Mind Heavenly

Privacy Policy

Last updated: November 2025

Your privacy and the confidentiality of your health information are of utmost importance to us. This policy explains how we collect, use, protect, and share your personal information in compliance with the Protection of Personal Information Act (POPIA) and international data protection standards.

1. Information We Collect

Personal Information

We collect information you provide directly to us, including:

  • Identity Information: Full name, ID number, date of birth, gender
  • Contact Information: Email address, phone number, physical address
  • Emergency Contact: Next of kin name, relationship, and contact details
  • Health Information: Medical history, current medications, therapy goals, session notes
  • Payment Information: Billing details (processed securely by our payment providers)

Automatically Collected Information

  • Device information and browser type
  • IP address and location data
  • Usage patterns and interaction with our platform
  • Session logs and timestamps

2. How We Use Your Information

We use your information to:

  • Provide and improve our therapy and wellness services
  • Match you with appropriate mental health professionals
  • Facilitate communication between you and your therapist
  • Process payments and manage your account
  • Send appointment reminders and service updates
  • Respond to your inquiries and provide customer support
  • Ensure the safety and security of our platform
  • Comply with legal obligations and protect our rights
  • Contact your emergency contact in case of a crisis situation

3. Health Information Protection

Special Protection for Health Data: Your mental health information is treated with the highest level of confidentiality. We implement additional safeguards for health-related data in compliance with South African health information protection requirements.

Your therapy session content:

  • Is only accessible to you and your assigned therapist
  • Is encrypted in transit and at rest
  • Is not used for marketing or advertising purposes
  • Is retained according to professional and legal requirements
  • May be disclosed only with your consent or as required by law

4. Information Sharing

We do NOT sell your personal information. We may share your information with:

  • Your Therapist: To provide therapy services
  • Service Providers: Who help us operate our platform (hosting, payment processing)
  • Emergency Contacts: When there is a risk to your safety or the safety of others
  • Legal Authorities: When required by law or court order

Legal Exceptions to Confidentiality

We may be required to disclose information without your consent in the following circumstances:

  • Imminent risk of harm to yourself or others
  • Suspected abuse of a child, elderly person, or dependent adult
  • Court orders or legal process
  • Communicable disease reporting requirements

5. Data Security

We implement comprehensive security measures including:

  • 256-bit SSL/TLS encryption for all data transmission
  • Encrypted storage of sensitive information
  • Multi-factor authentication options
  • Regular security audits and penetration testing
  • Strict access controls and employee training
  • Secure video conferencing infrastructure
  • Regular data backups with encryption

6. Your Rights Under POPIA

As a data subject under the Protection of Personal Information Act, you have the right to:

  • Access: Request a copy of your personal information
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your data (subject to legal retention requirements)
  • Objection: Object to certain processing of your information
  • Data Portability: Request your data in a transferable format
  • Withdraw Consent: Withdraw previously given consent
  • Lodge Complaints: File a complaint with the Information Regulator

To exercise these rights, contact us at privacy@mindheavenly.co.za

7. Data Retention

We retain your information for different periods depending on the type:

  • Account Information: For the duration of your account plus 7 years
  • Therapy Records: Minimum 7 years after last contact (per professional requirements)
  • Payment Records: 7 years for tax and legal compliance
  • AI Conversation Logs: 2 years unless required for safety reasons
  • Technical Logs: 90 days

8. Cookies and Tracking

We use cookies and similar technologies to:

  • Keep you signed in
  • Remember your preferences
  • Analyze how our platform is used
  • Improve our services

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our Services.

9. Children's Privacy

Our Services are not intended for children under 13. For users between 13-17 years old, we require parental or guardian consent before collecting personal information. Parents and guardians can review, modify, or request deletion of their child's information by contacting us.

10. International Data Transfers

Your data is primarily stored on servers in South Africa. If we need to transfer data internationally (for example, to cloud service providers), we ensure appropriate safeguards are in place, including contractual protections that meet POPIA requirements.

11. Third-Party Links

Our platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through our platform. The "Last updated" date at the top of this policy indicates when it was last revised.

13. Contact Us

For privacy-related inquiries or to exercise your rights:

Mind Heavenly - Privacy Office

Email: privacy@mindheavenly.co.za

General Support: support@mindheavenly.co.za

You may also lodge a complaint with the Information Regulator:

Information Regulator South Africa

Website: www.justice.gov.za/inforeg

Email: enquiries@inforegulator.org.za

Back to Onboarding