1. Introduction
Welcome to InnerLift ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mental wellness platform, including our mobile application, website, and all related services (collectively, the "Services").
At InnerLift, we understand that seeking mental health support requires trust. We take our responsibility to protect your sensitive health information seriously and comply with applicable data protection laws in India, including the Information Technology Act 2000 and IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011, Digital Personal Data Protection Act 2023, Mental Healthcare Act 2017, and other applicable Indian data protection and healthcare regulations.
Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please discontinue use of our Services immediately.
2. Information We Collect
2.1 Information You Provide
We collect information when you register an account, book therapy sessions, complete assessments, participate in community engagement, or contact support. This includes:
Personal Information: Your name, email, phone number, date of birth, gender, preferred name, pronouns, language preferences, age, city/state, and billing address. Payment card details are stored securely by our payment processors.
Health Information: Your mental health concerns, treatment history, assessment responses (such as PHQ-9 and GAD-7), therapy session notes, communication with therapists, mood logs, journaling entries, goal tracking, and any medical history or medications you choose to share.
For Mental Health Professionals Only: Consultants, therapists, and psychiatrists must provide proof of government-issued ID for identity verification.
2.2 Automatically Collected Information
When you use our Services, we automatically collect certain technical information, including your device type, operating system, pages visited, features used, time spent on the platform, IP address, general location, and data from cookies and similar technologies (see Section 10 for details).
2.3 Information from Third Parties
We may receive information from third-party services you choose to connect with our platform, including social login services (such as Google and Apple), payment processors (transaction data), and analytics providers (aggregated, anonymized usage data).
Anonymous Therapy: For anonymous services, we collect only minimal information. See Section 5 for details.
3. How We Use Your Information
3.1 Primary Purposes
We use your information to provide, maintain, and improve our Services. This includes facilitating therapy sessions and consultations, matching you with appropriate mental health professionals based on your needs and preferences, personalizing your experience, sending appointment reminders and platform updates, enabling mood tracking and journaling features, and conducting mental health assessments.
3.2 Platform Improvement and Research
We analyze usage patterns to enhance features and user experience, monitor service quality and therapist performance (with appropriate anonymization), conduct aggregated and de-identified research to improve mental health outcomes (you can opt out), and develop new features based on user needs.
3.3 Safety and Security
We use your information to detect and prevent fraud, abuse, and security incidents, ensure the safety and integrity of our platform and community, identify and respond to crisis situations (see Section 12), and verify the credentials of mental health professionals on our platform.
3.4 Legal and Compliance
We process your information to comply with applicable laws, regulations, and legal processes, protect our rights, privacy, safety, or property and that of our users, and resolve disputes and enforce our agreements.
3.5 Marketing and Communication (with your consent)
With your consent, we may send newsletters, wellness content, and promotional offers (opt-out available anytime), request feedback to improve our services, and share mental health resources and educational materials.
5. Anonymous Therapy Services
InnerLift offers anonymous therapy options for users who prefer to maintain their privacy while accessing mental health support. This section explains how we handle information for anonymous services.
5.1 What is Anonymous Therapy?
Anonymous therapy allows you to access mental health support without revealing your full identity. When you choose anonymous therapy, your therapist will not have access to your real name, email address, phone number, or other identifying personal information.
5.2 Information Shared with Your Therapist
For anonymous therapy sessions, we share only minimal information with your therapist: your chosen pseudonym or username, your age (required for appropriate therapy provision), your gender (if you choose to share it), appointment times and session-related details, and your mental health concerns, assessment responses, and session content.
5.3 Information NOT Shared with Your Therapist
For anonymous therapy, we do not share identifying information with your therapist, including your real name, email address, phone number, billing address, payment information, or other personal identifying details.
5.4 Information Collected for Anonymous Sessions
For anonymous therapy, we collect minimal information: a unique anonymous identifier, your chosen pseudonym, age and gender (for therapy purposes), session-related information (appointment times, duration), payment information (processed separately and not linked to session data), and conversation content (encrypted and accessible only during active sessions).
5.5 Limitations of Anonymous Services
Please note the following limitations: anonymous sessions may have limited crisis intervention capabilities, long-term therapeutic relationships may be more challenging to establish, medical records and insurance claims cannot be provided, and some advanced features (progress tracking, provider continuity) may not be available.
5.6 When Anonymity May Be Breached
In rare situations, we may need to breach anonymity to prevent imminent harm or comply with legal obligations (see Section 12 on Crisis Situations).
6. Community Engagement
6.1 Public Community Information
InnerLift offers public community engagement features where users can interact, share experiences, and receive support from peers and verified mental health professionals. All information you share in these community spaces is publicly visible to all users. Your real name is not visible in the community - only your chosen user handle or pseudonym is displayed.
6.2 What Information is Shared in Community Spaces
In community discussions, you can choose a username or pseudonym (your real name is not required), your profile picture is not shared (remains private), any posts and comments you publish are visible, along with your reactions and likes, and your join date on the platform. Verified mental health professionals will display a blue verified badge next to their name.
6.3 Content Moderation
To maintain a safe and supportive community, we use a combination of automated tools and human moderators to review community content, including reviewing posts for policy violations, detecting and removing harmful or inappropriate content, identifying potential crisis situations, and enforcing community guidelines.
6.4 Your Control Over Community Information
You can edit or delete your posts at any time, choose to make your profile private, block or report users who violate community guidelines, and leave community groups at any time.
6.5 Community Post Deletion When Account is Deleted
When you delete your account, all your community posts and their content will be permanently deleted. Comments and replies from other users on your deleted posts will remain visible in the community, but will show the original post as "deleted by user." Your comments on others' posts will be anonymized (author shown as "Anonymous").
Important: Before deleting your account, consider that other users' comments on your posts will remain visible (orphaned) even after your post content is deleted.
6.6 Privacy Recommendations
Recommendation: Please be mindful about sharing personal or sensitive health information in public community spaces. Once posted, information may be viewed, copied, or shared by others.
7. Data Security
We implement comprehensive technical, administrative, and physical security measures to protect your information from unauthorized access, use, disclosure, or destruction.
7.1 Technical Security Measures
We protect your data with encryption in transit (TLS 1.3) and at rest (AES-256), secure video therapy sessions using Google Meet's encryption standards, multi-factor authentication (MFA) for user accounts, regular third-party security audits and penetration testing, real-time monitoring for security threats, and security-focused code reviews and testing practices.
7.2 Administrative Security Measures
We maintain strict role-based access controls limiting who can access your data, provide regular security and privacy training for all staff, conduct background verification for employees with access to sensitive data, require all employees and contractors to sign confidentiality agreements, and have documented procedures for responding to security incidents.
7.3 Compliance Standards
Our security measures align with ISO 27001 information security management standards, Information Technology Act 2000 and SPDI Rules 2011 for Indian data protection, and Digital Personal Data Protection Act 2023 requirements.
7.4 Your Role in Security
You can help protect your information by using a strong, unique password for your account, enabling multi-factor authentication, not sharing your login credentials, logging out after each session on shared devices, keeping your contact information up to date, and reporting suspicious activity immediately.
7.5 Limitations
While we implement industry-leading security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your information using reasonable and appropriate measures.
8. Data Retention and Deletion
8.1 How Long We Keep Your Information
We retain your information for different periods depending on the type of data:
Account Information: Retained while your account is active and deleted immediately upon account deletion with no recovery period. Deletion is permanent and irreversible.
Health and Session Information: Therapy session notes, health records, and assessment responses are retained while your account is active and deleted immediately upon account deletion.
Payment Information: Transaction records are deleted immediately upon account deletion. Payment method details are stored by payment processors, not by InnerLift. No payment history is retained after account deletion.
Communications: Customer support messages and in-app messaging are retained while your account is active and deleted upon account deletion.
Usage and Technical Data: Log files and usage data are retained for 12-24 months for security and analytics purposes. Analytics data is retained in aggregated, anonymized form indefinitely (cannot identify individuals).
8.2 What Happens When You Delete Your Account
Immediately Deleted: When you delete your account, you will be immediately logged out and unable to access your account. Your name, profile picture, email address, phone number, and contact details will be permanently deleted. All therapy session notes, assessment responses, and health information will be permanently deleted. All upcoming therapy sessions and appointments will be automatically cancelled. All payment and transaction records will be permanently deleted. All your community posts and their content will be permanently deleted, and comments from other users on your posts will remain but show as "deleted by user."
Deletion Process: Account deletion is processed immediately upon your request. There is no 30-day grace period or recovery option. Deletion is permanent and irreversible. Once deleted, we cannot restore your account or data.
Retained for Legal/Regulatory Compliance (Limited Exceptions): Information related to ongoing disputes, investigations, or legal proceedings will be retained until resolved. Aggregated, anonymized security and access logs may be retained for audit purposes (cannot identify individuals).
8.3 Account Deletion with Active Bookings
If you have upcoming therapy sessions or pending transactions when you delete your account, all future appointments will be automatically cancelled, therapists will be notified of the cancellation, no refunds will be issued for cancelled sessions or subscription packages, and ongoing payment transactions will be cancelled where technically possible.
Recommendation: Before deleting your account, consider completing or cancelling your active bookings to avoid forfeiting paid services. Once your account is deleted, refunds are not available.
8.4 How to Delete Your Account
In the mobile app, go to the "Account" section, scroll to the bottom, and you will see the "Delete Account" option in red. Tap this option to delete your account.
Once you confirm account deletion, your data will be permanently deleted immediately. This action cannot be undone.
You can also request data deletion by emailing us at support@clarivent.com.
9. Your Privacy Rights
Under Indian data protection laws, including the Information Technology Act, 2000, SPDI Rules, 2011, and the Digital Personal Data Protection Act, 2023, you have important rights regarding your personal information.
9.1 Access and Portability
You have the right to access and receive a copy of your personal data we hold, receive your data in a structured, commonly used format (e.g., JSON, CSV), and learn how we collect, use, and share your information.
9.2 Correction and Update
You have the right to request correction of inaccurate or incomplete information and update your profile and account information at any time through Edit Profile in your account settings.
9.3 Deletion and Erasure
You have the right to request deletion of your personal data - deletion is immediate and permanent. Account deletion is immediate with no 30-day grace period or recovery option. If you have active bookings, they will be cancelled without refund (see Section 8.3). For detailed information about what happens when you delete your account, see Section 8.2.
9.4 Consent Management
You can withdraw consent for data processing where consent is the legal basis, unsubscribe from marketing communications at any time, and manage cookie settings through your browser or our cookie banner.
9.5 Grievance and Redressal
Under the Information Technology Act, 2000, and Digital Personal Data Protection Act, 2023, you have the right to file a grievance if you believe we have violated your privacy rights.
9.6 How to Exercise Your Rights
To exercise any of these rights, contact our support team at support@clarivent.com. We will respond to your request within 30 days. For complex requests, we may extend this period to 45 days and will notify you of any delays.
9.7 Verification
To protect your privacy, we will verify your identity before processing requests to access, modify, or delete your information.
9.8 No Discrimination
We will not discriminate against you for exercising your privacy rights. You will not receive different service levels or pricing for exercising these rights.
10. Cookies and Tracking Technologies
10.1 What Are Cookies?
Cookies are small text files stored on your device that help us provide and improve our Services.
10.2 Types of Cookies We Use
Essential Cookies: Required for the platform to function, including session management and authentication, security and fraud prevention, and load balancing and performance.
Analytics Cookies: Help us understand how you use our Services, including usage patterns and feature adoption, performance monitoring, and error tracking and debugging.
Preference Cookies: Remember your settings and preferences, including language and region preferences, display settings and customization, and consent preferences.
Marketing Cookies (with consent): Used for advertising and marketing, including tracking ad campaign effectiveness, personalized content recommendations, and retargeting (where permitted).
10.3 Third-Party Cookies
We may use third-party services that set cookies, including Google Analytics (for usage analysis), payment processors (for transaction processing), and social media plugins (if you interact with them).
10.4 Managing Cookies
You can control cookies through your browser settings (most browsers allow you to refuse cookies), our cookie preference center (available on first visit), and opt-out links provided by third-party services. Note: Disabling certain cookies may affect the functionality of our Services.
10.5 Other Tracking Technologies
We also use web beacons (small graphics to track email opens and engagement), local storage (browser storage for app functionality), and SDKs (software development kits for mobile app analytics).
10.6 Do Not Track
We currently do not respond to "Do Not Track" browser signals, but we provide other privacy controls as described in this policy.
11. Third-Party Services and Links
11.1 Third-Party Service Providers
We use carefully vetted third-party services to operate our platform, including Microsoft Azure and AWS (cloud infrastructure), CDN providers (content delivery), Razorpay (payment gateway with its own privacy policy), SendGrid and Twilio (email and SMS), Firebase Cloud Messaging (push notifications), Google Meet (video therapy sessions), Google Analytics (usage analytics), and Crashlytics (error tracking).
11.2 Data Processing Agreements
All third-party service providers are bound by data processing agreements that require them to process data only as instructed by InnerLift, implement appropriate security measures, not use your data for their own purposes, comply with applicable data protection laws including Indian regulations, and store data in India or ensure adequate safeguards for any international transfers.
11.3 Third-Party Links
Our Services may contain links to third-party websites, resources, or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.
11.4 Social Media Integration
If you choose to connect your social media accounts or share content on social platforms, please be aware that these platforms have their own privacy policies and practices.
12. Crisis Situations and Mandatory Reporting
If you are in crisis or experiencing thoughts of self-harm, please call emergency services immediately:
India Emergency Services: 112 (Emergency)
12.1 When Confidentiality May Be Limited
While we respect your privacy, there are situations where mental health professionals and InnerLift may need to breach confidentiality to prevent serious harm, including imminent risk of suicide or self-harm, inability to ensure your safety, threats to harm another person, credible risk of violence, suspected child abuse or neglect (mandatory reporting under Indian law), elder abuse or abuse of vulnerable adults, and valid court orders requiring disclosure of information.
12.2 Our Response to Crisis Situations
When a crisis situation is identified, we will attempt to contact you immediately through available means, may contact emergency contacts you've provided (if applicable), may contact emergency services if we believe there is imminent danger, will document the situation and our response, and for anonymous users, we may need to identify you to provide emergency assistance.
12.3 Crisis Detection
Our platform may use automated systems to detect potential crisis situations in user communications. These systems are designed to alert our safety team for human review.
12.4 Limitations of Online Services
Important: InnerLift is not an emergency service. If you are experiencing a medical or mental health emergency, please call emergency services at 112 immediately. Our therapists and platform cannot provide immediate emergency intervention.
13. Children's Privacy
13.1 Age Restrictions
InnerLift's Services are intended for individuals 18 years and older. Users must be 18+ to create an account and use our platform.
13.2 Services for Teens (Ages 16-17) with Parental Consent
We provide mental health support to teens aged 16-17 when booked by a parent or legal guardian. When booking counseling in the "Teens" category, the parent or guardian must accept terms confirming they are the legal parent or guardian, the teen is aged 16-17, and they provide consent for mental health services. Therapy sessions are confidential between the teen and therapist. Parents are notified only in crisis or emergency situations as required by law and professional ethics.
13.3 If We Learn We Have Collected Children's Data
If we become aware that we have inadvertently collected personal information from anyone under 18 without proper parental consent, we will take steps to delete that information as soon as possible.
13.4 Parental Rights
Parents and guardians booking services for teens aged 16-17 have the right to review billing and appointment information, request account deletion, and refuse further services. Session content and therapy notes remain confidential between the teen and therapist, except in crisis situations where parents will be notified as required by law.
14. Changes to This Privacy Policy
14.1 Updates
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
14.2 Notification of Changes
When we make material changes to this Privacy Policy, we will update the "Last Updated" date at the top of this policy, increment the version number, notify you through the app, email, or a prominent notice on our website, and for significant changes, we may request your renewed consent.
14.3 Review
We encourage you to review this Privacy Policy periodically. Your continued use of our Services after changes are posted constitutes acceptance of the updated Privacy Policy.
14.4 Version History
Previous versions of this Privacy Policy are available upon request.
15. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at support@clarivent.com.
For privacy rights requests (access, deletion, correction, etc.), grievance redressal, security issues, or any other privacy-related inquiries, please email us at support@clarivent.com. We will respond to all inquiries within 30 days. For complex requests, we may require additional time (up to 45 days) and will keep you informed of our progress.
Thank you for trusting InnerLift with your mental wellness journey. Your privacy and wellbeing are our highest priorities.