top of page

Privacy Policy

About this app

You are presented with this privacy notice because have been invited to use the Mind Data platform by your practitioner.

Mind Data supports your therapy journey by sharing information “real time” with your practitioner and maximising use of allocated therapy time. On this platform you can record how you feel and create notes to share with your therapist.

Om Mind Data, you hold the encryption key to your information.

About your data

The purpose of Mind Data for processing your personal information is to digitally enable processes with your practitioner and enhance your therapy experience.

To ensure the best a most effective experience, we process the following items of Personal Data:

  • Names

  • Email address

  • Phone Number (to manage security features)

  • Notes (these are only visible to you)

  • Counsellor(s) name

  • Pin Code

  • Security questions and answers

  • Password/phrase

  • Journal Score

  • Journal entries

  • Reminders

  • IP Address

Mood information logged via the platform (“Create Journal Entry”) will only be shared with your therapist, together with journal’s notes. Private notes will only be visible to you.

Your personal information is not sold to or shared with any unauthorised third party and is hosted and processed within the United Kingdom.

The Data Controller for your information is your therapist and they will retain it for no longer than is required to deliver their services and by regulatory requirements for audit purposes, which includes a period after therapy sessions end.

After this period expires, your information will be anonymised and kept in an anonymous and aggregated format for statistical purpose.

Mind Data, as a Data Controller, only retains and access information in an anonymised and aggregated format to:

  • Learn more about mental health and inform therapeutic processes

  • Improve the platform to cater for therapists and patients’ needs.

  • Deliver better and faster outcomes in the mental health’s domain

Mind Data takes your privacy seriously and we apply adequate technical and organisational security measures to protect your personal data, as required by applicable laws.

To view the full privacy notice, including how to exercise your rights, please visit our website: Privacy notice’s URL

I accept Mind Data privacy notice

  1. About Mind Data

  2. About This Privacy Notice

  3. Changes To Our Privacy Notice

  4. Visiting Mind Data’s website

  5. Start your free trail (as a therapist)

  6. The Mind Data platform

  7. Securing your data

  8. Your rights

  9. California Consumer Privacy Act (CCPA)

  10. Data Transfers

  11. Sharing Personal Data

  12. Contact

About Mind Data

The website and services ( and, are owned and operated by Mind Data LTD (“we”, “our, “us”), a company registered in England (registration number 14023785), at 20-22 Wenlock Road, London, N1 7GU

For the purpose of the Data Protection Act 2018 (“the Act”), and the EU GDPR, we are a Data Processor on behalf of our clients, mental health practitioners offering therapy and counselling services, and in respect of the user data collected and hosted by the Mind Data platform via the Mind Data platform.

We are a Data Controller for the purpose of our business’s ancillary activities, such as sales and marketing, for managing the hosting and development of the platform and for collecting anonymised, aggregated data derived from usage of the Mind Data application for statistical purpose and to improve learning of mental health conditions and enhance therapy services.

Mind Data LTD are registered with UK’s data protection authority, the ICO, under Registration Number ZB411613

About This Privacy Notice

This Privacy Notice outlines how Mind Data, handles personal information to deliver services on behalf of its client and for its business. This includes details of the data being processed, why we collect it, how we use it and how it is protected.

We are providing you with information under the UK General Data Protection Regulation (UK GDPR), EU GDPR, and the UK Data Protection Act 2018.

We take your privacy seriously. Mind Data applies the principle of Data Minimisation and only collect the minimum amount of information about you to be able to provide our clients and their patients with our services.

This Privacy Notice describes the type of processes that may result in data being collected about you.

We use the information provided to your practitioner via the platform (your ‘personal data’) for the purposes described below.

This notice also explains what to do if, for example, you want to make a complaint or ask us for your information.

Changes To Our Privacy Notice

Any changes to our Privacy Notice will be published on this page and will supersede the previous version of our Privacy Notice.

We will take reasonable steps to notify you of any changes to this notice if you have selected to receive emails from Mind Data within your settings.

However, we recommend reviewing this page regularly when visiting

Visiting Mind Data’s website

When visiting this website, we may collect information from you when you contact us, for example to book an appointment, or through cookies.

Information about cookies in use for this site can be found on the cookie banner when you first visit. You have control over which cookies should be used on your device and which ones to block via the visitor’s control panel launched by the banner.

We process cookies information from your device, specifically country, area and time of visit to track traffic to the site, site’s optimisation and performance.

Legal basis for processing this information: Legitimate Interest and / or Consent provided by you via the cookie banner.

Start your free trial (as a therapist)

You sign up for a free trial via our website to learn more about our services.

As part of the process, we collect names, email address, company name, telephone number and elements of your professional profile.

We sell this information. Sharing of this information only occurs on a “need to know” basis if, for example, our technical partners need to investigate a query on your behalf.

Legal basis: Legitimate Interest and (entering steps to) Performance of Contract

The Mind Data platform

Once a therapy service licences our platform, they will invite their patients to sign up for an enhanced experience.

For this scenario we are a Data Processor on behalf of the mental health practitioner and we will process your information by performing a contract with your practitioner or clinic, and through our Legitimate Business Interest.

The Mind Data platform aims to extract the most value from therapy sessions, by providing the practitioner with insight on the time elapsing between session and by dispensing of paper-based notes.

For the purpose of delivering services via our SaaS platform, Mind Data, its hosting, maintenance, support and development, we process the following data on behalf of mental health practitioners:

Mental Health Practitioner:

  • Name

  • Email address

  • Phone Number (for security reasons)

  • Password

  • Security questions and answers

  • Session’s Notes

  • Clients’ names and contact details

  • Invoice amounts and other information relating to the invoicing process

  • Appointments’ time, date and client’s name

  • IP Address

  • Geolocation

Service users:

  • Name

  • Email address

  • Phone Number

  • Counsellor(s) / therapist(s) name

  • Pin Code

  • Security questions and answers

  • Password

  • Journal scores

  • Journal entries

  • Reminders

  • Private notes (only visible to service user)

  • IP Address

The above personal information is not sold to or shared with any unauthorised third party and is processed, including hosting, in the United Kingdom.

Personal Data will be retained for no longer than is necessary for the purpose for which is processed, which includes a period after the delivery of therapy services to allow for audits and to assess the effectiveness of our services and as required by our contract with your practitioner or clinic;after this period expires, your information will be anonymised , so it ceases to identify you, and kept in an anonymous and aggregated format for statistical purpose.

Our clients determine the retention periods in accordance with their clinical requirements

Mind Data is a Data Controller for the purpose of collecting and processing information derived from the platform in aggregated and anonymised format.

The legal basis for this processing resides with our legitimate business interest.

We also process personal data to support our sales and marketing activities. These data include:

  • Names

  • Contact details

  • Professional designation

In the event you require to exercise the rights afforded to individuals under the EU and UK GDPR over your personal data relating to Mind Data, the request must be submitted to your practitioner and / or clinic. We will assist and support practitioners with addressing data protection queries and complaitns.

For any queries, please see contact details at the end of this policy

Securing your data

Mind Data takes your privacy seriously and applies adequate technical and organisational security measures to protect your personal data, as you would expect. A summary of the measures applied to our platform is found below:

  • Encryption at rest and in transit

  • Access control: access to the application is granted on principles of “least privilege” and “need to know”

  • Full logging of audit trails

  • Pseudonymisation techniques

  • The cloud database and technology tools are accredited via the following certification and audit frameworks:

    • ISO 27001

    • ISO 27017

    • ISO 27018

    • SOC 1

    • SOC 2

    • SOC 3

Your rights

Under the UK and EU GDPR, you are afforded the following rights

  1. The right to be informed

  2. The right of access

  3. The right to rectification

  4. The right to erasure

  5. The right to restrict processing

  6. The right to data portability

  7. The right to object

  8. Rights in relation to automated decision making and profiling.

You can find out more about your rights by visiting the Information Commissioner’s Office website:

California Consumer Privacy Act (CCPA)

The CCPA applies if a business has:

  1. Has annual gross revenues in excess of twenty-five million dollars ($25,000,000), as adjusted pursuant to paragraph (5) of subdivision (a) of Section 1798.185.

2. Alone or in combination, annually buys, receives for the business’s commercial purposes, sells, or shares for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households, or devices.

3. Derives 50 percent or more of its annual revenues from selling consumers’ personal information.

As such, please be aware that CCPA does not currently apply to Mind Data

We actively monitor developments of Data Protection and Data Privacy regulations globally and will update this position should this be required.

We do not share your data with anyone for marketing purpose.

Data Transfers

We do not transfer information submitted via outside the UK.

Sharing Personal Data

We will not disclose your Personal Data to any third party, except with your practitioner who contracted us to provide this service, in accordance with this Privacy Policy.

Our technical partners will only be allowed to access your data if you have reported a specific technical issue which needs investigating. Once the case is resolved, access to personal data will be removed.

We may allow other organisations to process Personal Datawe hold about you in very specific circumstances as described below:

  • If we, or substantially all of our assets, are acquired or are in the process of being acquired by a third party, in which case Personal Data held by us about our customers, will be one of the transferred assets.

  • If we have been legitimately asked to provide information for legal or regulatory purposes or as part of legal proceedings and sharing data is allowed under applicable laws.

  • For the prevention of crime, as may be required by law enforcement agencies and relating to specific requests and cases, with protections in place prescribed by the UK’s Data Protection Act and EU GDPR.

  • We employ companies and individuals to perform functions on our behalf, such as technology partners and service hosting providers. Those parties are bound by strict contractual provisions with us and only have access to Personal Data needed to perform their functions and cannot use it for other purposes. Further, they must process the Personal Data in accordance with this Privacy Policy and as permitted by the Data Protection Act and the EU GDPR.

  • Where you give us Personal Data on behalf of someone else, you confirm that you have provided them with the information set out in this Privacy Policy and that they have not objected to such use of their Personal Data. We reserve the right to verify the legitimacy of this aspect with periodic audits.


For any questions or to exercise your rights, as described in this policy, please email:

If you feel that your complaint has not been dealt in accordance with applicable data protection laws, you may want to contact the UK’s Information Commissioner’s Office on 0303 123 1113

bottom of page