Privacy Policy

Welcome to PsychDesk — a digital platform thoughtfully designed for mental health professionals to manage, grow, and simplify their practice.

At PsychDesk, your trust is our greatest responsibility. We value your privacy and are committed to handling all personal data in accordance with the Digital Personal Data Protection Act, 2023 (DPDPA) of India, along with globally accepted principles of data protection, confidentiality, and ethical practice.

This Privacy Policy explains how we collect, use, process, and safeguard your personal data, ensuring full transparency and compliance with Indian law.

1. Our Commitment to Privacy

PsychDesk's foundation lies in empathy, ethics, and excellence. We believe technology should serve people, not exploit their information.

Our data protection approach rests on three guiding values:

• Respect: Your data belongs to you. We only use it with your clear and informed consent.
• Transparency: You will always know what data we collect, why, and how it is used.
• Accountability: We comply with the DPDPA, maintain strict internal controls, and review data practices regularly.

2. Scope of This Policy

This policy applies to:

• All users of PsychDesk (therapists, mental health professionals, organizations).
• All client data entered or managed by users through the platform.
• All visitors accessing the PsychDesk website or web application.

This policy aligns with Section 4–9 of the DPDPA 2023, which outline the rights of Data Principals (users) and obligations of Data Fiduciaries (PsychDesk).

3. Information We Collect

We collect data necessary for smooth platform operations, compliance, and user support.

a. Personal and Professional Information

• Name, email, phone number, and communication details.
• Professional credentials, license numbers, or business registration information.
• Organization/clinic name, GST number, and billing details.
• Payment records for subscriptions and invoices (handled through secure gateways like Razorpay/PayU).

b. Client Information (Therapist-Generated Data)

As a platform for mental health professionals, PsychDesk allows you to record and store client data such as:

• Names, session notes, therapy plans, assessments, or outcome metrics.

Under DPDPA guidelines, you (the therapist) are the Data Fiduciary for your client data. PsychDesk acts as a Data Processor, processing such data solely on your behalf and with your control.

We never access or process client data for analytics, marketing, or external purposes.

c. Technical and System Information

• Device details, IP address, and browser metadata.
• Usage logs, crash reports, and system activity.
• Cookies and session identifiers to personalize experience and improve stability.

This information helps us ensure service continuity, optimize performance, and maintain security integrity.

4. Lawful Basis for Data Processing

In compliance with Section 4 and 7 of the DPDPA 2023, PsychDesk processes personal data based on:

• Consent: You voluntarily share your data and agree to its use for specific purposes.
• Legitimate Use: Data necessary for providing services or fulfilling contractual obligations.
• Legal Obligation: When required under applicable laws (for taxation, KYC, or legal proceedings).

Every use of data is purpose-specific, limited, and proportionate — in line with Section 6 (Purpose Limitation) of the Act.

5. How We Use Your Data

We use your information to:

• Create and manage your account securely.
• Facilitate bookings, billing, and client management.
• Provide customer and technical support.
• Notify you about product updates, security alerts, or service changes.
• Improve platform functionality through anonymized analytics.

We do not use your data for:

• Advertising, behavioral targeting, or resale.
• Unconsented data transfers to third parties.

6. Consent Management (DPDPA Compliance)

In accordance with Section 7 of DPDPA, we ensure all data processing occurs only with your free, informed, specific, and unambiguous consent.

• You can withdraw consent at any time via your account settings or by emailing support@psychdesk.in.
• Consent withdrawal will not affect processing done lawfully before the withdrawal.
• No data will be used beyond the purpose for which consent was originally granted.

7. Data Storage and Security

Your data is securely stored on encrypted servers located in India, following data localization guidelines under the DPDPA.

We employ:

• AES-256 encryption for stored data.
• TLS/SSL encryption for data in transit.
• Role-based access and 2FA for internal accounts.
• Regular security audits and system penetration testing.

All PsychDesk employees and partners are bound by confidentiality agreements and trained in privacy compliance.

8. Data Retention and Deletion

We retain personal data only for as long as necessary to fulfill service, legal, or contractual obligations.

Upon account deletion or inactivity, we will:

• Anonymize your data within 30 days.
• Retain only essential billing or compliance records (as per law).
• Permanently delete all other personal and client-related information upon request.

Users can request data deletion or export under Section 12 of the DPDPA (Right to Erasure and Portability) by contacting us at support@psychdesk.in.

9. Data Sharing and Third-Party Disclosures

We may share limited data with trusted partners only under lawful and contractual safeguards, such as:

• Payment processors (for billing transactions).
• Cloud hosting providers (for secure storage).
• Legal authorities (if required by a valid legal order).

All third parties are vetted for DPDPA compliance and bound by data processing agreements to maintain equivalent security standards.

10. Rights of Users (Data Principals)

Under the Digital Personal Data Protection Act, 2023, you have the following rights:

• Right to Access: Obtain a copy of your personal data stored with us.
• Right to Correction: Request updates or corrections to inaccurate information.
• Right to Erasure: Request deletion of your personal data once it's no longer required.
• Right to Data Portability: Receive your data in a structured, commonly used format.
• Right to Nominate: Nominate another person to exercise your rights in case of incapacity or death.

You can exercise any of these rights by contacting our Data Protection Officer (DPO) at:

📩 privacy@psychdesk.in

11. Grievance Redressal and Data Protection Officer (DPO)

As per Section 10 of DPDPA, PsychDesk has appointed a Data Protection Officer (DPO) to oversee compliance and address grievances related to personal data.

If your concerns are not addressed satisfactorily, you may escalate the matter to the Data Protection Board of India (DPBI).

12. Cookies and Analytical Tools

PsychDesk uses cookies to enhance usability and improve product experience.

Cookies help us:

• Remember preferences (like language or login state).
• Optimize load times and reduce repetition.
• Analyze anonymized usage patterns for improvements.

You can disable cookies in your browser, though certain features may not function optimally.

13. Data of Minors

PsychDesk is built for licensed mental health professionals and is not intended for users under 18. We do not knowingly collect data from minors. If such data is discovered, it will be securely deleted as soon as possible.

14. Updates to This Policy

We may update this Privacy Policy to align with evolving legal or technical requirements. When we make significant changes, we will:

• Update the "Last Updated" date on this page.
• Notify users via email or platform alerts.

Continued use of PsychDesk after such updates will signify your acceptance of the revised terms.

15. Contact Us

We value your feedback and are committed to maintaining open communication.

For any questions, requests, or concerns about this Privacy Policy, please contact: