Privacy Policy
This Privacy Policy explains how we collect, use, disclose, and protect personal data in connection with our Services.
A) Data We Collect
- Identity & Contact: name, date of birth/age, email, phone, address, government ID where required for verification/safety.
- Demographics & Preferences: language, time‑zone, consent preferences.
- Service Data: intake forms, clinical notes, assessments, progress records, supervision logs, attendance, coursework and evaluations.
- Technical: browser/device info, IP address, session metadata, cookies/analytics where used (see Cookies).
- Payments: transaction identifiers and summaries from payment processors (we do not store full card details).
B) Lawful Bases & Purposes
- Consent: initiating counselling, tele‑counselling, assessments; receiving marketing communications; recordings for supervision/training.
- Contractual necessity: scheduling, delivery of services/courses, issuing certificates, processing payments.
- Legal obligation: invoices/tax, mandatory reporting (e.g., POCSO), responding to lawful requests.
- Legitimate interests: service quality, safety, internal analytics, preventing fraud, improving curricula—balanced against your privacy rights.
C) Children’s Data
- We require verifiable parental/guardian consent before processing personal data of minors.
- We do not engage in behavioural tracking or targeted advertising to children.
- Guardians may exercise rights on behalf of minors consistent with law.
D) Your Rights
- Access: obtain a copy or summary of your personal data.
- Correction/Completion/Updating: request rectification of inaccurate or incomplete data.
- Erasure: request deletion where no longer necessary or where consent is withdrawn (subject to legal retention).
- Grievance Redressal: contact our Grievance Officer; if unresolved, you may approach the relevant authority/Board when notified by Government.
- Nominate: designate an individual to exercise your rights upon death or incapacity, where supported.
E) Sharing & Disclosures
- With your consent or as part of service delivery (e.g., referral letters, school/college accommodations, employer wellness reports in aggregated/de‑identified form).
- With processors under contract (IT hosting, payment gateways, email/SMS providers) bound by confidentiality and security obligations.
- For legal compliance, safety, or mandatory reporting requirements.
F) Cross‑Border Processing
We may process/store data using cloud or vendors outside India. Transfers occur consistent with Indian law, including any Government‑notified country restrictions. Where required, we implement contractual safeguards and minimisation.G) Security
- Administrative: staff confidentiality agreements, role‑based access, background/competency checks where applicable.
- Technical: encryption in transit, secure storage with access controls, regular backups.
- Organisational: policies for device use, incident response, and secure destruction of records after retention ends.
H) Retention
We retain records for the minimum period necessary to deliver services, meet legal/medical/accounting obligations, manage disputes, and ensure continuity of care. Retention periods vary by record type and applicable regulation; when no longer needed, data is securely destroyed or anonymised.I) Marketing Preferences
- We do not send unnecessary emails/SMS. Marketing is consent‑based and limited to relevant updates about our services.
- You may opt‑out at any time via unsubscribe links or reply keywords; essential service messages will continue.