Privacy Policy

Philaris Health ("Philaris", "Philaris Health", "Company", "we", "our", or "us") is committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, process, disclose, and safeguard personal information when you access or use our websites, applications, digital platforms, and related services (collectively, the "Services").

We process personal data in accordance with applicable data protection laws, including the European Union General Data Protection Regulation (GDPR), the United Kingdom Data Protection Act 2018 (UK GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), where applicable.

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy.

This Privacy Policy applies to individuals who access or use our Services worldwide. This includes individual users, employees and representatives of organisational clients, website visitors, prospective customers, and business partners.

If you do not agree with this Privacy Policy, you should not access or use our Services.

The categories of personal data we collect depend on how you interact with our Services.

We may collect identifying information such as name, email address, telephone number, professional role, company affiliation, and account credentials. Where applicable, users may voluntarily provide additional profile information.

In the context of our mental health services, we may process health-related or other sensitive information, including self-reported wellbeing data, assessment responses, journal entries, or similar inputs. Such data is processed only where users have provided explicit consent, as required under applicable data protection laws.

We may also collect technical and usage data, including IP address, device information, browser type, system configuration, log files, session activity, and diagnostic data. Approximate geolocation data may be processed where necessary for regional service delivery.

Where payments are made, billing and transaction data are processed through authorised third-party payment providers. We do not store full payment card details on our systems.

We process personal data only where there is a valid legal basis.

Processing may be necessary for the performance of a contract, including the creation and administration of user accounts and the provision of our Services.

Where required by law, we rely on user consent, particularly for the processing of health-related data and for marketing communications.

We may process data based on our legitimate interests, including improving and securing our Services, preventing fraud or misuse, conducting analytics, and maintaining operational integrity, provided such interests are not overridden by the rights and freedoms of the data subject.

We may also process personal data where necessary to comply with legal obligations.

Philaris does not engage in automated decision-making that produces legal or similarly significant effects without an appropriate legal basis and, where required, explicit consent.

We do not sell, rent, or trade personal information.

Personal data may be disclosed to trusted service providers who act on our behalf and under our instructions, including providers of cloud infrastructure, hosting, analytics, communications, customer support, and payment processing services. These service providers are contractually bound to implement appropriate confidentiality and data protection safeguards.

Data may also be disclosed within our corporate structure for legitimate operational purposes.

We may disclose personal data where required by law, regulation, court order, or lawful request by public authorities.

In the event of a merger, acquisition, restructuring, or sale of assets, personal data may be transferred as part of the transaction, subject to appropriate safeguards and continuity of protection.

Personal data may be transferred to and processed in countries other than the country in which the data subject resides.

Where personal data originating from the European Union, European Economic Area, or United Kingdom is transferred to jurisdictions that do not provide an adequate level of data protection, we implement appropriate safeguards, including Standard Contractual Clauses approved by the European Commission or other legally recognized transfer mechanisms. Additional technical and organizational measures are applied where necessary to ensure an adequate level of protection.

We implement appropriate administrative, technical, and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit, access controls based on least-privilege principles, monitoring mechanisms, and regular security assessments.

Personal data is retained only for as long as necessary to fulfill the purposes described in this Privacy Policy or to comply with legal and regulatory obligations. When personal data is no longer required, it is securely deleted or irreversibly anonymized.

Depending on applicable law, individuals may have rights relating to their personal data.

Under the GDPR and UK GDPR, these rights may include the right of access, rectification, erasure, restriction of processing, data portability, objection to processing, withdrawal of consent, and the right to lodge a complaint with a supervisory authority.

Under the CCPA/CPRA, California residents may have the right to know what personal information is collected and disclosed, request deletion or correction of personal information, opt out of the sale or sharing of personal information, and receive equal service and pricing when exercising privacy rights. Philaris does not sell personal information.

Under PIPEDA, individuals may have the right to access and correct personal information and withdraw consent, subject to legal or contractual restrictions.

Requests to exercise applicable rights may be submitted to privacy@philaris.health. We will take reasonable steps to verify the identity of the requesting individual before responding.

Our Services are not intended for individuals under the age of 18. We do not knowingly collect or process personal data from minors. If we become aware that personal data of a minor has been collected inadvertently, we will take appropriate steps to delete such data without undue delay.

We may revise this Privacy Policy from time to time to reflect changes in legal requirements, operational practices, or the features of our Services. Where changes are material, we will provide appropriate notice, including updating the "Last updated" date at the top of this document and, where required, notifying users through the Services or by email.

For questions, concerns, or requests relating to this Privacy Policy or our data protection practices, please contact: