Skip to main content

Privacy Policy

Last updated: 7 days ago

Who We Are

TheraSynced ("Platform", "we", "us") is operated by [Legal Entity Name], a company established in Ireland. The Platform is intended for use by individuals located in Ireland and provides a digital marketplace that enables users to connect with independent therapists.

The Platform provides technical infrastructure only and does not provide healthcare services, therapy, medical advice, diagnosis, or treatment of any kind.

Roles Under GDPR

For the purposes of the General Data Protection Regulation (GDPR):

  • The Platform acts as a Data Controller for account management, subscriptions, platform usage, security, and compliance-related processing.
  • The Platform acts as a Data Processor for in-platform communications on behalf of therapists.
  • Therapists act as independent Data Controllers for any health, therapeutic, or clinical data exchanged with users.
  • The Platform does not determine the purposes or means of any therapeutic or clinical processing carried out by therapists. Nothing in this policy creates a joint controller relationship.

Personal Data We Process

We process the following categories of personal data:

Account Data

Name, email address, password hash, account role (user or therapist).

Subscription & Billing Data

Subscription plan, invoices, payment status. Payments are processed by third-party providers; no card details are stored by us.

Platform Usage & Security Data

Login timestamps, device and browser metadata, IP address, audit logs, fraud prevention and abuse detection signals.

In-Platform Communications

Messages exchanged between users and therapists via the Platform.

Special Category (Health) Data

In-platform communications may contain special category personal data, including health-related information, where users voluntarily choose to disclose such information.

The Platform processes such data solely as a data processor on behalf of therapists and does not access, analyse, profile, or use message content for therapeutic, diagnostic, or commercial purposes.

Legal basis:

  • Article 9(2)(a) GDPR – Explicit consent
  • Article 6(1)(b) GDPR – Performance of a contract

Consent Mechanics

Before accessing in-platform messaging, users must provide explicit consent to the processing of any health-related data they choose to share. Consent is obtained through a clear affirmative action and is recorded with a timestamp and associated account identifier.

Users may withdraw consent at any time through account settings. Withdrawal disables in-platform messaging but does not affect the lawfulness of processing carried out prior to withdrawal and does not prevent users from engaging with therapists outside the Platform.

Data Retention

  • Account and billing records are retained for up to 7 years in accordance with Irish legal obligations.
  • In-platform communications are retained for 24 months by default, unless a longer period is required for dispute resolution or legal compliance.
  • Platform security and audit logs are retained for up to 24 months.
  • Retention periods are reviewed periodically to ensure data is not kept longer than necessary.

Data Sharing

Personal data may be shared with:

  • Therapists (as independent data controllers)
  • GDPR-compliant service providers (hosting, security, analytics, payments)
  • Regulators or authorities where legally required

Personal data is not sold, shared for advertising purposes, or used for behavioural profiling.

International Transfers

Where personal data is processed outside the European Economic Area, appropriate safeguards such as Standard Contractual Clauses are in place.

Your Rights

You have the right to access, rectify, erase, restrict, object to processing, request data portability, withdraw consent, and lodge a complaint with the Irish Data Protection Commission.

Contact

Privacy queries: [privacy@yourdomain.ie]