Privacy Policy

Effective Date: June 5, 2025

This Privacy and Data Protection Policy explains how INtouch ("we," "us," "our") collects, uses, stores, and protects your personal data when you use our web application or visit our website at https://intouch.care/ (the "Platform"). We are committed to ensuring the confidentiality, integrity, and lawful handling of your personal information in compliance with the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR").

1. Definitions
  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Processing: Any operation or set of operations performed on personal data, such as collection, storage, use, or erasure.
  • Controller: The natural or legal person determining the purposes and means of processing personal data. For this Platform, the Controller is INtouch. You can reach us at: info@intouch.care.
  • Psychologist: A licensed mental health professional using the Platform to provide services.
  • Client: An individual using the Platform to access psychological tools and journaling features.

2. Types of Personal Data Collected
Psychologists
  • First and last name
  • Email address
  • Password (hashed)
  • Data relating to published assignments and use of therapy tools
Clients
  • First and last name
  • Email address
  • Password (hashed)
  • Diary entries
  • Completed assignments and progress
  • Feedback and visibility settings
Technical Data (All Users)
  • IP address
  • Timestamps and session logs
  • Device and browser information

3. Legal Basis and Purposes of Processing
We process your data for the following purposes and under these legal bases:
  • Performance of a contract: To register and manage accounts, provide platform functionality, and support communication between users.
  • Consent: For optional analytics, behavioral tracking, and feedback tools. Consent may be withdrawn at any time.
  • Legal obligation: Where required for regulatory compliance.
  • Legitimate interests: For platform improvement, fraud prevention, and securing our services, provided such interests do not override your rights.

4. Data Storage and Retention
  • All personal data is stored securely within the European Union.
  • Accounts can be deleted by users at any time, which triggers immediate and irreversible data deletion.
  • Inactive accounts (12+ months) are deleted automatically.
  • Log files and system audit records may be retained for up to 24 months to maintain platform integrity.

5. Use of External Processors
We engage third-party processors to support:
  • Infrastructure and hosting
  • Analytics and performance tracking
  • User feedback collection
Each processor acts under a data processing agreement that ensures GDPR-compliant safeguards. Only the minimum data necessary is shared.

6. Data Security Measures
We implement technical and organizational measures to secure your data:
  • HTTPS encryption
  • Role-based access controls
  • Regular penetration tests and audits
  • Continuous monitoring and logging

7. International Data Transfers
All personal data is processed and stored in the European Union. If international transfers become necessary, we will apply appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

8. Your Rights Under the GDPR
You have the following rights regarding your personal data:
  • Right to access
  • Right to rectification
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to object
  • Right to data portability
  • Right to withdraw consent (where processing is based on consent)
  • Right to lodge a complaint with a supervisory authority
Requests may be sent to info@intouch.care. We will respond within one month.

9. Cookies and Tracking Technologies
We use cookies for core functionality, analytics, and user preference storage. Consent is collected via a granular cookie banner on first visit. You may modify cookie preferences at any time.

10. Data of Minors and Incapacitated Persons
Processing of personal data relating to minors or incapacitated individuals is only lawful with consent from a parent or legal guardian. If we become aware that data has been collected in breach of this condition, the account will be deleted immediately.

11. Data Breach Notification
In the event of a data breach likely to result in a high risk to your rights and freedoms, we will notify affected users and the competent data protection authority without undue delay, as required under Articles 33 and 34 of the GDPR.

12. Updates to This Policy
We reserve the right to update this Privacy Policy periodically. The most recent version is always available at https://intouch.care/privacypolicy. Continued use of the Platform after any update constitutes your acceptance of the new terms.

Contact
For any inquiries about this policy or the handling of your personal data, please contact us at: info@intouch.care.