Last updated 22 February 2021
Collection of Information
We collect the following kinds of data when you use the Application and our Services:
your contact data such as your full name, email address, and password when you create your account;
your usage data such as what screens or features you access;
your log data such as the type of web browser you use, app version, access times and dates, pages viewed, your IP address;
the native actions you take within the App, such as picking from a number of available options and story paths;
the content you create or share on the App;
the information you provide to us when you fill out a form or a survey, participate in a contest or promotion, make a purchase, communicate with us via social media sites, request customer support, or otherwise communicate with us.
How we handle your conversation messages
When you use the Service, you select from pre-formatted options or type in free-text using your keypad. We collect, transmit and securely store your messages in our servers. We process your messages in real-time via a rule-based engine in order to direct you appropriately to subsequent conversation. At no point during your interaction with the App does another natural person have access to or get to monitor or respond to your messages.
Your data, messages or usage is not used for direct marketing nor is it sold to advertisers. We do use anonymised and only the minimal data that is required to make the product as helpful as possible to people, or to advance mental health research.
Information from other sources
We may obtain information about you from other sources, including through third party services and organizations to supplement information provided by you. For example, if you access our Services through a third-party application, such as an app store, a third-party login service, or a social networking site, we may collect information about you from that third-party application that you have made public via your privacy settings. This supplemental information allows us to verify information that you have provided to us and to enhance our ability to provide you with information about our business, products, and Services.
Use of Information
Protecting your Information is a top priority for us. We will never sell or rent any Data you shared in the App, nor access your information, except for the purposes included here.
We use the information we collect to:
Create and manage your account in order for you to access and use the Services;
Personalize and enhance your user experience by making the story reflect your past choices;
Communicate with you about products, services, and events offered by us and others, request feedback, and send news, gifts or other information we think will be of interest to you;
Monitor and analyze trends, usage, and activities in connection with our Services;
Respond to law enforcement requests and comply with the law, in particular, for the purpose of detecting, investigating, and prosecuting illegal acts.
Detect, investigate and prevent fraudulent transactions and other illegal activities and protect our rights and property and those of others, including to enforce our agreements and policies.
We may also de-identify and/or aggregate and/or anonymize your data for purposes of product development and improvement. De-identified data, in individual or aggregated form, may also be used for research purposes both internally or with research partners for the advancement of clinical and scientific knowledge.
We use third party service providers who provide technical and support services to help us provide and improve the product and Services. In providing the Services, these third party service providers may have limited access to databases of user information or registered member information solely for the purpose of helping us to improve the product and they will be subject to contractual restrictions prohibiting them from using the personal data of our members for any other purpose.
Cookies and similar technologies
Security of your data
We seek to safeguard the security of your Data and have implemented security measures consistent with accepted practices in the industry to protect your data and limit access to it.
In particular, we have implemented appropriate technical and organizational measures to minimize risks associated with data loss, misuse, unauthorized access, and unauthorized disclosure using encryption technology, such as Secure Sockets Layer (SSL) during data transport and at rest as well as physical access restrictions for our data centers and authorization controls for data access.However, despite our efforts to protect your Data, there is always some risk that an unauthorized third party may find a way around our security systems or that transmissions of your Data over the Internet will be intercepted. Unfortunately, we cannot guarantee the absolute security of your data, nor can we guarantee that the Data that you provide will not be intercepted while being transmitted to Us over the Internet. Therefore, we urge you to also take every precaution to protect your Data when you are on the Internet or using the Application.
Storage of personal data
We will keep your personal data for as long as it is necessary to fulfil the purposes for which it was collected as described above and in accordance with our legal and regulatory obligations.
If you would like further information about our data retention practices you can ask for this at any time (see “Contact Us” section below).
How we store your data
We process your information and store it on servers located in data centres in the EEA. Our server environment is highly secure and any information is encrypted with industry standard techniques.
Unfortunately, the transmission of information via the internet is not completely secure. Although We will do Our best to protect your personal data, We cannot guarantee the security of your data transmitted to Our Site(s); any transmission is at your own risk. Once We have received your information, We will use strict procedures and security features to try to prevent unauthorised access.
Legal basis of personal data processing
In accordance with GDPR, the lawful basis we use for collecting and processing your information are as follows:
Where it is necessary for entering into or performing a contract with you;
Where we have a legitimate interest to do so, provided your rights do not override those interests;
Where you have consented to its uses;
Where our colleagues believe it is in your vital interests to share your personal details;
Where required to comply with our legal obligations.
Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal information.
Right to information: You can request a copy of the personal information we have collected about you.
Right to rectification: We want to ensure that your information is up to date and correct. You can request that your information be corrected or removed if you consider it incorrect.
Right to be forgotten: You can request us to delete your personal information. We may not delete data that the law requires us to keep.
Data portability: You can request that we transfer your personal data from our IT environment, either to another company or to you. This does not apply to information that the law requires us to keep.
Withdrawal of consent: You can withdraw your consent to share your information or to receive marketing / emails at any time. Either by unsubscribing from the mailing list or by contacting us through email.
Complaint: You can file a complaint with the Data Protection Authorities if you believe that we are treating your personal data in violation with GDPR.
You can exercise your rights by contacting us by email at firstname.lastname@example.org. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.
The Services are not directed to children under 13 (or other age as required by local law), and we do not knowingly collect personal data from children. If you learn that your child has provided us with personal data without your consent, you may contact us as set forth below. If we learn that we have collected any personal data in violation of applicable law, we will promptly take steps to delete such personal data and terminate the child’s account
If you feel that we have not addressed your questions or concerns adequately, or you believe that your data protection or privacy rights have been infringed, you can complain to any supervisory authority or other public body with responsibility for enforcing privacy laws. In the United Kingdom this is the Information Commissioner’s Office, you can see their contact details via the ICO website.