Therapist sign-up

Privacy Policy

Last updated: 1st March 2026

Summary for Users

At My Life, your privacy and trust are our top priorities.
We understand that sharing personal information, especially when seeking support for addiction and mental health requires confidence and care.

Here’s what you need to know in simple terms:

  • We keep your data private and secure. All therapy communications are encrypted and protected under GDPR/UK GDPR.
  • We only collect the data needed to provide therapy and recovery services.
  • We never sell your data.
  • You control your information. You can request a copy, correction, or deletion of your data at any time.
  • Your therapy data stays confidential. Only you and your licensed therapist can access your therapy notes or messages.
  • If there’s ever a risk to your safety, your therapist may act to protect you, as required by law.

For more detail, please read the full policy below.

1. About This Policy

This Privacy Policy explains how My Life (“we”, “us”, “our”) collects, uses, stores, and protects your personal data when you use our website, app, and therapy platform (“the Platform”).
It applies to all users, including clients seeking addiction recovery support and licensed therapists providing care through the Platform.

My Life operates in compliance with:

  • The UK Data Protection Act 2018 and UK GDPR;
  • The EU General Data Protection Regulation (GDPR)

By using My Life, you agree to this Privacy Policy and our Terms of Service.

1.1 Data Controller and Data Processor Roles

To comply with GDPR transparency requirements:

My Life acts as the Data Controller for:

  • Client account information
  • Platform usage data
  • Payment information
  • Support communications
  • System-generated data
  • Therapist account and credentialing data

Therapists act as:

  • Independent Data Controllers of their clinical records and therapy notes, as required by their regulatory body
  • Data Processors when accessing My Life’s platform to provide services on our behalf

We maintain Data Processing Agreements with all therapists to ensure GDPR compliance.

2. What We Collect

We collect and process the following categories of data depending on how you use My Life:

CategoryExamplesPurpose
Personal Identification DataName, email, phone number, emergency contactAccount setup, authentication, and communication
Health and Therapy DataMessages with your therapist, recovery goals, journal entries, therapy notes, questionnairesTo provide and support addiction recovery and therapy services
Payment DataBilling details, transaction IDs (processed via Stripe or other PCI-compliant providers)Securely manage payments and subscriptions
Usage DataDevice type, IP address, app interactionsImprove platform performance and ensure security
Communications DataSupport requests, feedback, reviewsCustomer support and service improvement
Therapist DataCredentials, licensing, professional informationCredentialing, compliance, and therapist payments

Sensitive data, including addiction, mental health, and treatment information is processed only with your explicit consent and in compliance with GDPR Article 9.

3. How We Use Your Data

We process your data only for legitimate purposes, including to:

  • Deliver therapy and addiction recovery services through licensed professionals;
  • Facilitate communication between you and your therapist;
  • Verify identities and maintain platform security;
  • Provide customer support and respond to requests;
  • Monitor and improve the quality and safety of therapy;
  • Comply with legal, professional, and regulatory obligations;
  • With your consent, send updates or wellness content related to recovery.
  • Safeguarding / Risk of Harm:
    If there is a credible risk to your safety or the safety of others, limited information may be shared with emergency contacts or authorities under the legal basis of Vital Interests and Legal Obligation.

We will never use your therapy content for advertising or marketing.

4. Legal Basis for Processing (GDPR / UK GDPR)

We process your personal data on the following lawful bases:

PurposeLegal Basis
Providing addiction and therapy servicesContractual necessity
Health and therapy data processingExplicit consent; health and social care basis
Marketing communicationsConsent (can be withdrawn any time)
Data security and fraud preventionLegitimate interest
Legal compliance and public safetyLegal obligation / vital interests

5. Service Providers and Data Sharing

We only share your data with trusted Service Providers who process information on our behalf under strict confidentiality and data protection agreements.

These include providers for:

  • Secure cloud hosting ( AWS)
  • Payment processing (e.g., Stripe);
  • Encrypted video and messaging tools; Twilio
  • Data analytics (aggregated, anonymised form);
  • Legal and compliance partners (when required).

We never sell or rent your data.

We may disclose data only:

  • To comply with legal requirements;
  • To protect your vital interests or those of others;
  • During business restructuring, where safeguards remain in place.

6. Data Storage and Security

My Life employs advanced technical and organisational measures to safeguard your information, including:

  • End-to-end encryption of therapy messages and video sessions (AES-256);
  • Secure Sockets Layer (SSL/TLS) encryption for all transmissions;
  • Encrypted and access-controlled databases;
  • Regular vulnerability scanning and penetration testing;
  • Multi-factor authentication and least-privilege access controls;
  • 24/7 monitoring and incident response procedures.

In the unlikely event of a data breach, we will notify affected users and regulators as required by law (GDPR Articles 33–34).

Who can see the interactions I have with my Therapist?

  • You and your Therapist
    • Both of you can see all messages exchanged.
  • My Life Clinical Operations Team (Licensed Therapists)
    • With your consent, a licensed Therapist on the Clinical Operations Team may review your correspondence for quality assurance.
    • This may occur if you raise concerns about your Therapist or if we identify potential issues with a Therapist’s clinical care.
  • External Legal Team
    • In rare cases, our external Legal team may review correspondence for specific accounts.
    • This happens only when there is a reason to believe a security, legal, or fraud issue may be occurring with that account.

Additional clarity:

  • Therapists cannot see your payment details, app usage analytics, or device information.
  • Clinical Operations Team access is limited, logged, and audited.

7. Data Retention

We retain data only for as long as necessary to provide services and comply with legal obligations:

Data TypeRetention Period
Account and Therapy DataUp to 10 years after last activity or as required by law.
Non-therapy data (e.g.,Logs, analytics)2 Years
Erase requestsProcessed within 24 hours (Except when retention is required by law)

Therapists must maintain Clinical Health Records as required by law and professional standards, even after account deletion.

8. Your Rights

Depending on your jurisdiction, you have the right to:

  • Access a copy of your personal data;
  • Rectify inaccurate or incomplete information;
  • Erase your data (“right to be forgotten”), where legally permitted;
  • Restrict or object to certain processing;
  • Withdraw consent at any time;
  • Data portability – receive data in a machine-readable format.

To exercise your rights, email info@mylifetherapy.co or use the in-app settings under Account > Privacy.

If you are not satisfied, you have the right to contact:

  • The UK Information Commissioner’s Office (ICO) at www.ico.org.uk, or
  • Your local data protection authority.

9. International Data Transfers

All data is stored securely in servers located within the UK, EU, or U.S., depending on your region.
Any international transfers are governed by:

  • Standard Contractual Clauses (SCCs) approved by the European Commission; and
  • HIPAA-compliant Business Associate Agreements.

10. Cookies and Tracking

My Life uses cookies and similar technologies to:

  • Enable secure login and session management;
  • Measure performance and improve features;
  • Offer optional analytics and advertising (only with your consent).

You can manage or opt out of cookies in your browser or app settings.
We do not use therapy or health data for advertising.

11. Data Concerning Addiction and Mental Health

Because addiction recovery data is particularly sensitive, we apply additional safeguards:

  • Access to therapy data is restricted to the user and their assigned therapist.
  • Data used for analytics is anonymised and aggregated.
  • No recovery content, journal entries, or messages are ever used for marketing or shared outside of the therapeutic context.
  • If a therapist believes a user is at risk of harm, limited information may be shared with emergency services, as permitted by law.

Added clarity:

  • Therapists may store clinical notes separately from the My Life platform, as required by law.
  • These notes remain the therapist’s legal responsibility as an independent Data Controller.

12. Children and Vulnerable Users

My Life is intended for users aged 18 and above.
We do not knowingly collect data from minors.
If you believe we have collected data from a child, please contact info@mylifetherapy.co and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy periodically to reflect legal or operational changes.
When significant updates occur, we will notify users via email, app notification, or banner on our website.

14. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact:

My Life
Thameside House
Hurst Road
East Molesey
Surrey KT8 9AY
United Kingdom

Email: Info@mylifetherapy.co