Effective Date: 1 July 2025
1. Who We Are
Synchro Ltd (“Synchro,” “we,” “us”) is the data controller for personal data processed via the PsyAtlas Platform.
Legal/General, DPO & Privacy-Request email: hello@psyatlas.com
2. Scope
This Policy explains how we collect, use, share, and protect your information when you:
- visit https://psyatlas.com or our mobile app;
- interact with Practitioners through the Platform; or
- contact us.
3. Information We Collect
| Category | Examples | Purpose | Legal Basis (UK GDPR / GDPR) |
|---|---|---|---|
| Account Data | Email, password | Create & secure your account | Art. 6 (1)(b) contract |
| Profile Data (optional) | Name, surname, nickname, gender, age (in full years), timezone, language, profile photo | Personalise experience, match with Practitioners | Consent Art. 6 (1)(a) |
| Session & Engagement Data | Scheduling info, in-app questionnaires, practitioner feedback | Provide and improve services | Contract / Legitimate interest Art. 6 (1)(f) |
| Payment Data | Last four digits of card, payment ID (processed by Stripe) | Process transactions | Contract |
| Technical Data | IP address, device data, log files, cookies | Security, analytics | Legitimate interest |
No special-category (health) data is intentionally processed.
If you choose to enter sensitive information in free-text fields or during Practitioner sessions, you do so voluntarily.
4. How We Use Your Information
- Operate, maintain & improve the Platform;
- Match clients with Practitioners;
- Send administrative messages;
- Process payments via Stripe;
- Generate non-medical wellness insights using AI models;
- Comply with legal obligations.
5. Sharing & Disclosure
- Practitioners – only the data necessary to conduct a session.
- Stripe – payment processing (PCI-DSS compliant).
- Service Providers – hosting, analytics, email delivery under strict confidentiality agreements.
- Regulators / law enforcement – where required by law or to protect rights.
We never sell your personal data.
6. International Transfers
Our servers are currently located in the EEA. Where data is transferred outside the UK/EEA, we rely on UK “adequacy” regulations or Standard Contractual Clauses.
7. Data Retention
We keep personal data while your account is open plus 30 days, after which it is deleted or anonymised, unless a longer period is required by law.
8. Your Rights
- Access, rectify, or erase your data;
- Restrict or object to processing;
- Data portability;
- Withdraw consent at any time (does not affect past processing);
- Lodge a complaint with the Information Commissioner’s Office (ICO) (UK) or, if you reside in the EU, your local authority. Backup EU authority: CNIL, France.
9. Security
Industry-standard safeguards, including encryption in transit and at rest, protect your information. Absolute security cannot be guaranteed.
10. Cookies
We use essential cookies for core functionality and session security. No optional cookies are set unless you actively enable them in future preferences.
11. Children
The Platform is not directed to anyone under 18. We do not knowingly collect personal data from minors.
12. Changes to This Policy
We will notify you of material changes by email or in-app notice and update the “Effective Date” above.
13. Contact
Data-protection questions? Email hello@psyatlas.com.