Legal

Privacy Policy

Last updated May 19, 2026

Introduction

Maintained Mind is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website and services. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

What Data We Collect

We collect and process the following categories of personal data:

  • Account Information: Your name, email address, and password (stored in hashed form).
  • Payment Information: We do not store your bank details. All Direct Debit payments are processed securely by GoCardless, our payment partner.
  • Usage Data: Information about how you interact with our platform, such as session attendance and resource access.
  • Communications: Emails and messages you send to us, including support requests.
  • Technical Data: IP address, browser type, and device information for security and analytics purposes.

How We Use Your Data

We use your personal data for the following purposes:

  • To create and manage your member account.
  • To process your membership subscription and payments via GoCardless.
  • To send you session reminders, resource updates, and membership communications.
  • To respond to your inquiries and provide customer support.
  • To maintain the security and integrity of our platform.
  • To comply with legal obligations.

Legal Basis for Processing

Under UK GDPR, we process your data on the basis of: (1) contract performance — to fulfill our agreement with you; (2) legitimate interests — to run and improve our service; (3) legal obligation — where required by law; and (4) consent — where you have explicitly agreed, such as for marketing emails.

How We Store & Protect Your Data

Your data is stored securely using industry-standard encryption and access controls. We use Lovable Cloud for our backend infrastructure, which provides enterprise-grade security, including encrypted data at rest and in transit.

We retain your personal data only for as long as necessary: account data is kept for the duration of your membership plus up to 6 years for legal and tax purposes, after which it is securely deleted or anonymized.

Data Sharing & Third Parties

We do not sell your personal data. We only share data with trusted third parties when necessary:

  • GoCardless: For processing Direct Debit payments. Your bank details are handled directly by them.
  • Microsoft Teams: For hosting group sessions. Only your name and email are used for session access.
  • Service Providers: Trusted vendors who help us operate our platform, bound by strict confidentiality agreements.

Your GDPR Rights

Under UK GDPR, you have the following rights:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data.
  • Right to Restrict Processing: Request that we limit how we use your data.
  • Right to Data Portability: Request your data in a structured, commonly used format.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

Requesting Account Deletion

You can request deletion of your account and associated personal data at any time. To do so:

  1. Log in to your Maintained Mind dashboard and use the account settings.
  2. Or email us at kim@online-psychotherapist.com with the subject "Account Deletion Request."

We will process your request within 30 days and confirm once your data has been deleted, except where we are legally required to retain certain records.

Cookies & Tracking

We use essential cookies to maintain your session and ensure the platform functions correctly. We do not use third-party tracking cookies or advertising pixels. You can manage cookie preferences through your browser settings.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by email or via the dashboard. The "Last updated" date at the top of this page indicates when the policy was last revised.

Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Email: kim@online-psychotherapist.com