Privacy Policy
Your privacy and the confidentiality of therapy information is fundamental to our mission. This policy explains how we collect, use, and protect your data.
Synolo ("we," "our," or "us") is committed to protecting the privacy and confidentiality of all users of our digital therapy platform. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our services.
As a platform designed for mental health professionals and their clients, we understand that the information we handle is particularly sensitive. We are committed to maintaining the highest standards of data protection and comply with applicable privacy laws including GDPR and healthcare data protection regulations.
By using Synolo, you agree to the collection and use of information in accordance with this Privacy Policy.
Personal Information
- Name, email address, and contact information
- Professional credentials and licensing information (for therapists)
- Account credentials and authentication data
- Profile information and preferences
Therapeutic Content
- Messages and communications within therapy groups
- Resources and materials shared in groups
- Session notes and progress information (as inputted by therapists)
- Group participation and attendance records
Technical Information
- Device information and browser type
- IP address and location data (for security purposes)
- Usage data and platform interactions
- Log files and system performance data
Service Provision
- Facilitate therapy group sessions and communications
- Enable secure messaging between therapists and clients
- Provide scheduling and reminder services
- Deliver personalized content and resources
Safety and Security
- Monitor for crisis situations and safety concerns
- Detect and prevent inappropriate content
- Maintain platform security and prevent unauthorized access
- Comply with legal obligations and safety reporting requirements
Service Improvement
- Analyze usage patterns to improve platform functionality
- Develop new features and services
- Provide technical support and customer service
- Conduct research to enhance therapeutic outcomes (with explicit consent)
Within Therapy Groups
Information is shared within therapy groups as necessary for therapeutic purposes, including:
- Group messages and communications
- Shared resources and materials
- Attendance and participation information (to group facilitators)
Legal Requirements
We may disclose information when required by law or to protect safety:
- Legal process, court orders, or government requests
- Protection against harm to users or others
- Investigation of potential violations of our Terms of Service
- Compliance with healthcare reporting requirements
Service Providers
We work with trusted service providers who assist with:
- Cloud hosting and data storage
- Payment processing
- Email and communication services
- Technical support and maintenance
All service providers are bound by strict confidentiality agreements and data processing terms.
We implement comprehensive security measures to protect your information:
Technical Safeguards
- AES-256 encryption for data at rest
- TLS 1.3 encryption for data in transit
- Multi-factor authentication
- Regular security audits and penetration testing
Administrative Safeguards
- Role-based access controls
- Employee training and background checks
- Incident response procedures
- Regular policy reviews and updates
Under applicable privacy laws, you have the following rights:
Access and Portability
Request access to your personal data and receive a copy in a portable format.
Correction
Request correction of inaccurate or incomplete personal data.
Deletion
Request deletion of your personal data, subject to legal and therapeutic record-keeping requirements.
Restriction
Request limitation of processing of your personal data in certain circumstances.
Objection
Object to processing of your personal data for certain purposes.
To exercise these rights, please contact us at the information provided in the Contact section below.
We retain personal data for as long as necessary to provide our services and comply with legal obligations:
Account Information
Retained while your account is active and for a reasonable period after account closure.
Therapeutic Records
Retained according to applicable healthcare record-keeping requirements (typically 7-10 years).
Technical Logs
Retained for security and operational purposes, typically 12-24 months.
We primarily store and process data within the European Economic Area (EEA) and United Kingdom. When data is transferred internationally, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions for countries with adequate data protection
- Additional security measures for sensitive therapeutic data
- Regular monitoring of data transfer practices
Our services may be used by minors under the supervision of qualified mental health professionals. We take additional precautions when handling information about minors:
- Parental or guardian consent is required for minors under 16
- Enhanced privacy protections for adolescent therapy groups
- Specialized training for staff handling minor's data
- Compliance with applicable child protection laws
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify users of material changes through:
- Email notification to registered users
- Prominent notice on our platform
- Updated "Last Modified" date at the top of this policy
Your continued use of Synolo after changes become effective constitutes acceptance of the updated Privacy Policy.
If you have questions about this Privacy Policy or our data practices, please contact us:
Data Protection Officer: privacy@pneuma.healthcare
Business Development: l.doran@ulster.ac.uk
Address: Belfast, Northern Ireland, United Kingdom
For EU residents, you also have the right to lodge a complaint with your local data protection authority.