1. Introduction

1.1 Purpose

This Privacy Policy ("Policy") governs the collection, use, and disclosure of personal data by MBM Therapies ("We," "Us," or "Our"). This Policy is designed to inform you ("User," "You," or "Your") about how we handle your personal data and to ensure compliance with applicable laws and regulations, including but not limited to Indian privacy laws such as the Information Technology Act, SPDI Rules, and the Digital Personal Data Protection Act, 2023, the General Data Protection Regulation ("GDPR") and United States privacy laws.

1.2 Applicability

This Policy applies to all users who access or use our website, mobile applications, and other online services (collectively, the "Services"). By using our Services, you consent to the practices described in this Policy.

2. Data Controller Information

2.1 Identification

The data controller responsible for the collection and processing of your personal data in connection with the Services is MBM Therapies, a mental health service provider.

2.2 Contact Information

For any questions or concerns regarding this Policy or our data practices, you may contact us at

3. Personal Data Collected

3. Personal Data Collected

We collect various types of personal data, including but not limited to:

  • Identifiable information (e.g., name, email address)
  • Health-related information (e.g., medical history, therapy records)
  • Payment information (e.g., credit card details)

3.2 Methods of Collection

Data may be collected directly from you, through the use of our Services, or from third-party sources, such as healthcare providers.

4. Purpose of Data Collection

4.1 Service Provision

The primary purpose of collecting your personal data is to provide you with mental health services, including matching you with appropriate therapists and managing your therapy sessions.

4.2 Legal Obligations

We may also collect data to comply with legal obligations, including reporting and record-keeping requirements.

5. Legal Basis for Data Processing

5.1 Consent

By using our Services, you consent to the collection, use, and disclosure of your personal data as described in this Policy.

5.2 Compliance with Laws

We process your data in compliance with applicable laws and regulations, including GDPR, U.S. privacy laws, and Indian privacy laws such as the Information Technology Act and the Digital Personal Data Protection Act, 2023.

6. Data Retention Policy

6.1 Retention Period

We will retain your personal data for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws, including Indian privacy laws and regulations.

6.2 Data Deletion

Upon the expiration of the retention period or upon your request, your data will be deleted in accordance with legal requirements and our data deletion procedures.

7. Data Sharing and Third Parties

7.1 Conditions for Sharing

We may share your personal data with third parties only under the following conditions:

  • With your explicit consent
  • For legal compliance
  • With healthcare providers for the purpose of service provision
  • As mandated under Indian privacy laws and regulations

7.2 Third-Party Vendors

We may engage third-party vendors to perform services on our behalf, such as payment processing and data analytics. These vendors are contractually obligated to maintain the confidentiality and security of your data.

8. User Rights

8.1 Right to Access

You have the right to request access to the personal data we hold about you, including the purposes for which it is being processed and the categories of data being processed.

8.2 Right to Rectification

You have the right to request the correction of inaccurate or incomplete personal data.

8.3 Right to Erasure

You have the right to request the deletion of your personal data, subject to certain legal exceptions.

9. Consent Mechanism

9.1 Obtaining Consent

We obtain your explicit consent for the collection, processing, and sharing of your personal data through clear and accessible mechanisms, such as opt-in checkboxes.

9.2 Revocation of Consent

You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

10. Cookies and Tracking Technologies

10.1 Use of Cookies

We use cookies and similar tracking technologies to enhance user experience and for analytics.

10.2 Cookie Policy

For more information on how cookies are used and how you can manage them, please refer to our Cookie Policy.

11. Security Measures

11.1 Data Security

We employ robust security measures, including encryption and secure servers, to protect your personal data from unauthorized access, alteration, disclosure, or destruction.

11.2 Security Audits

We regularly conduct security audits to ensure the effectiveness of our data protection measures.

12. Data Breach Notification

12.1 Notification Procedures

In the event of a data breach that compromises your personal data, we will notify you and relevant authorities as required by law, within 72 hours of becoming aware of the breach.

12.2 Remedial Actions

We will take all necessary remedial actions to mitigate the impact of the data breach and prevent future occurrences.

13. Children’s Privacy

13.1 Parental Consent

If we become aware that personal data from minors has been collected without verifiable parental consent, we will take steps to delete such information.

14. International Data Transfers

14.1 Cross-Border Transfers

Your personal data may be transferred to and processed in countries other than the country in which you are resident, including the United States, under compliance with applicable laws.

14.2 Safeguards

We employ appropriate safeguards, such as standard contractual clauses, to ensure the lawful transfer of your personal data across borders.

15. GDPR Compliance

15.1 Data Protection Rights

Under the General Data Protection Regulation (GDPR), European Union citizens have additional data protection rights, including data portability and the right to object to processing.

15.2 Data Protection Officer

We have appointed a Data Protection Officer to oversee compliance with GDPR requirements. For inquiries, contact

15.3 DPDP Act Compliance

Under the Digital Personal Data Protection Act, 2023, Indian citizens have specific rights regarding their personal information, including the right to data portability and the right to object to processing. For inquiries related to DPDP Act compliance, contact us at

16. CCPA Compliance

16.1 California Residents

Under the California Consumer Privacy Act (CCPA), California residents have specific rights regarding their personal information, including the right to opt-out of the sale of personal information.

16.2 CCPA Requests

Requests under the CCPA may be made by contacting us at

17. HIPAA Compliance

17.1 Health Data

If applicable, we comply with the Health Insurance Portability and Accountability Act (HIPAA) in the handling of health-related information.

17.2 Safeguards

We employ administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of health information.

18. Third-Party Links

18.1 External Links

Our Services may contain links to third-party websites not operated by us.

18.2 Disclaimer

We are not responsible for the content, privacy policies, or practices of third-party websites. Users are encouraged to read the privacy policies of any third-party websites visited.

19. Updates to the Privacy Policy

We reserve the right to update or amend this Privacy Policy at any time.

19.2 Notification

Changes will be communicated via email or through notifications on our Services, and will be in compliance with Indian privacy laws and regulations.

20. Contact Information

20.1 Queries and Complaints

For any queries, complaints, or requests related to this Privacy Policy, please contact us at

20.2 Data Protection Officer

Our Data Protection Officer can also be reached at the above email address for specific inquiries related to data protection.