
• Teenagers aged 13–19, with appropriate parental or guardian involvement where required.

Teenagers aged 13–17 may use Mind Canopy only:

• Where permitted by applicable law; and
• With the knowledge and, where required, consent or involvement of a parent or legal guardian, which may be confirmed during registration or by the Therapist before or during services.

Therapists may decide, based on professional judgment, local law, and safeguarding needs, whether they can work with a particular teen client and whether parental or guardian involvement is needed in that case.

Mind Canopy does not knowingly offer services to children under 13. If you are under 13, please do not use this platform. If we become aware that we have collected personal data from a child under 13, we will take reasonable steps to delete it.

5. Information We Collect

We collect only the information that is reasonably necessary to operate our platform and enable counselling services.

5.1 Information you provide as a Client

• Account and profile information: Name, email address, phone number (where provided), age or date of birth, gender, location (city/state), and password or other login credentials.
• Therapy preferences: Areas you want to work on, preferred therapist characteristics, language preferences, availability, and communication preferences.
• Intake and session information: Answers to onboarding forms, screening or intake questionnaires, information about your mental health concerns and goals, and details you choose to share before or during sessions.
• Session records and notes (online): Session booking history (dates, times, duration, status); session notes or summaries created on the platform for you and your Therapist to view, as part of your care. For video sessions, a text transcript is generated (via our video provider) and automatically scanned for safety and policy purposes, after which the transcript is deleted (see Sections 6 and 10).
• Communication data: Messages you send via our platform (where messaging is enabled) and emails or other communications with our support team.
• Billing and payment information: Name, contact details, subscription or plan details, and transaction information (such as payment method, masked card information, transaction ID). Payment credentials are processed by our payment partners and are not stored in full by Mind Canopy.

Therapists may also maintain their own private notes offline, outside the Mind Canopy platform. Those offline notes are created and controlled solely by the Therapist and are not governed by this Policy.

5.2 Information you provide as a Therapist

If you register as a Therapist, we may collect:

• Identity and contact details (name, email, phone, address).
• Professional qualifications, licenses/registrations, experience, areas of specialization, languages, and profile photo.
• Fees, availability, and scheduling preferences.
• Bank or payout details (handled through secure payment partners where possible).
• Communications with clients via the platform, and communications with Mind Canopy.

5.3 Information collected automatically

When you visit or use the platform, we may automatically collect:

• Device and technical data (IP address, browser type, device identifiers, operating system, referring pages, access times).
• Usage data (pages visited, features used, clicks, scrolls, time spent, error logs).
• Cookie identifiers and similar tracking data, as described in the “Cookies and Tracking Technologies” section.

6. How We Use Your Information

We use your information in line with the DPDP Act and other applicable Indian laws for the following purposes.

6.1 To provide the Mind Canopy service

• Create and manage your account, authenticate logins, and maintain your user profile.
• Match clients with appropriate Therapists, based on preferences and intake information.
• Schedule, manage, and record online sessions conducted via daily.co as our video session provider.
• Facilitate secure messaging and communication (where enabled) between Clients and Therapists.
• Maintain online session notes for Clients and Therapists to view through the platform.
• Handle billing, payments, subscriptions, and invoices through our payment partners.

6.2 To communicate with you

• Send booking confirmations, reminders, and updates about sessions.
• Send important service announcements, policy updates, and security or support notifications.
• Respond to your support queries and feedback.

6.3 For safety, legal, and compliance purposes

• Detect, prevent, and respond to fraud, unauthorized access, abuse, or security incidents.
• Run automated keyword scanning of platform messages and video-session transcripts to detect safety risks (such as self-harm language) and policy violations (such as attempts to share personal contact details or move payments off the platform), and to alert authorized Mind Canopy staff.
• Comply with legal obligations, lawful requests, or court orders.
• Protect the rights, property, or safety of Mind Canopy, our users, Therapists, or the public, including in situations involving serious risk of harm.

6.4 For analytics and service improvement

• Use aggregated and de-identified data where possible to understand how our website and platform are used.
• Improve user experience, develop new features, and optimize performance.

6.5 For marketing and advertising (non-clinical data)

We use standard digital marketing tools (such as Google Ads, Google Analytics, Google Tag Manager, Meta Pixel, and TikTok Pixel) to understand campaign performance and show relevant ads to potential users.

For these purposes, we may use:

• Cookie and pixel identifiers.
• Approximate location, device type, and general usage patterns.
• Non-clinical information such as the fact that a device visited certain pages on our website.

We do not use or share:

• Session notes;
• Assessment responses or detailed intake answers about your mental health;
• Therapist notes or detailed clinical information;
• Any content of your therapy sessions;

for advertising, profiling, or campaign targeting.

Where required, we will request your consent for non-essential cookies or marketing emails and provide options to opt out.

7. Legal Basis and Consent (DPDP Act)

Under the DPDP Act, we rely on the following grounds for processing:

• Your consent: For most client-related data, especially mental health–related information and non-essential cookies/marketing, we rely on your free, specific, informed, unconditional, and unambiguous consent.
• Performance of the services you request: Many processing activities (like account creation, matching, and session handling) are necessary to deliver the services you choose.
• Certain legitimate uses permitted by law: For example, complying with legal obligations, responding to safety risks, and preventing fraud.

You may withdraw your consent at any time, but this may affect our ability to provide some or all services.

8. How We Share Your Information

We do not sell your personal data. We share it only as described below and only to the extent necessary.

8.1 With Therapists

When you book or are matched with a Therapist, we share relevant information so they can assess whether they can work with you and deliver services, such as:

• Your name (or chosen display name), age range, and city/state;
• Intake and preference information;
• Session history and online notes made available to you and your Therapist.

Therapists listed on Mind Canopy are independent professionals, not employees of Mind Canopy. They are bound by their own professional ethics, applicable regulations, and contractual obligations with Mind Canopy to keep your information confidential and to use it only for providing services to you through or in connection with our platform.

8.2 With service providers

We use trusted third-party vendors to operate our platform, for example:

• Cloud hosting and infrastructure (with servers in India or Asia data centers).
• Video session provider (daily.co).
• Payment gateways and payment processors.
• Email and notification service providers.
• Analytics, tag management, and advertising platforms (as listed above).

These service providers act on our instructions and are required to handle data securely and only for the purposes described in this Policy.

8.3 For legal reasons and safety

We may disclose information if we reasonably believe it is necessary to:

• Comply with any applicable law, regulation, legal process, or enforceable governmental request.
• Protect the safety, rights, or property of you or others, including in situations of serious or imminent risk of self-harm or harm to others, or in cases of suspected abuse where law requires reporting.
• Detect, prevent, or address fraud, security, or technical issues.

8.4 Business transfers

If Mind Canopy is involved in a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction, subject to continued protection consistent with this Policy or a successor policy that provides at least comparable protection.

9. International Therapists and Cross-Border Access

Mind Canopy primarily serves Clients in India, but Therapists may be located worldwide.

When you are matched with or book sessions with a Therapist located outside India, certain personal and session-related information will be accessible to that Therapist so they can provide services to you.

Our infrastructure and key systems are hosted on servers located in India or within Asia data centers, but some of our service providers or support tools may involve transfers or remote access from other countries.

Where such cross-border transfers or access occur, we take reasonable steps to ensure that your information remains protected and that such processing complies with the DPDP Act and other applicable Indian requirements.

10. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy or as required by law, whichever is longer.

Unless a different period is required by law or professional obligations:

• Account, profile, and contact details: Retained while your account is active and for up to 3 years after your last activity or account closure, to handle queries, disputes, or legal requirements.
• Intake forms, online session notes, and session history: Retained for up to 3 years from the date of your last session, unless a longer or shorter period is required by applicable law.
• Payment and invoice records: Retained for at least 3 years or longer if required by tax, accounting, or regulatory obligations.
• Backups and logs: Retained for shorter, rolling periods necessary for security, troubleshooting, and continuity.
• Video-session transcripts: Deleted promptly after the automated safety scan. We retain only the scan result (a flag category such as “self-harm” or “off-platform contact”), never the transcript text.

After the relevant retention period, we will delete or anonymize your personal data in accordance with our internal policies and applicable law.

11. Your Rights

Subject to verification and applicable exceptions under the DPDP Act and other laws, you may exercise the following rights:

• Access: Request information about the categories of personal data we process and obtain access to your data.
• Correction: Ask us to correct or update inaccurate or incomplete personal data.
• Erasure: Request deletion of your personal data when it is no longer needed for the stated purposes or where you withdraw consent and there is no other lawful basis for retention, subject to legal and legitimate interests (for example, regulatory or legal defense needs).
• Withdrawal of consent: Withdraw your consent at any time for processing that is based on consent, without affecting the lawfulness of processing prior to withdrawal.
• Grievance / complaint: Lodge a complaint with us regarding our data practices and escalate further to the competent authority under the DPDP Act if you are not satisfied with our response.

You can exercise these rights by emailing support@mindcanopy.in with your request. We may ask for additional information to verify your identity and ensure that we are interacting with the correct person.

12. Confidentiality of Therapy Content

Mind Canopy recognizes that mental health and therapy-related information is highly sensitive.

Information you share through intake forms, during sessions, and in online notes is treated as confidential and is accessible only to you, your Therapist, and a strictly limited set of authorized Mind Canopy personnel who require access for support, quality assurance, or legal/compliance reasons.

Therapist private notes kept offline (outside the Mind Canopy platform) are created and maintained solely by the Therapist and are subject to their professional and legal obligations, not this Policy.

Confidentiality may be overridden only in limited circumstances, such as:

• Imminent risk of serious harm to you or others.
• Suspected abuse or exploitation where reporting is required by law.
• Valid legal process (such as a court order) requiring disclosure.

We do not use or share therapy content, session notes, therapist notes, or detailed mental health information for advertising, marketing, or unrelated analytics.

To keep the platform safe, messages and video-session transcripts are screened by an automated keyword scan. This surfaces only a flag category (for example, “self-harm” or “off-platform contact”) to a limited set of authorized staff — not the content of your messages or sessions — and transcripts are deleted once scanned.

13. Cookies and Tracking Technologies

We use cookies, pixels, and similar technologies to:

• Enable essential functionality such as login and security.
• Understand how users interact with our website (analytics).
• Measure and improve the effectiveness of our marketing campaigns (advertising).

These tools may include Google Analytics, Google Ads, Google Tag Manager, Meta Pixel, and TikTok Pixel.

You can control cookies through:

• Your browser settings, where you can block or delete cookies; and
• Any cookie banner or settings we provide on our website to manage non-essential cookies.

If you disable certain cookies, parts of our website may not function properly.

14. Security

We use reasonable technical and organizational measures to protect your information from unauthorized access, alteration, disclosure, or destruction.

These measures may include:

• Encryption in transit, secure server configurations, and firewalls.
• Access controls limiting which staff and systems can access sensitive data.
• Regular updates, monitoring, and internal policies for handling personal data securely.

While we strive to protect your data, no system can be wholly secure. You are also responsible for keeping your login credentials confidential and for logging out after using shared devices.

15. Data Breach

If we become aware of a personal data breach that is likely to result in a significant risk to your rights or interests, we will:

• Take steps to contain and investigate the breach;
• Notify relevant authorities where required by law; and
• Inform affected users, where appropriate, with information and guidance on protective steps you can take.

16. Third-Party Links

Our website may contain links to external websites, apps, or services that are not operated or controlled by Mind Canopy.

This Policy does not apply to those third parties. You are encouraged to review their privacy policies before providing them with your personal information.

17. Changes to This Policy

We may revise this Privacy Policy from time to time to reflect changes in our services, legal requirements, or other operational needs.

When we make material changes, we will update the “Last updated” date at the top of this page and may provide additional notice (for example, on the website or by email). Your continued use of Mind Canopy after such changes become effective will mean that you accept the updated Policy.