Legal

Privacy Policy

Last updated · May 1, 2026

Your trust is the foundation of every session on Innerly. This Privacy Policy explains what data we collect, why we collect it, who we share it with, and the rights you have over it under the Digital Personal Data Protection Act, 2023 ("DPDP Act").

01Who we are

The data controller ("Data Fiduciary") is Innerly Wellness Pvt. Ltd., registered office in Bengaluru, India. You can reach our Data Protection Officer at privacy@themindsathi.in.

02Data we collect

Account & profile

  • Name, email, mobile number, date of birth, location.
  • Avatar, display name, and any optional bio you provide.

Clinical & session data

  • Pre-session intake responses (concerns, history, preferred language).
  • Session metadata: date, time, duration, Psychologist booked, attendance status.
  • Notes and assessments authored by your Psychologist, which are stored under their control and visible only to them and to you when shared.

Payment data

  • Transaction identifiers, amounts, and method type. Full card numbers and CVVs are never stored on Innerly. They are handled directly by Razorpay (PCI-DSS compliant).

Technical data

  • Device, browser, IP address, and approximate location for fraud prevention and analytics.
  • Cookies and similar technologies. See the Cookies section below.

03How we use your data

  • To run the platform and deliver sessions you book.
  • To verify your identity and your Psychologist's credentials.
  • To process payments, payouts, refunds, and applicable taxes.
  • To send transactional communication (booking confirmations, reminders, receipts).
  • To improve the product, strictly using de-identified, aggregated analytics. We do not train any third-party AI on your clinical content.
  • To comply with legal obligations (e.g. responding to lawful orders from Indian authorities).

04Session confidentiality

Video sessions take place inside Innerly's browser-based clinical room and are not recorded by the platform. Real-time media is end-to-end encrypted (DTLS-SRTP) between you and your Psychologist; Innerly's servers only relay signalling, not audio/video content.

Your Psychologist may take written clinical notes, which are stored encrypted at rest and accessible only to them. We will never disclose session content except under legal compulsion, imminent risk of harm, or with your explicit consent.

05Sharing your data

We share data only with:

  • Your Psychologist: the minimum profile and intake data needed to prepare for and conduct your session.
  • Razorpay: for payment processing and payouts.
  • Communication providers (transactional email, SMS), strictly for sending booking confirmations and reminders.
  • Indian government bodies, only when required by a valid legal order.

We never sell your personal data. We never use your clinical content for advertising.

06Where your data lives

Your data is hosted on cloud infrastructure within India (Mumbai region). Encrypted backups may be stored in a secondary Indian region for disaster recovery. Cross-border transfers, if any, will only occur to jurisdictions notified as permitted under the DPDP Act.

07How long we keep it

  • Account & profile data: for as long as your account is active, then 30 days post-deletion.
  • Session metadata & clinical notes: retained for 7 years from the last session, in line with standard clinical record-keeping norms.
  • Payment and tax records: retained for 8 years to comply with Indian tax law.
  • In-app chat messages: retained for 7 days from when they're sent, then permanently deleted. Session notes and clinical records are not affected by this and follow the retention period above.

08Your rights under the DPDP Act

You may, at any time:

  • Access a copy of the personal data we hold about you.
  • Correct or update inaccurate data.
  • Erase your account and most associated data (subject to retention requirements for clinical and tax records).
  • Withdraw consent for non-essential processing such as marketing.
  • Nominate someone to exercise these rights on your behalf in case of incapacity or death.
  • Lodge a complaint with the Data Protection Board of India.

To exercise any right, write to privacy@themindsathi.in. We respond within 30 days.

09Cookies

We use strictly necessary cookies to keep you logged in and to maintain session security. Optional analytics cookies are loaded only after you opt in via the cookie banner. You can revoke consent any time from Settings → Privacy.

10Children

Innerly is not directed at children under 13. For users aged 13–17, only a verified parent or legal guardian may create the account, and the parent/guardian remains the Data Principal for all related processing.

11Changes to this policy

We will notify you of material changes by email and via an in-app banner at least 7 days before they take effect. The current version is always available at this URL.