Privacy Policy

The controller of your personal data is USFU Platform (masanovets@gmail.com). We process your data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection legislation.

This Policy describes what data we collect, how we use it, and what rights you have regarding your data.

We collect the following categories of personal data: identification data (name, email address); technical data (IP address, browser type, cookie data, access logs); profile data (for therapists: photo, biography, education documents, pricing, work formats); interaction data (session bookings, reviews, messages).

We do not collect or process special categories of data (medical data, health data) — the content of therapeutic sessions remains confidential between the client and the therapist.

Your data is processed for the following purposes: providing platform functionality (registration, bookings, profiles); verifying therapist qualifications; platform security and fraud prevention; sending transactional notifications (booking confirmations, verification notices); usage analytics to improve the service.

We do not use your data for third-party targeted advertising without your explicit consent.

Processing of your data is carried out on the following legal bases: performance of a contract (Art. 6(1)(b) GDPR) — for providing platform services; legitimate interest (Art. 6(1)(f) GDPR) — for platform security and service improvement; consent (Art. 6(1)(a) GDPR) — for analytics cookies and marketing communications.

You may withdraw your consent at any time without affecting the lawfulness of processing prior to withdrawal.

We transfer data only to a limited set of data processors: Supabase Inc. (database storage and authentication, EU-region servers); Vercel Inc. (hosting and CDN); Resend (transactional email); Cloudflare (Turnstile bot protection during registration).

All of the above parties act solely as data processors under appropriate Data Processing Agreements (DPAs) and have no right to use your data for their own purposes.

Your personal data is stored for the duration of your account and for 12 months after deletion (soft-delete) — for the purpose of resolving possible disputes. After this period, data is anonymised or deleted.

Database backups are retained for 30 days. Access logs for 90 days. If you request deletion of your data, we will carry it out subject to technical capabilities and legal minimum retention requirements.

Under GDPR you have the following rights: right of access to your data (Art. 15); right to rectification of inaccurate data (Art. 16); right to erasure ('right to be forgotten', Art. 17); right to restriction of processing (Art. 18); right to data portability (Art. 20); right to object to processing (Art. 21).

To exercise any of these rights, contact masanovets@gmail.com. We will respond within 30 calendar days. Requests for deletion or export of data can also be submitted directly in the Account Settings section.

We use the following categories of cookies: necessary cookies — for authentication and session functionality (cannot be disabled without losing functionality); analytics cookies — for understanding how users interact with the platform (activated only with your consent).

You can manage cookie settings via the banner on first visit or through your browser settings. A detailed list of cookies will be published in Phase 9.

We may update this Privacy Policy. For material changes we will notify you by email or via a platform notification. The date of the last update is shown at the top of the document.

We recommend reviewing this Policy periodically to stay informed about how we protect your data.

For privacy enquiries contact: masanovets@gmail.com. We aim to respond within 5 business days, and to data subject requests within 30 calendar days.

If you believe your rights have been violated, you have the right to lodge a complaint with the relevant data protection supervisory authority in your country.