PRIVACY POLICY

1. Introduction

This Privacy Policy (“Policy”) describes how Humann (“Humann”, “we”, “our” or “us”) collects, uses, shares, and protects personal information of individuals using our mental health platform. We are committed to safeguarding the privacy of both users seeking mental health services (“Users”) and therapists providing services (“Therapists”) on the Humann platform. This Policy is designed to inform you about your privacy rights and how we comply with applicable Indian laws, including the Digital Personal Data Protection Act, 2023 (“DPDP Act”).

Humann is a mental health platform that connects Users with licensed Therapists for online therapy sessions. Our services include a mobile/web application and related tools that allow Users to create accounts, fill out mental health questionnaires, track their mood over time, book therapy sessions, and communicate with Therapists. Therapists can register, undergo verification, list their services, and conduct sessions with Users through the platform. Important: Humann is not an emergency or crisis mental health service. If you are in crisis or need immediate assistance, please contact local emergency services or suicide prevention helplines. Humann’s platform is intended for scheduled counseling and support, not for real-time crisis intervention.

This Policy applies to all personal data processed by Humann, including data provided by Users and Therapists who use our platform, as well as any visitors to our website or application. By using Humann’s services (whether as a User or a Therapist), you acknowledge that you have read and understood this Privacy Policy and agree to be bound by it. This Policy applies to all features and services offered by Humann and covers our data processing activities in India. We have structured this Policy to address both Users and Therapists collectively; any specific differences in how we handle data for Users vs. Therapists will be noted. Both Users and Therapists are collectively referred to as “you” where appropriate.

2. Definitions

For the purposes of this Privacy Policy, the following definitions apply:

  • Personal Data: Any information that relates to an identified or identifiable individual. This includes information that can directly identify you (e.g., name, contact details) or can indirectly identify you when combined with other information (e.g., demographic details, identification numbers). Personal Data encompasses both general personal information and more sensitive information such as health or financial details.
  • Sensitive Personal Data: Personal data that is deemed sensitive due to its nature. For example, information related to mental or physical health, medical records, biometric identifiers, financial information (bank details, payment instrument details), official identifiers (government-issued ID numbers like Aadhar or PAN), and sexual orientation are considered sensitive. On the Humann platform, any data about your mental health condition, therapy session notes, mood tracker entries, and identification documents would fall under Sensitive Personal Data. We treat such data with extra care and protection. (Note: The DPDP Act, 2023 does not explicitly categorize “sensitive personal data” separately; however, Humann recognizes the sensitive nature of mental health and medical information and applies stringent privacy safeguards to it.)
  • Data Fiduciary: Under the DPDP Act, a “Data Fiduciary” is any person (including a company) who alone or in conjunction with others determines the purpose and means of processing personal data. In this context, Humann acts as a Data Fiduciary for the personal data you provide. We decide how and why your personal data is processed in order to deliver our services.
  • Data Principal: The individual to whom the personal data relates. In this Policy, Users and Therapists are the Data Principals for their respective personal data. You are the Data Principal for the data you provide to us or that we collect about you. The term “you” in this Policy generally refers to you as a Data Principal (whether User or Therapist).
  • Data Processor: Any third party that processes personal data on behalf of a Data Fiduciary. These are service providers that Humann may use to assist in our operations (for example, cloud hosting services, payment gateways, or analytics providers). Data Processors act on our instructions and are contractually obligated to protect personal data and use it only for the purposes we specify.
  • Consent: Any freely given, specific, informed, and unambiguous indication of the Data Principal’s wishes by which they agree to the processing of their personal data. By creating an account or otherwise using Humann, you provide consent to Humann for processing your personal data as outlined in this Policy. Humann’s consent mechanism is designed in accordance with the DPDP Act – meaning you will be presented with clear notices about data collection and have to affirmatively agree (for example, by clicking “I agree”) before we collect or use your data. You have the right to withdraw your consent later, as described in this Policy.
  • Platform: Refers to Humann’s website, mobile applications, and any other digital interface through which Humann offers its services.
  • Services: All functionalities and offerings provided by Humann via the Platform, including but not limited to user account creation, onboarding questionnaires, mood tracking, therapist matchmaking, scheduling and conducting therapy sessions (including text, audio or video sessions), payment processing, and customer support.
  • Therapist: A mental health professional (such as a psychologist, counselor, therapist, etc.) who has registered on the Humann Platform to offer therapy or counseling services to Users. Therapists using Humann are independent professionals but are required to abide by this Privacy Policy and Humann’s terms regarding user data privacy and confidentiality.
  • User: An individual who uses Humann to seek or receive mental health services from a Therapist. This includes clients/patients who register an account, fill in personal information and questionnaires, use the mood tracker, book sessions, or otherwise engage with Therapists through the Platform.
  • Child: For purposes of this Policy and in alignment with Indian law (the DPDP Act), a “Child” is any individual under the age of 18 years. Humann’s services are not intended for use by children under 18. We do not knowingly collect or process personal data of anyone under 18. (See Section 10 on Children’s Privacy.)
  • Cookies: Small text files placed on your device when you visit our website or app, which collect and store information about your usage. They are used to remember your preferences or track usage for analytics. (See Section 9 on Cookies and Tracking Technologies for details on how we use cookies.)
  • Digital Personal Data Protection Act, 2023 (DPDP Act): India’s data protection law that governs the processing of digital personal data. This Policy is intended to comply with the requirements of the DPDP Act. Under the DPDP Act, Humann is a Data Fiduciary and you are a Data Principal. The law outlines various rights of Data Principals and obligations of Data Fiduciaries, which are reflected in this Policy.
  • Grievance Officer / Data Protection Officer (DPO): An individual appointed by Humann to address users’ complaints and queries regarding personal data processing. (See Section 12 for Grievance Redressal.) Under Indian regulations, we provide contact details of a Grievance Officer to handle privacy-related concerns. If Humann is required to appoint a formal Data Protection Officer under the DPDP Act (for example, if classified as a Significant Data Fiduciary in the future), we will update this Policy with their contact information.

Any capitalized terms used in this Policy that are not defined here shall have the meaning assigned to them under the applicable law or in Humann’s Terms of Service.

3. Legal Basis for Processing Personal Data

Humann only processes your personal data when we have a lawful basis to do so. Our processing of personal data of Users and Therapists is justified under one or more of the following legal bases:

  • Consent (Primary Basis): In most cases, we rely on your consent to collect and use your personal data. When you sign up for Humann as a User or a Therapist, you explicitly agree to the collection and processing of your information as per this Privacy Policy. For example, we ask for your consent to collect health-related information in the onboarding questionnaire or to use your contact details for sending you updates. Consent under the DPDP Act must be free, specific, informed, and provided through a clear affirmative action – Humann ensures that you are presented with the necessary information and give consent by an opt-in action (such as checking a box or clicking “agree”). You have the right to withdraw your consent at any time (see Section 8 on Data Subject Rights). If you withdraw consent, we will stop processing your data for the specific purposes you originally agreed to, unless another legal basis applies.
  • Performance of a Contract / Service Provision: In many instances, processing your data is necessary to provide the services you request – which can be seen as processing under a “deemed consent” or legitimate use scenario under the DPDP Act. For example, when you voluntarily provide personal data in order to use the platform (such as filling out your profile and questionnaire to get matched with a Therapist, or a Therapist providing their qualifications to get onboarded), it is understood that we will use that data to deliver the requested service. This constitutes a lawful basis as the processing is directly related to the service or contract you enter with us by using Humann. In DPDP Act terms, because you have voluntarily provided your data for a specific purpose, we are deemed to have your consent to use it for that purpose.
  • Legal Obligation: We may process and disclose personal data if required to comply with applicable laws, regulations, legal processes, or governmental requests. For instance, Indian law might require us to retain certain transaction records for tax or regulatory compliance, or to respond to lawful requests from law enforcement authorities. In such cases, the DPDP Act permits processing without explicit consent, as it falls under “legitimate uses” (e.g., fulfilling a legal obligation or compliance with court orders).
  • Vital Interests and Emergency Situations: In rare situations, we may process or share personal data to protect an individual’s life, health, or safety. For example, if a User is in a session and indicates an intention to self-harm or harm others, and if we had relevant personal data that could help prevent harm, we or the Therapist may use or disclose information as necessary to contact emergency services or the person’s emergency contact (if available). The DPDP Act recognizes “medical emergency or threat to life or public health” as a legitimate ground for processing without consent. Important: While Humann itself does not collect emergency contact information at this time (see Section 5 and 6 regarding emergency disclosures), we want Users and Therapists to be aware that ethical or legal duties may override privacy in life-threatening situations.
  • Other Legitimate Uses Permitted by Law: The DPDP Act outlines certain “legitimate uses” where personal data can be processed without fresh consent, such as when data is publicly available or when processing is necessary for certain government functions. Humann generally does not rely on these specific clauses for regular operations. We do not collect data from public sources, and we are a private service. If ever we were to process personal data under a legitimate use scenario not covered above, we will ensure it is permissible under the DPDP Act and will update you or seek consent as required.
  • Parental Consent (for Minors): Humann’s policy is to not allow minors under 18 to use our services, so we do not knowingly process children’s data (see Section 10). In the event a minor’s data is ever processed (for example, if a minor’s parent uses the platform on their behalf inadvertently or a minor misrepresents their age), we will require parental consent as mandated by law or delete such data upon discovery.

4. Types of Data Collected

Humann collects various categories of personal data from both Users and Therapists. We strive to collect only what is necessary for the purposes described in this Policy. Below we outline the types of data we collect:

4.1 Data Collected from Users (Clients)

When you sign up and use Humann as a User seeking therapy, we may collect the following types of information:

  • Account Registration Data: When you create a User account, we collect your basic contact and identification details such as your full name, email address, and/or mobile phone number. You will also create login credentials (such as a password) or you may choose to sign up via third-party login (e.g., Google or Apple – see below). We collect your age or date of birth to ensure you are an adult (18+). We may also record your gender or pronouns if you provide them.
  • Profile and Onboarding Questionnaire Data: As part of onboarding to Humann’s therapy services, we ask you to fill out a questionnaire to help us match you with a suitable Therapist and personalize your experience. This questionnaire may include personal and sensitive information such as:
    • Location (city or region) – to match you with available Therapists or for assigning one in your time zone/region.
    • Relationship status and work status (e.g., single/married, employed/student etc.) – to give context that might aid therapy.
    • Preferences for therapy, such as preferred therapist’s gender, preferred language for therapy, and whether you seek individual or couple therapy sessions.
    • Prior therapy experience (yes/no or brief details if you’ve undergone therapy before).
    • The issues or concerns that bring you to therapy (you may select from multiple-choice options like anxiety, addiction, family issues, depression, etc., or describe your issues).
    • Your specific goals for therapy (e.g., “reduce anxiety”, “improve self-confidence”, etc., selectable from options).
    • Symptoms or feelings you are currently experiencing (multiple-choice or descriptive, such as trouble sleeping, panic attacks, low mood, etc.).
    • Important: Some of this information about your mental health and personal life is sensitive. Humann does not store certain sensitive responses indefinitely. For instance, the detailed answers you provide in the matching questionnaire (issues, goals, symptoms) might be used to find a suitable Therapist match, but these particular responses are not stored in a way that Humann administrators can read or identify back to you (they may be transiently processed for matching and then disassociated from your identity for privacy). We only retain the fact that you completed the questionnaire and any summary needed for matching, unless you choose to share the full details with your Therapist (see Section 6 on Data Sharing).
  • Mood Tracker Entries: Humann may provide a mood tracking feature where you can log your mood or emotions on a regular basis (daily, weekly, etc.). If you use the mood tracker, we collect the data you input, such as your mood level, feelings, notes or journal entries about your day, and timestamps of entries. These mood tracker inputs are considered sensitive personal data as they relate to your mental health state. This data is primarily for your own reflection and for you to potentially discuss with your Therapist. By default, mood tracker data is private to you; Humann will not share your individual mood entries with any third party (including your Therapist) without your consent. However, we may internally aggregate and anonymize mood tracking data to observe general trends or improve our services (e.g., understanding how users engage with the feature).
  • Therapy Session Details: We maintain records of your therapy sessions booked through Humann. This includes scheduling and attendance information such as: the date and time of each session, the duration, the Therapist’s name, the type of session (e.g., individual or couples therapy), and whether the session was completed or if there was a cancellation/no-show. If sessions are conducted via our platform (video or voice calls through integrated services, or text-based chat), we do not record or store the content of those sessions (no call recordings or chat transcripts are stored on our servers). Only high-level metadata (as described above) is stored for billing, service history, and support purposes.
  • Payment and Transaction Data: When you make payments for sessions or services on Humann, you may need to provide payment details. Humann integrates with third-party payment gateways (e.g., credit/debit card processors, UPI, e-wallets) so that you can pay securely. We ourselves do not collect or store your full financial information like card numbers or UPI IDs on our servers. Those are collected directly by the payment processor (such as Razorpay) on their secure payment pages. We may receive from the payment processor a confirmation of payment, a transaction ID, the amount paid, date/time, and the type of payment method (e.g., which bank or wallet, not the full details). We will also record partial information such as the last four digits of a card or a masked email/phone associated with a UPI payment, for reference and troubleshooting, but not sensitive payment data. If you require an invoice or receipt, we generate records of payment which include your name and service details.
  • Communications with Humann: If you contact our support or communicate with us (via email, chat, or phone), we will collect the information you choose to provide during those interactions. This could include your contact details, the content of your communications (such as questions about the service or technical issues), and any follow-up action we take. These communications are logged for customer service purposes.
  • Automatically Collected Data (Users): When you use the Humann app or website, we automatically collect some technical information:
    • Device information (e.g., device type, operating system, app version, unique device identifiers or advertising IDs if applicable).
    • Browser information (if using web): browser type and version, operating system, and your device’s Internet Protocol (IP) address.
    • Log data: timestamps of logins, actions taken on the app (such as pages viewed or buttons clicked), errors or crash reports, and referral URLs (if you came via an external link).
    • Approximate location data based on IP (we do not track precise GPS location unless you explicitly provide an address or location in your profile).
    • Cookies or similar tracking technologies (discussed in Section 9) may gather usage analytics such as how you navigate through our platform. For example, we use Mixpanel and Hotjar to observe user interactions in aggregate; these tools might collect events like “opened mood tracker” or “completed questionnaire” along with non-identifying device IDs or cookies to distinguish unique users.
    • This automatically collected data helps us secure the account (e.g., detecting suspicious login attempts), fix bugs, and improve our interface. It generally does not include direct personal identifiers except IP address or device ID, which may be considered personal data in some cases.
  • Third-Party Login Data: If you choose to register or log in via third-party Single Sign-On (SSO) providers like Google or Apple, we will receive from them certain information to identify you. This typically includes your name, email address, and possibly a profile photo from your Google/Apple account. We will use this information to create/authorize your Humann account. Humann will handle this data per this Policy. Note that authentication through third parties is optional, and those providers might collect their own data about your login (see Section 8 and 6 for third-party processing details).

4.2 Data Collected from Therapists

If you are a Therapist registering to offer services on Humann, we collect a range of information to verify your credentials, set up your profile, and facilitate payments. This includes:

  • Account and Contact Information: Similar to Users, Therapists provide basic details to create an account: full name, email address, phone number, date of birth/age, and password (if not using SSO). We may also ask for preferred pronouns and gender, to display on your profile or for internal reference. Location (city/region) is collected to help Users know your time zone or if you operate in a specific city (especially for potential in-person referrals or compliance with local practice regulations).
  • Professional Credentials and Qualifications: During onboarding, we may collect extensive information about your professional background to ensure you are qualified:
    • Educational qualifications (e.g., degrees held, universities attended, year of graduation).
    • Professional certifications, licenses, and registration numbers (for example, if you are licensed by the Rehabilitation Council of India (RCI) or any other licensing body, we collect your license number).
    • Areas of specialization and therapy modalities you are trained in (e.g., CBT, psychodynamic, family therapy, etc.).
    • Years of experience in counseling/therapy practice and details of current or past practice (e.g., clinics or organizations you have worked with).
    • Languages you can conduct therapy in.
    • Client age groups you work with (e.g., adults, teenagers, etc., to match with appropriate clients).
    • Whether you offer individual therapy, couples therapy, or other formats.
    • Your current consultation fees for sessions (pricing information).
    • Availability preferences (for example, if you offer sessions on weekends or only weekdays).
    • A professional biography or profile description (if you provide one for Users to read on your profile).
    • Any special training or certifications (like advanced training certificates, diplomas, etc.) and areas of expertise (like anxiety, depression, relationship issues, etc. as you specify).
  • Identity and Verification Documents: We require certain documents to verify your identity and qualifications:
    • Government-issued identification documents such as your PAN card and Aadhar card (for identity verification, background check, and compliance with tax laws for payouts).
    • Proof of qualifications: copies of your Master’s or highest degree certificate in psychology/counseling or related field.
    • Copies of specialized training certificates or additional certifications you claim.
    • Reference letters or experience letters from previous employers or supervisors (to validate your work experience, if requested).
    • Your résumé/CV which summarizes your education and experience.
    • These documents often contain personal data (full name, date of birth, ID numbers, photographs, education history, etc.). We collect and store these securely and limit access to authorized Humann staff for vetting purposes. We do not disclose these documents to Users; they are only for our internal verification and records.
  • Therapist Profile Information: Some information from above is published on your profile for Users to see when deciding on a therapist. For example, your first name and last initial (or full name, based on your preference), your professional qualifications (degrees, licenses), years of experience, languages, specialties, and profile photo (if you choose to add one) will be visible to Users. Contact information like your phone number, email, or exact address is not public to users via the platform. Users communicate with you through the platform’s messaging/calling systems without seeing your personal contact details. (They may learn your full name or license information via your profile, which you consent to share by signing up as a Therapist.)
  • Scheduling and Session Data: We keep track of the therapy sessions you conduct via Humann. This includes your calendar availability that you input, sessions booked with you by Users, and records of completed or missed sessions (date, time, client name/ID, session type, duration). This helps with appointment management and calculating fees owed to you.
  • Financial and Payment Information: To facilitate payment of your consultation fees, we collect your banking details and payment preferences. This may include:
    • Bank account number, bank name, and IFSC code (for direct transfer of earnings to your account).
    • Alternatively, if we pay via an electronic wallet or other method, we collect the necessary account identifiers for that.
    • PAN (Permanent Account Number) for tax purposes (to issue invoices or deduct TDS if applicable under Indian tax law).
    • Any other tax-related information required by law (e.g., GST details if you are GST-registered, although individual therapists might not be).
    • We use this financial information solely to process your payouts and comply with legal requirements. These details are stored securely and only accessed by our finance team or payment processor when needed. We do not share your full banking details with Users or any irrelevant third parties. Payment processing to you may be done through a banking partner or payment gateway under contract with us.
  • Communications and Support: If you as a Therapist communicate with Humann (for support queries, onboarding assistance, or other purposes), we will collect the information in those communications similar to user support. This may include your correspondence emails, call recordings (if we record support calls, but typically we do not unless stated), and any feedback or survey responses you provide.
  • Automatically Collected Data (Therapists): When Therapists use the Humann platform (web portal or app) we similarly collect device and usage information as noted for Users. This includes IP address, device details, login times, actions like updating profile or responding to a client message, etc. We use Mixpanel/analytics as well to understand how Therapists use our platform (for example, tracking if the onboarding flow is completed, if calendars are updated, etc.) to improve our services for you.

4.3 Data Collected from All Visitors/Users (Automatic & Cookies)

Beyond registered Users and Therapists, if someone simply visits our website or installs the app without logging in, we may collect some limited data:

  • Browsing Data: IP address, browser type, operating system, and referring site (if you came via a link) are logged by our web server for security and analytical purposes. This is standard for any web service and helps us monitor site integrity and aggregate traffic (e.g., number of visitors).
  • Cookies and Similar Technologies: As detailed in Section 9, we use a minimal number of cookies. For a casual visitor, essential cookies may be set to maintain session state or preferences. We currently do not use advertising cookies. Analytics scripts (like Mixpanel or Hotjar) might still load on our site to understand usage patterns, but until you register, the data remains anonymous or tied to device identifiers.
  • Third-Party Login Info: If you are just initiating a Google/Apple login but not completing it, we might get a token and then discard it if sign-up is not completed.

Humann does not collect any personal data from third parties about you without your involvement. For example, we do not purchase user data lists, and we do not receive personal health information about you from any external providers or partners. All user personal data we have is either provided directly by the user or generated through use of our platform. Therapists similarly provide their data directly during onboarding or through later updates.Note: We do not ask Therapists to share their session notes or any additional information about Users outside the platform. Therapists are advised not to upload or share any personal data of Users on external platforms. If in the future, we conduct optional surveys or research involving Therapists (for example, asking how many of their clients have certain issues, to gather statistical insights), we will ensure those surveys do not collect personally identifiable information of clients, only aggregated anonymized information.

5. Purpose of Data Collection

Humann collects and uses personal data for various purposes related to providing and improving our mental health services. We are transparent about why we need each type of information. Below, we describe the purposes for which we process User and Therapist data:

For Users (Clients):

  • Service Delivery & Facilitation of Therapy: We use your personal data to deliver the core services of our platform. This includes matching you with suitable Therapists based on the information from your profile and questionnaire (e.g., using your stated issues, goals, language preference, etc., to suggest appropriate therapists), scheduling therapy sessions, and enabling you to communicate with your chosen Therapist. For example, we may use your name and the issues you selected to internally recommend a therapist who specializes in those areas. Once you book a session, we share necessary details with the Therapist (see Data Sharing in Section 6). During service delivery, we ensure that only the needed information is used for each step (principle of data minimization).
  • Personalization and User Experience Enhancement: We want to provide you with a tailored and helpful experience. Your data helps us remember your preferences and customize the platform for you. For instance, your mood tracker entries might be used to show you insights or trends about your mental health over time. Your language preference ensures the app shows content in your chosen language (if available). We might use your usage patterns to recommend certain self-help resources within the app or to prioritize features that benefit you. All such processing is aimed at improving the platform’s usefulness and is done in a manner that respects your privacy (often by using aggregated data or requiring your additional consent for any significant personalization).
  • Communication: We use your contact information (email, phone number) to communicate with you about your account and our services. Primary communications include sending booking confirmations, reminders for upcoming sessions, notifications from your Therapist, and updates about our terms or policies. We may also send you mental health tips, platform news, or marketing communications about new services if you have not opted out of such messages. All marketing or promotional emails will have an unsubscribe option so you can opt out at any time. For critical service communications (like an appointment reminder or security alert), you may not be able to opt out as they are necessary for service use.
  • Payment Processing: When you pay for sessions or subscriptions, we use your data to process the transaction. This includes using your user ID and session details to initiate payment requests via our payment gateway, and then recording the completion of the payment. If applicable, we use your data to apply any discounts or offer codes. We also generate receipts that include your name and a brief description of the service. We retain transaction histories to handle any disputes, refunds, or accounting requirements.
  • Therapy Quality and Outcome Tracking: Over time, we might use data like session counts and mood tracker trends to help gauge your progress. This could be shared with you in-app (for example, “You’ve had 5 sessions in the last 2 months, and your average mood rating has improved”). This purpose is primarily to empower you and your therapist to reflect on improvement areas. Any such analysis is done privately and not shared externally without consent.
  • Research and Development: Humann may use de-identified or aggregated user data to conduct research and analysis with the aim of improving our services or contributing to understanding in the mental health field. For example, we might analyze aggregated data to see common issues users are facing or to evaluate the effectiveness of certain platform features on user engagement. Note: When used for research or product development, data is anonymized wherever possible, meaning individuals are not identifiable in the results. We may publish broad insights but will not publish any personal details without explicit consent.
  • Marketing and Advertising: Currently, Humann’s use of personal data for advertising is minimal. We do not sell your data to advertisers or display third-party ads based on your personal data. We may, however, use some data internally to target certain informational content or promotions to you. If we ever partner with third-parties for marketing, we will do so only with your explicit consent. Any use of sensitive data (like your therapy-related info) for marketing is avoided entirely unless you explicitly agree.
  • Compliance and Legal Purposes: We will use your data as needed to comply with laws and enforce our Terms of Service. For example, we maintain records of consent and communications to demonstrate compliance with the DPDP Act. If needed, we may use certain data to respond to lawful requests or to establish or exercise our legal rights.
  • Service Improvement (Analytics): We utilize tools like Mixpanel and Hotjar to analyze how Users navigate our app and what features are used frequently. This helps us identify issues in the user interface and improve the platform. These analytics data are mostly aggregated or tied to device IDs; while they may incidentally include user IDs or emails in our internal dashboards, we treat them confidentially and do not allow analytics providers to use that data for their own purposes. All analytics use is governed by agreements that protect your information (see Section 6).

For Therapists:

  • Therapist Onboarding and Verification: We collect your professional and identification data to verify your qualifications and identity. The purpose here is to ensure that all Therapists on Humann are legitimate, licensed or certified professionals in mental health, for the safety and trust of our Users. We use the information you provide to conduct background checks which may involve verifying documents authenticity and cross-checking with issuing institutions or licensing databases. This vetting process is essential to maintaining the quality of our services and is required before you can offer services on the platform. We may also use this data for preparing your profile listing.
  • Matching and Recommendations: Similar to how we match Users with Therapists, we also use your professional information to match you with suitable clients. This ensures you get clients that fit your expertise. This matching is done by algorithms using the data you and the user have provided. It is largely an automated process (rules-based, not AI as of now), but not a solely automated decision with legal effect – Users still choose whether to book with you, and you have control over accepting clients. Thus, the data is used to facilitate introductions rather than binding decisions.
  • Service Provision & Platform Use: We use your data to enable you to provide services via Humann. This means using your schedule availability to allow bookings, notifying you of session appointments or cancellations, and allowing you to communicate with your clients through our encrypted channels. We might use your email or phone to send you important alerts. We also log your interaction with clients (without recording content) to maintain service history, which helps in case of any billing disputes or user complaints.
  • Payment and Accounting: We process your personal and financial data to calculate your earnings and pay you accordingly. After you conduct sessions, our system uses the session records to determine your fees (based on the rate you set) and compiles the payout amounts. We use your bank details to execute transfers of your earnings on a regular payout schedule. We also generate internal invoices or records for these payouts which include your name, PAN, total amount, etc. This serves accounting, audit, and tax filing purposes. We may send you payout confirmation emails or statements. All such processing is necessary for our contractual relationship and to fulfill legal obligations.
  • Quality Monitoring and Training: To maintain a high standard of care, Humann may occasionally review non-sensitive data such as session counts, client feedback, and responsiveness for quality assurance. This could be used to guide our internal training or support for you as a Therapist. We might reach out to you with suggestions or support based on this analysis. We do not monitor the content of therapy sessions, as those remain confidential between you and your client, but we may facilitate a process for clients to rate or provide anonymous feedback.
  • Platform Updates and Communication: We will use your contact details to inform you of important platform updates, new features, changes in policy, or upcoming maintenance downtime. We may also send newsletters or educational content relevant to therapists. You can opt out of non-essential communications if you prefer.
  • Marketing and Public Profiles: With your consent, we may use certain aspects of your profile in our marketing materials or platform promotions. We will never disclose your personal data like contact or ID info for marketing. Only professional info like your first name, qualification, specialty, and a quote or story (that you approve) would be used. This is completely voluntary.
  • Legal and Compliance: We process therapist data to comply with legal obligations. For example, we retain KYC documents such as PAN/Aadhar and proof of qualifications as required by regulations. If law enforcement or regulatory bodies require information, we may provide basic identity/professional information as required by law. We also ensure that we abide by tax laws.
  • Internal Analytics and Service Improvement: Humann will also analyze aggregated data about therapist usage to improve the platform. These analytics help us support you better and grow the service.

For Both Users and Therapists (General Purposes):

  • Security and Fraud Prevention: We use all categories of data as needed to maintain the security of our platform, Users, and Therapists. This includes using login data and device identifiers to detect suspicious activities. We may use personal identifiers to block malicious users or verify identities in cases of suspected fraud. We also use data for enforcing our Terms of Service, such as investigating harassment, inappropriate content, or other misconduct.
  • Data Accuracy and Administration: We might process your data to manage and update our databases, ensure your information is accurate and up-to-date, and to integrate with our internal administrative tools.
  • Backup and Disaster Recovery: We make backups of data (which include personal data) to prevent data loss. These backups are used only for restoration purposes and are protected with the same security as primary data.

We will not use your personal data for any purpose that is incompatible with the ones described above without first obtaining your consent or unless required by law. If we need to process your data for a new purpose, we will update this Privacy Policy and notify you as necessary, seeking your consent where required.

6. Data Sharing and Third-Party Disclosures

Humann may share your personal data with third parties, but only in the ways that are described in this Policy. We do not sell or rent personal data to any third-party for their own marketing or advertising purposes. Any sharing of data is done either with your consent, to fulfill the services, or as required by law. Below are the categories of recipients with whom we may share data and the context for such sharing:

6.1 Sharing between Users and Therapists (within the Platform):

  • User Data shared with Therapists: When a User books a session with a Therapist, Humann shares certain personal information of the User with that Therapist. This includes the User’s name, age, gender, primary contact, and a summary of the issues/needs (if the user has consented to share their questionnaire responses). Detailed sensitive data from the onboarding questionnaire will only be shared if the User explicitly opts-in. At the time of booking a therapist, Users are presented with an option like “Share your questionnaire responses with your therapist.” If the User agrees, then the Therapist can view those responses. If the User does not agree, those sensitive answers remain hidden from the Therapist. Therapists are not allowed to use User data for any purpose outside of providing therapy to that User. They are bound by confidentiality (professional ethics and our agreements) to keep User information private.
  • Therapist Data shared with Users: When Users browse and select Therapists on Humann, they will see the Therapist’s public profile information. This includes the Therapist’s first name, photo, qualifications, years of experience, special areas of expertise, languages spoken, session pricing, and ratings/reviews. We do not disclose a Therapist’s personal contact details (phone, email, address) to Users. Communication is routed through the platform’s systems.

6.2 Third-Party Service Providers (Processors): We employ trusted third-party companies and individuals to facilitate our Services (“Service Providers”). These third parties act as Data Processors on our behalf. They only receive the information necessary to carry out their designated tasks and are contractually obligated to keep your data confidential and secure, and to use it solely for the purposes instructed by Humann. Our key service providers include:

  • Cloud Hosting and Infrastructure: We use Amazon Web Services (AWS) cloud infrastructure to host our platform and store data. All your personal data reside on AWS data centers. AWS is an industry-leading provider with high security standards and is ISO 27001 certified. Our servers are currently located in secure data centers (we strive to use regions within India when possible).
  • Payment Processors: For handling payments, we integrate with third-party payment gateways such as Razorpay. When you enter payment details, you do so on their secure interface. These payment processors will receive information needed to process the transaction. Humann itself does not receive or store your full financial instrument details. Payment processors are PCI-DSS compliant and are obliged to protect your data.
  • SMS and Phone Communication: We use Airtel (Airtel Business messaging services) to send SMS notifications. When we send an SMS, we share your mobile number and the message content with our SMS gateway (Airtel’s platform).
  • Email Services: We utilize Mailgun for sending out emails. Mailgun will process your email address and the content of the emails we send. Mailgun implements security and compliance measures.
  • Analytics and User Engagement Tools: Humann uses analytics tools:
    • Mixpanel: We integrate Mixpanel in our app to track usage events. The data sent to Mixpanel may include a user identifier and event data like “Session Booked” or “Mood Updated”. We do not send sensitive questionnaire responses or any therapy content to Mixpanel. Mixpanel might store basic profile info. Mixpanel is based in the USA, so this involves transferring limited data out of India; we ensure this is done in compliance with law.
    • Hotjar: We may use Hotjar on our web interface. Hotjar can record user interface interactions. We configure Hotjar not to record any personal text you enter (it masks form fields). It may capture your IP (which it anonymizes) and device details. Hotjar’s data may be stored on servers outside India. We use it solely for UI/UX improvement.
    • Google Analytics (if applicable): Similar principles apply – tracking usage data, with options for you to opt-out.
  • Video/Audio Session Provider: For conducting live therapy sessions, Humann uses Agora. When you have a therapy session, audio and video streams are transmitted through Agora’s service. However, these calls are end-to-end encrypted and are not recorded or stored by Humann or Agora (unless explicitly stated and consented for a particular session, which by default we do not do). Agora operates as a processor that only relays the communication. No content is saved, and any ephemeral data is disposed of after the session.
  • Messaging and Notifications (WhatsApp Business): Humann may send certain notifications via WhatsApp Business API. To do this, we use WhatsApp’s Business service directly or through a provider. They will get access to your phone number and the message content we send. WhatsApp messages are end-to-end encrypted. We will only use WhatsApp for user communications if you have consented or initiated communication with us via that channel. You can opt out.
  • In-App and Push Notifications (Firebase): Humann uses Firebase to deliver in-app messages and push notifications. Firebase may collect device identifiers, notification tokens, and engagement data. No personal health or sensitive content is shared through these notifications. By using the app, you consent to receiving such notifications, which you may disable through your device or app settings.
  • Single Sign-On Providers: If you use Google or Apple to sign in, those companies process your login and provide us with your basic account data. Google or Apple will know that you are using Humann. This is covered under their privacy policies. They do not get further data from us about your usage in Humann.
  • Internal Tools (Cloud Software): We use some third-party software for our internal team. This can include:
    • Google Workspace: for company email and document storage. Emails you send to Humann are processed through Google’s Gmail servers. Documents or spreadsheets internally maintained might be stored on Google Drive. We ensure any personal data in such documents is handled securely and access is restricted.
    • Asana (or similar project management tools): used by our team to track tasks. We generally do not input user personal data into such tools except perhaps first names or booking IDs when tracking a support ticket. Any minimal data in these systems is protected under our agreements.

We ensure all service providers we use are reputable and have their own compliance with privacy laws. We have Data Processing Agreements (DPAs) or equivalent contractual clauses with them that bind them to protect your data.

6.3 Compliance and Legal Requirements: We may disclose personal data to third parties (such as courts, law enforcement or governmental authorities) if required to do so by law or subpoena or if we believe in good faith that such action is necessary to: (a) comply with a legal obligation or governmental request; (b) protect and defend the rights, property, or safety of Humann, our users, or others; (c) investigate or assist in preventing any violation of law or this Privacy Policy or our Terms of Service; or (d) in connection with legal claims, disputes, or defense against legal claims. For example, under Indian law, if approached with a proper legal order, we may have to comply. If feasible and lawful, we will notify the concerned user or therapist.

6.4 Business Transfers: If Humann is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service, your personal data may be transferred as part of such a transaction. Any such transfer will be subject to the principle that the data continues to be used in accordance with this Privacy Policy (unless you consent otherwise). In the event of an actual acquisition or merger, we will notify users of any change of ownership. You will have the opportunity to opt-out of the transfer if the new entity plans to handle your data in a materially different way.

6.5 Aggregated or Anonymized Data: We may share information that has been aggregated or anonymized (so it is no longer associated with an identifiable individual) with third parties for research, marketing, analytics, or other purposes. This data does not contain personal data and is not linked to any specific user or therapist.

6.6 No Sale of Personal Data: Humann explicitly confirms that we do not sell your personal data to any third party. “Selling” means sharing personal data with third parties for monetary or other valuable consideration for the third party’s own purposes. We do not engage in such activity.

6.7 Third-Party Websites or Links: Note that our platform might contain links to third-party websites. If you follow any link to a site that we do not control, this Privacy Policy will not apply to that site. Always review the privacy policies of any third-party websites or services before providing your data to them. Humann is not responsible for the privacy practices of external sites.

7. Data Storage, Security, and Retention

Humann takes the security of your personal data seriously. We implement a variety of organizational and technical measures to ensure that your data is stored safely and only retained for as long as necessary.

7.1 Data Storage Locations: Humann stores data on secure cloud servers. Our primary storage is on Amazon Web Services (AWS) cloud infrastructure. Whenever feasible, we use AWS data centers located in India for storing personal data of Indian users. However, some data may be stored or backed up in servers outside of India. Regardless of location, we ensure that adequate protections are in place. All data on our servers is protected by strong access controls.

7.2 Security Measures: Humann follows industry best practices to protect personal data. Key security measures include:

  • Encryption: We use encryption to protect data in transit and at rest. All communication between your device and Humann is encrypted using HTTPS/TLS. Sensitive data at rest is encrypted on our servers or databases. For example, passwords are stored using one-way hashing.
  • Access Controls: We restrict internal access to personal data strictly on a need-to-know basis. Only staff members who require access are granted permission. Our team members are trained on confidentiality and data protection practices. Access to admin panels and databases is secured via strong authentication. Therapists accessing user data on the platform must log in with their secure credentials; they only see information for their own clients.
  • ISO 27001 Alignment: While Humann might not yet be formally certified, we endeavor to align our security program with ISO 27001 standards. Our hosting provider (AWS) is ISO 27001 certified. We follow rigorous security procedures including regular data backups, least privilege principle, network security, and security testing.
  • Secure Development Practices: Our engineering team follows secure coding guidelines. We regularly update our software dependencies and apply security patches. We also perform testing of our application.
  • Anonymization & Pseudonymization: Where possible, Humann uses techniques to de-identify personal data. When using data for analytics or machine learning, we remove direct personal identifiers and use pseudonymous IDs. We also anonymize data that we no longer need in identifiable form.
  • Physical Security: Physical security is managed by AWS, which has robust measures. For any physical documents, we store them securely.
  • Employee and Therapist Training: All Humann employees with access to personal data undergo confidentiality and data protection training. Therapists, while independent, also agree to maintain confidentiality of client information.
  • Incident Response Plan: We have a data breach/incident response plan in place (see Section 11).

7.3 Retention Periods: We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. The retention duration may differ for various categories of data:

  • User Accounts and Data: As long as you maintain an active account, we will retain your profile info, questionnaire responses, mood tracker entries, and session history.
    • If there is no activity for 6 months, Humann may classify your account as “inactive”. We reserve the right to anonymize or delete certain personal data. We would typically attempt to notify you before anonymizing or deleting due to inactivity.
    • When we anonymize data after inactivity, we remove or irreversibly encrypt personal identifiers. The remaining data may be kept for analytical or research purposes but will no longer be linked to you.
    • If you return after anonymization, you might need to re-enter certain information.
    • Account Deletion (User Initiated): If you choose to delete your account, we will delete or anonymize personal data associated with your account. We aim to do this promptly, typically within 30 days. Deletion means we remove personal identifiable information from our primary databases. However, some minimal information may be retained in our backups or logs for a short period, or as required for legal compliance (e.g., transaction records for taxation, often 5-7 years). When you delete your account, any active sessions are canceled, and any non-personal content might be retained in anonymized form.
  • Therapy Session Content: As noted, we do not record therapy session content. Therefore, we do not have to manage deletion of session transcripts or recordings because none are stored.
  • Therapist Data Retention: For Therapists, we retain your data while you are an active provider. If you decide to leave, upon your request we will remove or anonymize your profile. However, we may need to retain certain information for legal and business record purposes:
    • We will keep financial payout records and related transaction data as required by law (e.g., up to 8 years).
    • We will retain your signed agreements and compliance documents for their legal validity.
    • Identification and credential documents may be archived for a few years.
    • We anonymize any data that is not required to be retained.
  • Logs and Analytics Data: Server logs, security logs, and analytics data may be stored in an aggregated form for longer periods but generally do not identify users personally. Raw logs linking IP addresses are typically deleted within a shorter timeframe (often 6-12 months).
  • Backup Retention: Our system backups might retain snapshots for a certain retention schedule. Data deleted from the live system will also be removed from backups after the retention window passes. All backups are encrypted and stored securely.

When the retention period is over, we either securely delete it or irreversibly anonymize it.

7.4 Security of Session Notes and Therapist Responsibilities: Humann itself does not store therapy session notes or therapy content, but Therapists may keep their own notes.

  • If a Therapist uses Humann’s platform interface to jot down notes, those notes are not stored on the platform. Therapists are encouraged to maintain any necessary notes on their own systems.
  • Therapist Confidentiality: Therapists are bound by their professional ethics and our terms to maintain strict confidentiality of client information. Any notes or data a Therapist keeps about a User outside the Humann platform must be stored securely by the Therapist. If a Therapist fails to uphold confidentiality, it is a serious violation of our policies and could result in their removal.
  • No Unauthorized Recording: We prohibit recording of sessions by therapists or users without mutual consent. Humann does not record sessions.
  • Data Minimization for Therapists: We advise therapists to only collect minimal necessary personal data from users within a session.

7.5 International Data Transfers: While Humann primarily operates in India, some third-party processors might store or process data on servers located in other countries. If personal data is transferred outside of India, we will do so in accordance with Indian law. We will ensure that any cross-border transfer is made only to jurisdictions that have comparable data protection standards or where adequate safeguards are in place. By using Humann, you understand that your data may be processed in countries outside of India, but always under secure conditions and with this Policy’s protections. If any data localization requirements become mandatory, we will adjust our practices.

8. Data Subject Rights

As a user of Humann, you have rights regarding your personal data. Humann believes in transparency and empowering you to control your data. In accordance with the DPDP Act and other applicable laws, we recognize the following rights (subject to certain legal limitations):

  • Right to Access: You have the right to know whether we process personal data about you and to access that personal data. This includes requesting a copy of the information we hold about you and details about how we use it.
    • How to Access: You can view certain data in-app or through account settings. For a comprehensive report, submit a request to us. We may need to verify your identity. We will provide the information in a common digital format, unless the law permits refusal.
  • Right to Correction/Rectification: If any of your personal data is inaccurate or outdated, you have the right to have it corrected or updated.
    • How to Correct: Much of your basic info can be updated directly in your account. For non-editable changes, contact us with a request. We may ask for documentation to verify.
  • Right to Deletion (Right to Erasure): You have the right to request deletion of your personal data that we hold.
    • Scope of Deletion: This right is not absolute. We will delete your data upon request provided it is no longer necessary, there is no overriding legal requirement to keep it, and you have verified ownership. Requesting deletion is treated as a request to delete your account entirely. We will remove personal identifiers from our systems, leaving only legally required data.
    • If you are a User, deletion means you will lose access. If you are a Therapist, it means deregistering from the platform.
    • How to Request Deletion: There may be an option in account settings or you can contact support or the Grievance Officer. We will verify your request and process the deletion.
  • Right to Withdraw Consent: In situations where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal will not affect prior processing.
    • How to Withdraw: You can unsubscribe from emails or update preferences in the app. For core service data, withdrawal of consent would equate to deleting your account. We provide accessible ways to manage consents. Once you withdraw consent for a particular use, we will stop that use.
    • Consequences: If you withdraw consent for something essential, we may have to limit or terminate your use of services. We will inform you of such consequences.
  • Right to Data Portability: The DPDP Act does not explicitly list portability, but Humann is committed to helping you retrieve and move your data. This means you can ask for your data in a machine-readable format (CSV, JSON, etc.). This applies to data you provided or generated by your activities.
  • Right to Know About Data Sharing: You have the right to know what personal data has been shared, and with whom, especially government or third-party disclosures. Humann will, upon request, provide information on categories of third parties and specifically if we have provided your info to law enforcement or government recently (if law allows). We provide general information in this Policy.
  • Right to Grievance Redressal: You have the right to raise a complaint or grievance regarding our handling of your data, and to have that addressed in a timely manner. We detail the process in Section 12. You can reach out to our Grievance Officer.
  • Right to Nominate (for Data Post Demise): The DPDP Act includes a provision for Data Principals to nominate another individual to exercise their data rights in the event of death or incapacity. You may contact us to record a nomination. In the event of your passing or incapacitation, that nominee could reach out to us to request account deletion or data access on your behalf.
  • Right to Opt-Out of Marketing: You can always opt out of marketing or non-essential communications. This can be done via unsubscribe links or contacting us. We also honor Do-Not-Disturb preferences as per TRAI regulations.

Exercising Your Rights: Most rights can be exercised by contacting us or through app settings. For any formal request, reach out to our Grievance Officer (Section 12). We may acknowledge, seek clarification, verify identity, and process the request. We will respond with the outcome or an explanation if we cannot fulfill it.

There are situations where we might limit fulfillment:

  • If your request could expose personal data of another person.
  • If you request deletion of data we are required by law to keep.
  • Repeated or excessive requests might be refused or attract a fee if deemed manifestly unfounded or excessive.
  • If fulfilling a request would jeopardize ongoing legal proceedings or investigations.

We will not discriminate against you for exercising any of these rights.

If you believe we have not addressed your concerns satisfactorily, you have the right to escalate the matter. Under the DPDP Act, you may file a complaint with the Data Protection Board of India (once established). We encourage trying to resolve with us first.

9. Cookies and Tracking Technologies

Humann uses cookies and similar tracking technologies in a limited manner, primarily to ensure our platform functions correctly and to analyze usage for improvement.

9.1 What Are Cookies? Cookies are small text files websites save on your device. They store information which can be read by the site that set the cookie. Types include:

  • Essential (Strictly Necessary) Cookies: Required for website operation.
  • Analytics/Performance Cookies: Collect info on how users interact.
  • Functionality Cookies: Remember user preferences.
  • Targeting/Advertising Cookies: Used to track browsing and show personalized ads.

9.2 Humann’s Use of Cookies: Humann currently makes minimal use of cookies:

  • We primarily use essential cookies to maintain your session.
  • We rely on in-app analytics (Mixpanel, etc.) which might use a cookie or local storage to identify a returning user and log events. These are effectively analytics cookies, but we ensure no sensitive personal info is stored.
  • We do not use any advertising cookies or trackers that profile you for third-party advertising. You will not see third-party banner ads.
  • We may use a cookie to remember certain preferences.
  • Third-party content or scripts might set cookies.

9.3 Tracking Technologies in Mobile App: In the mobile app, cookies are not used, but similar tracking happens via device identifiers or local storage. Analytics SDKs use identifiers to track unique installations. Push notification tokens are used to send notifications. The app might also store preferences or cache data locally.

9.4 Consent for Cookies: Since our use of cookies is minimal and mostly essential, we may not present an intrusive cookie banner for essential cookies. If we introduce non-essential cookies, we will update our practices to obtain appropriate consent.

9.5 Managing Cookies and Trackers: You have the right to control or block cookies:

  • Browser Settings: You can set your browser to refuse or prompt before accepting cookies. Note that disabling all cookies may prevent the Humann website from functioning properly.
  • Do Not Track Signals: Our website does not specifically respond to DNT signals to alter its basic tracking.
  • Opt-Out of Analytics: For Mixpanel, you can opt-out via Do Not Track or Mixpanel’s opt-out methods.
  • Mobile App Permissions: On the app, you can control tracking by limiting permissions or resetting ad tracking IDs at the device level.

9.6 Cookies Set by Third Parties: Services like Hotjar or Google (for login) may set their own cookies. These are controlled by the third-party and can usually be blocked via browser settings.

9.7 Minimal Cookie Use Notice: Humann’s platform uses cookies sparingly, mainly essential and a few analytic tools. We do not engage in pervasive cross-site tracking or advertising profiling.

10. Children’s Privacy

Protecting the privacy of minors is extremely important. Humann is intended for use only by individuals who are 18 years of age or older. We do not knowingly allow individuals under 18 (“Children” or “minors”) to register for or use the platform.

No Use by Minors: If you are under 18, please do not attempt to use our platform or provide any personal data. Our registration asks for age confirmation. Therapists are instructed not to provide services to minors via Humann.

No Data Collected Knowingly from Children: We do not intentionally collect personal information from anyone under 18. We do not target or market to children.

Parental Responsibility: If you are a parent or guardian and become aware your child has created an account, please contact us immediately. We will take steps to delete the child’s information and terminate the account promptly.

Therapists and Minor Clients: Therapists should not knowingly register minors on Humann or conduct sessions with a known minor through the platform. If a therapist encounters a user they suspect is underage, they are instructed to halt sessions on Humann and inform us.

No Profiling or Tracking of Children: In line with the DPDP Act, we do not profile, track, or target content to children.

Educational Content Access: Minors may access publicly accessible content like blog articles without providing personal data. They should not sign up or contact therapists through Humann.

False Age Representation: Users are responsible for providing truthful age information. If we discover a user misrepresented their age, we will consider it a violation of our terms and promptly suspend or terminate the account and erase personal data.

11. Data Breach Notification and Incident Response

In the unlikely event of a data breach, Humann has a plan to respond swiftly and transparently.

Incident Response Plan: Humann maintains a structured incident response plan for identification, containment, eradication, recovery, and communication. Our team is trained to recognize potential breaches and act immediately.

User Notification: If we become aware of a data breach that affects your personal data and is likely to result in significant harm, we will notify you without undue delay. Notification may occur via email, in-app message, or other direct communication methods. We will provide:

  • A summary of the breach.
  • Approximate date of the breach and discovery.
  • Likely consequences.
  • Steps we have taken.
  • Advice on what you can do.
  • Contact details for further information.

Regulatory Notification: In line with the DPDP Act, we will also notify the appropriate authorities (Data Protection Board of India) about significant data breaches.

Mitigation and Remediation: Upon discovering a breach, our immediate priorities are to contain the incident and mitigate damage. We will investigate the root cause and take corrective action.

No Delay Principle: We aim to notify users as soon as possible, while ensuring accurate information. There might be a short delay if law enforcement is involved.

User Responsibilities in a Breach: We advise users to practice good security hygiene. If your password was involved, immediately change it. Be vigilant for suspicious communications. Follow any specific instructions we provide. Contact us if you have questions or notice unusual activity.

Record-Keeping: We document all data breaches.

Continuous Improvement: Security is an ongoing effort. Any incident is used as a learning opportunity to upgrade our security measures.

12. Grievance Redressal

Humann is dedicated to addressing any concerns, complaints, or queries you have regarding your personal data or this Privacy Policy. We have established a grievance redressal mechanism.

Grievance Officer: We have appointed a Grievance Officer to handle data protection queries and complaints. The Grievance Officer is responsible for acknowledging and resolving grievances in a timely manner.

  • Name: Ujjwal Kumar
  • Email: ujjwal@humannindia.com
  • Postal Address: 1st floor, 6-3-592/2, Rockdale, Rockdale, Somajiguda, Hyderabad, Telangana, 500082You may contact the Grievance Officer by email or mail with any concerns.

Response Timeframe: Upon receiving your grievance, we will acknowledge receipt typically within 72 hours (3 business days). We strive to resolve all grievances as quickly as possible, generally within 30 days. If we anticipate a delay, we will inform you.

Resolution and Communication: The Grievance Officer will investigate your concern. This may involve reviewing data, speaking with internal teams, or contacting a Therapist if the complaint is against them. After investigation, we will take appropriate action to resolve the issue. We will send you a formal response explaining the outcome.

Escalation: If you are not satisfied with the resolution, you have the right to escalate. Under the DPDP Act, you may file a complaint with the Data Protection Board of India (once operational).

Data Protection Officer (DPO): Currently, Humann is not classified as a Significant Data Fiduciary requiring a mandatory DPO. We treat the role of Grievance Officer with the same seriousness. If we appoint a distinct DPO in the future, we will update this Policy.

Language and Accessibility: We will provide support in English, and wherever possible, in local languages.

No Retaliation: Raising a privacy concern will not adversely affect your access to services. We do not discriminate or retaliate.

Continuous Feedback: We encourage sharing suggestions on improving our privacy practices.

13. Policy Updates and Amendments

Humann may update or modify this Privacy Policy from time to time. Any significant changes will be communicated to you in an appropriate manner.

Notification of Changes:

  • If we make material changes, we will notify you via prominent notice on our website/app, email, and/or in-app notification. We will provide this notice before the changes take effect, whenever feasible.
  • For minor updates, we may update the Policy by posting the new version with a new effective date without direct notification.

If you continue to use services after a revised Policy is effective, it will be deemed that you have accepted the updated Policy. Where required by law or if a change requires fresh consent, we will obtain your consent again.

The effective date of this Privacy Policy is 14th April, 2025. This version supersedes all earlier versions.

We may keep prior versions archived for transparency.

Where required, we will seek your acknowledgement of the updated Policy. If you do not agree with the changes, you have the choice to discontinue using our services and request deletion of your data.

This Privacy Policy and any disputes arising out of it will be governed by the laws of India.

We value your trust. Privacy is an ongoing commitment.

Effective Date: 14th April, 2025