Skip to main content

Privacy Policy

Last updated: 7 days ago

Who We Are

TheraSynced ("Platform", "we", "us") is operated by [Legal Entity Name], a company established in Ireland. The Platform is intended for use by individuals located in Ireland and provides a digital marketplace that enables users to connect with independent therapists.

The Platform provides technical infrastructure only and does not provide healthcare services, therapy, medical advice, diagnosis, or treatment of any kind.

Roles Under GDPR

For the purposes of the General Data Protection Regulation (GDPR):

  • The Platform acts as a Data Controller for account management, subscriptions, platform usage, security, and compliance-related processing.
  • The Platform acts as a Data Processor for in-platform communications on behalf of therapists.
  • Therapists act as independent Data Controllers for any health, therapeutic, or clinical data exchanged with users.
  • The Platform does not determine the purposes or means of any therapeutic or clinical processing carried out by therapists. Nothing in this policy creates a joint controller relationship.

Personal Data We Process

We process the following categories of personal data:

Account Data

Name, email address, password hash, account role (user or therapist).

Subscription & Billing Data

We process the following billing-related data: subscription plan selection, billing interval (monthly or annual), subscription status, invoice history, payment status, and plan change records (upgrades, downgrades, and cancellations).

All payment transactions are processed by Stripe, Inc. ("Stripe"), a PCI DSS Level 1 certified, GDPR-compliant third-party payment processor. When you enter payment details, they are collected directly by Stripe via their secure payment elements. Your full card number, CVV, and sensitive payment credentials are never transmitted to or stored on our servers. We only receive from Stripe a tokenised reference, the last four digits of your card, card brand, expiry date, and transaction status.

Stripe acts as an independent data controller for payment information it collects and processes. Stripe may use this data in accordance with its own privacy policy. For more information, see:

Legal basis: Article 6(1)(b) GDPR – Processing necessary for the performance of a contract (subscription services). Article 6(1)(c) GDPR – Legal obligation (tax and accounting records).

Platform Usage & Security Data

Login timestamps, device and browser metadata, IP address, audit logs, fraud prevention and abuse detection signals.

In-Platform Communications

Messages exchanged between users and therapists via the Platform.

Special Category (Health) Data

In-platform communications may contain special category personal data, including health-related information, where users voluntarily choose to disclose such information.

The Platform processes such data solely as a data processor on behalf of therapists and does not access, analyse, profile, or use message content for therapeutic, diagnostic, or commercial purposes.

Legal basis:

  • Article 9(2)(a) GDPR – Explicit consent
  • Article 6(1)(b) GDPR – Performance of a contract

Consent Mechanics

Before accessing in-platform messaging, users must provide explicit consent to the processing of any health-related data they choose to share. Consent is obtained through a clear affirmative action and is recorded with a timestamp and associated account identifier.

Users may withdraw consent at any time through account settings. Withdrawal disables in-platform messaging but does not affect the lawfulness of processing carried out prior to withdrawal and does not prevent users from engaging with therapists outside the Platform.

Data Retention

  • Account and billing records are retained for up to 7 years in accordance with Irish legal obligations.
  • In-platform communications are retained for 24 months by default, unless a longer period is required for dispute resolution or legal compliance.
  • Platform security and audit logs are retained for up to 24 months.
  • Retention periods are reviewed periodically to ensure data is not kept longer than necessary.

Data Sharing

Personal data may be shared with the following categories of recipients:

  • Therapists – as independent data controllers for health and therapeutic data exchanged during bookings and in-platform communications
  • Stripe, Inc. – for payment processing, subscription management, fraud prevention, and billing operations. Stripe acts as an independent data controller for the payment data it collects (card details, billing address, transaction records). Stripe is PCI DSS Level 1 certified and GDPR-compliant. Data shared with Stripe includes: name, email address, subscription plan, and payment method details entered directly into Stripe's secure payment elements
  • Infrastructure providers – GDPR-compliant service providers for hosting, security, email delivery, and file storage
  • Regulators or authorities – where legally required by Irish or EU law

Personal data is not sold, shared for advertising purposes, or used for behavioural profiling. We do not share your data with any third parties for their own marketing purposes.

International Transfers

Where personal data is processed outside the European Economic Area, appropriate safeguards such as Standard Contractual Clauses are in place.

Your Rights

You have the right to access, rectify, erase, restrict, object to processing, request data portability, withdraw consent, and lodge a complaint with the Irish Data Protection Commission.

Contact

Privacy queries: [privacy@yourdomain.ie]