Privacy Policy

Privacy Policy

Last Updated:

Your privacy is not just a legal obligation — it is a core part of the trust that makes therapy possible. This Privacy Policy explains what personal information is collected through the MindLeaf website and services, how it is used, and how it is protected.

By using this Site or booking any services, you agree to the practices described in this policy.

1. Who Is Responsible for Your Data

The data controller for personal information collected through this website is:

Hazel Operating as: MindLeaf Online Therapy Email: [mindleaf@gmail.com] Website: [mindleaf-template.framer.website] Location: [New York, USA]

2. What Information Is Collected

2a. Information You Provide Directly

When you interact with MindLeaf — by submitting an inquiry form, booking a session, or attending a consultation — you may provide:

  • Your name and email address

  • Phone number (if provided)

  • Information about your mental health concerns and reasons for seeking therapy

  • Payment information (processed securely through a third-party payment provider)

  • Any other personal information you choose to share during intake or sessions

2b. Information Collected Automatically

When you visit this Site, certain data may be collected automatically, including:

  • IP address and general location data

  • Browser type and device information

  • Pages visited and time spent on the Site

  • Referring URLs (how you found the Site)

This data is collected through cookies and similar tracking technologies (see Section 7).

2c. Session-Related Information

Notes, observations, and records related to your therapy sessions are kept as part of your clinical file. This information is handled with the highest level of care and confidentiality, and is subject to professional ethical and legal standards.

3. How Your Information Is Used

Your personal information is used for the following purposes:

  • To provide therapy services — managing bookings, conducting sessions, and maintaining clinical records

  • To communicate with you — responding to inquiries, sending appointment confirmations and reminders

  • To process payments — securely handling fees through a third-party payment processor

  • To improve the website — understanding how visitors use the Site to enhance user experience

  • To comply with legal obligations — including professional, regulatory, and safeguarding requirements

Your data will never be sold to third parties. It will not be used for advertising or marketing purposes beyond MindLeaf's own services.

4. Legal Basis for Processing (GDPR & Applicable Law)

Where applicable, personal data is processed on the following legal bases:

  • Contractual necessity — to fulfil the therapy agreement between us

  • Legitimate interests — for website analytics and service improvement

  • Legal obligation — to comply with professional, safeguarding, and regulatory requirements

  • Consent — where you have explicitly agreed to a specific use of your data (e.g. receiving a newsletter, if applicable)

5. How Your Information Is Stored & Protected

Personal data is stored securely using appropriate technical and organisational measures, including:

  • Encrypted storage systems and secure file management

  • Password-protected clinical record systems

  • Secure, encrypted video platforms for session delivery

  • Limited access — only I have access to your personal and clinical information unless otherwise required by law

Clinical notes and records are retained for a minimum of 5 years following the end of our therapeutic relationship, after which they are securely deleted or destroyed.

Payment data is not stored directly by MindLeaf — it is handled entirely by the third-party payment processor.

6. Sharing of Information

Your personal information will not be shared with any third party except in the following circumstances:

  • Safeguarding obligations — where there is a serious risk of harm to you or another person, as outlined in the Terms of Use

  • Legal requirements — in response to a court order or statutory obligation

  • Service providers — trusted third parties who assist in delivering the service (e.g. booking platforms, payment processors, video conferencing tools), who are contractually bound to handle your data securely and only for the purposes specified

  • Clinical supervision — I receive regular professional supervision as required by ethical guidelines. Supervision discussions may reference client material, but identifying details are kept to a minimum and supervisors are bound by their own confidentiality obligations

I will always seek to inform you before disclosing information, except where doing so would put you or another person at risk.

7. Cookies

This Site uses cookies to improve your browsing experience and understand how visitors use the Site. Cookies are small text files stored on your device.

Types of cookies used:

  • Essential cookies — necessary for the Site to function correctly (e.g. booking system functionality)

  • Analytics cookies — used to understand how visitors interact with the Site (e.g. Google Analytics or similar). This data is anonymised and aggregated.

You can control and manage cookies through your browser settings. Please note that disabling cookies may affect the functionality of some parts of the Site.

By continuing to use this Site, you consent to the use of cookies as described above.

8. Third-Party Services

MindLeaf uses the following categories of third-party tools to operate the Site and deliver services:

  • Video conferencing platform (e.g. Zoom, Google Meet, or equivalent) — for session delivery

  • Booking system — for scheduling and appointment management

  • Payment processor (e.g. Stripe or equivalent) — for secure payment handling

  • Website analytics — for understanding site traffic

Each of these providers has its own privacy policy and data handling practices. I encourage you to review their policies. I only use providers who meet appropriate data protection standards.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right to access — request a copy of the personal data I hold about you

  • Right to correction — request that inaccurate data be corrected

  • Right to erasure — request deletion of your data, subject to legal and professional retention obligations

  • Right to restrict processing — request that I limit how I use your data in certain circumstances

  • Right to data portability — receive your data in a structured, commonly used format

  • Right to object — object to certain types of processing, including for legitimate interests

To exercise any of these rights, please contact me at [mindleaf@gmail.com]. I will respond within 30 days.

If you are based in the EU or UK and feel your rights have not been respected, you have the right to lodge a complaint with your local data protection authority.

10. International Data Transfers

If you are accessing MindLeaf from outside USA, please be aware that your data may be transferred to and processed in a different country. In such cases, appropriate safeguards will be in place to ensure your data is handled in accordance with applicable privacy laws.

11. Children's Privacy

MindLeaf services are intended for adults aged 18 and over. I do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has submitted personal information through this Site, please contact me immediately.

12. Changes to This Policy

This Privacy Policy may be updated from time to time to reflect changes in practice or legal requirements. Any updates will be posted on this page with a revised date. Continued use of the Site following any changes constitutes your acceptance of the updated policy.

Woman doing meditation

Your First Step Is Just One Click Away

Book free consultation

Create a free website with Framer, the website builder loved by startups, designers and agencies.