A) Data We Collect

• Identity & Contact: name, date of birth/age, email, phone, address, government ID where required for verification/safety.
• Demographics & Preferences: language, time‑zone, consent preferences.
• Service Data: intake forms, clinical notes, assessments, progress records, supervision logs, attendance, coursework and evaluations.
• Technical: browser/device info, IP address, session metadata, cookies/analytics where used (see Cookies).
• Payments: transaction identifiers and summaries from payment processors (we do not store full card details).

B) Lawful Bases & Purposes

• Consent: initiating counselling, tele‑counselling, assessments; receiving marketing communications; recordings for supervision/training.
• Contractual necessity: scheduling, delivery of services/courses, issuing certificates, processing payments.
• Legal obligation: invoices/tax, mandatory reporting (e.g., POCSO), responding to lawful requests.
• Legitimate interests: service quality, safety, internal analytics, preventing fraud, improving curricula—balanced against your privacy rights.

C) Children’s Data

• We require verifiable parental/guardian consent before processing personal data of minors.
• We do not engage in behavioural tracking or targeted advertising to children.
• Guardians may exercise rights on behalf of minors consistent with law.

D) Your Rights

• Access: obtain a copy or summary of your personal data.
• Correction/Completion/Updating: request rectification of inaccurate or incomplete data.
• Erasure: request deletion where no longer necessary or where consent is withdrawn (subject to legal retention).
• Grievance Redressal: contact our Grievance Officer; if unresolved, you may approach the relevant authority/Board when notified by Government.
• Nominate: designate an individual to exercise your rights upon death or incapacity, where supported.

E) Sharing & Disclosures

• With your consent or as part of service delivery (e.g., referral letters, school/college accommodations, employer wellness reports in aggregated/de‑identified form).
• With processors under contract (IT hosting, payment gateways, email/SMS providers) bound by confidentiality and security obligations.
• For legal compliance, safety, or mandatory reporting requirements.

F) Cross‑Border Processing

We may process/store data using cloud or vendors outside India. Transfers occur consistent with Indian law, including any Government‑notified country restrictions. Where required, we implement contractual safeguards and minimisation.

G) Security

• Administrative: staff confidentiality agreements, role‑based access, background/competency checks where applicable.
• Technical: encryption in transit, secure storage with access controls, regular backups.
• Organisational: policies for device use, incident response, and secure destruction of records after retention ends.

H) Retention

We retain records for the minimum period necessary to deliver services, meet legal/medical/accounting obligations, manage disputes, and ensure continuity of care. Retention periods vary by record type and applicable regulation; when no longer needed, data is securely destroyed or anonymised.

I) Marketing Preferences

• We do not send unnecessary emails/SMS. Marketing is consent‑based and limited to relevant updates about our services.
• You may opt‑out at any time via unsubscribe links or reply keywords; essential service messages will continue.

J) Cookies & Analytics

We may use essential cookies for security and session management and, with consent where required, analytics cookies to improve the Site. You can manage preferences via your browser or our cookie banner where implemented.

K) International Users

If you are located outside India (e.g., EEA/UK), we process your data primarily on the basis of consent, contract, and legitimate interests. You may have additional rights under local law (e.g., access, portability, objection). We will honour valid rights requests consistent with applicable law and implement appropriate transfer safeguards.

L) Contact: Data & Grievances

To exercise rights or raise a concern, please contact our Data/Privacy contact and Grievance Officer at the details provided on our website (email, phone, postal address). We acknowledge within 24 hours and aim to resolve within 15 days.

M) Changes to This Policy

We may update these Terms and this Privacy Policy periodically. Material changes will be signposted on our website with the effective date. Continued use constitutes acceptance.