Privacy Policy

Effective: 25 August 2023 · JOETER CONSULTING LLP (LLPIN: ACC-6688)

1. Introduction

ElloMind is committed to protecting the privacy and confidentiality of every individual who uses our platform and services. We recognise that the information you share with us, particularly in the context of mental health care, is deeply personal and sensitive.

This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you access our website, mobile applications, or any services offered by ElloMind. Our privacy practices are aligned with the following legislation and frameworks:

• Information Technology Act, 2000 (IT Act)
• Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules)
• Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
• Digital Personal Data Protection Act, 2023 (DPDP Act)
• General Data Protection Regulation (GDPR) principles, where applicable to users in the European Economic Area

By using ElloMind, you agree to the practices described in this Privacy Policy. We encourage you to read this document in its entirety to understand your rights and our obligations.

2. Definitions

• ElloMind / We / Us / Our refers to JOETER CONSULTING LLP (LLPIN: ACC-6688), the entity that owns and operates the ElloMind platform and services.
• User / You / Your refers to any individual who accesses, browses, or uses the ElloMind platform, whether as a registered user, visitor, or client.
• Personal Information means any data that identifies or can be used to identify an individual, including but not limited to name, email address, phone number, health information, and payment details.
• Service refers to the therapy, counselling, educational resources, and any other offerings provided through the ElloMind platform, including the website and any associated applications.
• Processor means any third-party entity that processes personal data on behalf of ElloMind under contractual obligations and in accordance with our instructions.

3. Nature of Service

ElloMind provides professional therapy, counselling, and psychological support services to individuals, couples, teens, and children. Our platform also offers educational resources related to mental health and emotional well-being.

Sessions are conducted by licensed, RCI-registered clinical psychologists through online (video/audio) and in-person formats. We also provide journal tools, self-help resources, and curated mental health content.

4. Consent

By creating an account, booking a session, submitting a form, or otherwise using our platform, you provide your free, specific, informed, and unambiguous consent to the collection and processing of your personal data as described in this Privacy Policy.

We maintain timestamped records of consent to ensure transparency and accountability. Consent records include the date, time, method of consent, and the version of the privacy policy in effect at the time of consent.

4.1 Withdrawing Consent

You have the right to withdraw your consent at any time. To do so, please contact us at info@ellomind.com with the subject line "Withdraw Consent." Upon receiving your request, we will cease processing your personal data, subject to any legal obligations that require us to retain certain information. Please note that withdrawing consent may affect your ability to use certain features of our platform.

5. Information We Collect

We collect the following categories of information to provide and improve our services:

5.1 Personal Data

• Full name
• Email address
• Phone number
• Date of birth
• Gender
• Mailing address (where applicable)

5.2 Profile Data

• Account preferences and settings
• Session history and booking records
• Communication preferences
• Therapist preferences and feedback

5.3 Health Information

• Symptoms, concerns, and clinical notes shared during sessions
• Journal entries and self-assessment responses
• Therapeutic goals and progress notes
• Relevant medical or psychological history disclosed by the user

Health information is treated as Sensitive Personal Data or Information (SPDI) under the IT Act and SPDI Rules and is subject to heightened protections.

5.4 Payment Data

• Transaction identifiers and billing records
• Masked payment instrument details (e.g., last four digits of a card)
• Invoice and receipt information

We do not store full credit card numbers, CVVs, or complete bank account details. Payment processing is handled by PCI-DSS compliant third-party payment processors.

5.5 Usage and Technical Data

• Device type, operating system, and browser information
• IP address and approximate location
• Pages visited, session duration, and interaction patterns
• Referral source and search terms

5.6 Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyse usage patterns, and deliver relevant content. For detailed information, see Section 11 (Cookies) of this policy.

6. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide therapy sessions, match you with appropriate therapists, manage bookings, and facilitate communication between you and your therapist.
• Platform Security: To protect the integrity and security of our platform, detect and prevent fraud, unauthorised access, and other harmful activities.
• Communications: To send you appointment confirmations, reminders, service updates, and respond to your enquiries. We may also send promotional communications where you have opted in.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
• Analytics and Improvement: To analyse aggregated and de-identified usage data to improve our platform, services, and user experience. Individual users are not identified in analytics outputs.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting obligations.

• Account and session data is retained for the duration of your active relationship with ElloMind and for a reasonable period thereafter to support any follow-up, dispute resolution, or legal requirements.
• Billing and tax records are retained for the period prescribed by applicable statute (typically 7 years under Indian tax law).
• Journal entries and self-assessment data can be deleted upon your request by contacting us at info@ellomind.com.
• Usage and technical data is typically retained in aggregated form and deleted or anonymised after 24 months.

When data is no longer required, it is securely deleted or anonymised so that it can no longer be associated with you.

8. Sharing & Disclosure

We do not sell, rent, or trade your personal data. We may share your information only in the following circumstances:

8.1 Third-Party Processors

We engage trusted third-party service providers for hosting, video conferencing, analytics, and payment processing. These processors are bound by data processing agreements that require them to handle your data in accordance with this Privacy Policy and applicable law. They are prohibited from using your data for their own purposes.

8.2 Legal Compliance

We may disclose your information where required by law, regulation, legal process, or governmental request, including to comply with court orders, subpoenas, or regulatory enquiries.

8.3 Business Transactions

In the event of a merger, acquisition, reorganisation, or sale of assets, your personal data may be transferred as part of the transaction. We will ensure that appropriate safeguards and confidentiality obligations are in place, and we will notify you of any such transfer.

8.4 Corporate Wellness Programs

For organisations that partner with ElloMind for employee wellness, we share only aggregated and de-identified usage data. No individual employee's personal data or session content is disclosed to the employer.

9. Security Measures

10. Your Rights

Depending on your jurisdiction and applicable law, you may have the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Correction: Request correction of inaccurate or incomplete personal data.
• Right to Deletion: Request erasure of your personal data, subject to legal retention requirements.
• Right to Restrict Processing: Request that we limit the processing of your data under certain circumstances.
• Right to Data Portability: Receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Object: Object to processing of your personal data for specific purposes, including direct marketing.
• Right to Withdraw Consent: Withdraw consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.

To exercise any of these rights, please contact us at info@ellomind.com. We will respond to your request within 30 days, or as required by applicable law.

11. Cookies

We use cookies and similar tracking technologies on our platform. Cookies are small text files stored on your device that help us provide and improve our services.

11.1 Types of Cookies We Use

• Strictly Necessary Cookies: Essential for the operation of the platform, including session management, authentication, and security. These cannot be disabled.
• Functional Cookies: Enable enhanced functionality and personalisation, such as remembering your preferences and settings.
• Analytics Cookies: Help us understand how visitors interact with our platform by collecting aggregated, anonymous usage data.
• Marketing Cookies (Opt-in): Used to deliver relevant advertisements and measure campaign effectiveness. These are only activated with your explicit consent.

11.2 Managing Cookies

You can manage or disable cookies through your browser settings. Please note that disabling certain cookies may affect the functionality and performance of our platform. For more information on managing cookies, consult your browser's help documentation.

12. Third-Party Processors

We work with carefully selected third-party service providers to support the delivery and operation of our platform. These processors may assist with:

• Cloud hosting and infrastructure
• Content delivery networks
• Video and audio conferencing for therapy sessions
• Messaging and communication tools
• Analytics and usage tracking
• Payment processing and billing

All third-party processors are bound by confidentiality agreements and data processing contracts. They are required to implement appropriate technical and organisational measures to protect your data and are strictly prohibited from using your personal data for their own purposes or disclosing it to unauthorised parties.

13. International Data Transfers

Your personal data may be stored or processed in locations outside your country of residence, including countries where our third-party service providers operate their infrastructure. When we transfer your data internationally, we ensure that appropriate safeguards are in place, including:

• Contractual protections such as standard contractual clauses or equivalent mechanisms
• Data processing agreements that mandate compliance with applicable privacy laws
• Assessment of the data protection framework of the destination country

By using our services, you acknowledge that your data may be transferred to, stored, and processed in jurisdictions outside your own, subject to the protections described in this policy.

14. Analytics & Remarketing

We use analytics tools to understand how users interact with our platform and to measure the effectiveness of our outreach efforts. These tools use pseudonymous identifiers and do not directly identify individual users.

Remarketing technologies may be used to display relevant information about ElloMind on third-party platforms to users who have previously visited our website. No sensitive health data is used for remarketing purposes.

You can opt out of personalised advertising by adjusting your browser settings, using ad preference tools provided by platforms such as Google and Facebook, or installing browser extensions designed for this purpose.

15. Children & Minors

ElloMind services are intended for individuals aged 18 years and above. We do not knowingly collect personal data from children or minors without verified parental or guardian consent.

Where our services are provided to minors (such as teen therapy or child therapy), we obtain explicit consent from a parent or legal guardian before collecting or processing any personal data relating to the minor. The parent or guardian may exercise all privacy rights on behalf of the minor.

If you believe that we have inadvertently collected data from a minor without appropriate consent, please contact us at info@ellomind.com, and we will take immediate steps to delete such information.

16. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant data protection authority or regulatory body as required by applicable law, without undue delay
• Notify affected individuals where the breach is likely to result in a high risk, providing details of the nature of the breach, the data involved, and the measures taken or proposed to address it
• Provide guidance on steps you can take to protect yourself, where applicable

We maintain an incident response plan and conduct regular reviews to ensure our breach notification procedures remain effective and compliant.

17. Automated Decision-Making

ElloMind does not use automated decision-making or profiling that produces legal or similarly significant effects on users. Any recommendations, suggestions, or content personalisation on our platform are provided to enhance your experience and do not constitute binding decisions.

If we introduce any form of automated decision-making in the future, we will update this policy and provide clear information about the logic involved, the significance, and the envisaged consequences of such processing.

18. Non-Discrimination

We are committed to ensuring that you are not discriminated against for exercising any of your privacy rights under this policy or applicable law. Exercising your rights will not result in:

• Denial of services or reduced quality of service
• Different pricing, rates, or service levels
• Any form of retaliation or adverse treatment

19. Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. Updates will be effective upon posting the revised policy on our website, with the updated effective date noted at the top of this page.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. For material changes, we may provide additional notice through email or a prominent announcement on our platform.

20. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of India. Any disputes arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts in Kochi, Kerala, India.

21. Contact & Grievance