Privacy Policy
MindAtlas Integration | mindatlas.com.au
Mind Atlas Integration Pty Ltd · ACN 695 009 511
Last updated: April 2026
1. We Respect Your Privacy
Your privacy matters to us. This page explains what information we collect, how we use it, how long we keep it, and how we keep it safe — in plain language. We comply with the Australian Privacy Act 1988 (Cth) and the UK General Data Protection Regulation (UK GDPR).
2. What Information We Collect
We may collect:
- Your name and contact details (email address)
- Health-related and wellbeing information you voluntarily share as part of your integration support — including journal entries, prompt responses, self-assessment results, session notes, and intake assessment data
- Account credentials (email and hashed password)
- Payment information (processed by Stripe — we do not store card details)
- Usage data (pages visited, features used, session timestamps)
- Device and browser information for security and performance purposes
3. Legal Basis for Processing (UK GDPR)
For users in the United Kingdom, we process your personal data on the following legal bases:
- Contract performance — to provide the services you have subscribed to
- Legitimate interests — to improve the platform, prevent fraud, and ensure security
- Explicit consent — for the collection and processing of special category health data (Article 9(2)(a) UK GDPR). You provide this consent when you voluntarily submit health-related content through the platform.
- Legal obligation — where required by applicable law
You may withdraw consent for health data processing at any time by contacting us or deleting your account. Withdrawal does not affect the lawfulness of processing before withdrawal.
4. Why We Collect It
We use your information to:
- Provide you with personalised psychedelic integration support
- Process payments and manage your subscription
- Communicate with you about your account, sessions, or enquiries
- Monitor platform performance and fix errors (error tracking)
- Improve our services
We never sell your personal information to anyone.
5. Third-Party Processors
We share data only with trusted third-party processors who are contractually bound to protect it. These are:
| Processor | Purpose | Data Location |
|---|---|---|
| Supabase | Database and authentication (stores all user data and content) | AWS ap-southeast-2 (Sydney, Australia) |
| Stripe | Payment processing and subscription management | United States (EU/UK standard contractual clauses apply) |
| Sentry | Error monitoring and performance tracking | United States (EU/UK standard contractual clauses apply) |
| Vercel / Netlify | Web hosting and content delivery | Global CDN |
6. Cross-Border Data Transfers
Some of our third-party processors are based in the United States. When data is transferred outside Australia or the United Kingdom, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office
- Processors who participate in recognised data transfer frameworks
Your core integration data (journal entries, session content) is stored in Australia (Supabase, Sydney).
7. How Long We Keep Your Data
| Data Type | Retention Period |
|---|---|
| Account and profile data | Until account deletion, then 30 days before permanent removal |
| Journal entries and integration content | Until account deletion (you can export at any time) |
| Payment records | 7 years (required by Australian tax law) |
| Error and performance logs | 90 days |
| Session booking records | 7 years (required for professional records) |
8. Keeping Your Information Safe
We take reasonable steps to protect your information from unauthorised access, misuse, or loss. Health information is treated with the highest level of care and confidentiality. Measures include encryption at rest and in transit, row-level security on all database tables, and access controls limiting who can view your data.
9. Your Rights
You have the right to:
- Access the personal data we hold about you
- Correct any information that is inaccurate
- Request deletion of your data (where legally possible)
- Export a copy of your data (available in Account Settings)
- Withdraw consent for health data processing at any time
- Object to processing based on legitimate interests
- Lodge a complaint with the relevant supervisory authority (see below)
To exercise any of these rights, contact us at hello@mindatlas.com.au. We will respond within 30 days.
10. Supervisory Authorities
If you believe we have not handled your data appropriately, you have the right to lodge a complaint with:
- Australia: Office of the Australian Information Commissioner (OAIC)
www.oaic.gov.au - United Kingdom: Information Commissioner's Office (ICO)
ico.org.uk · 0303 123 1113
We would always prefer to resolve concerns directly first — please contact us before raising a formal complaint.
11. Contact Us
For any questions about your privacy, data subject rights requests, or to withdraw consent, please contact us:
Mind Atlas Integration Pty Ltd · ACN 695 009 511
Website: mindatlas.com.au
Email: hello@mindatlas.com.au
This policy is written in plain language to make it easy to understand. For full legal details or specific questions, please contact us directly.
© 2026 MindAtlas. All rights reserved.
Mind Atlas Integration Pty Ltd · ACN 695 009 511