Privacy Policy

Effective Date: 12 August 2025

At Emotist, we are committed to respecting the privacy and confidentiality of the information that you entrust us with. This Privacy Policy outlines the policies and procedures regarding the collection, use, and disclosure of Personal Information from users. Please review this Privacy Policy carefully. This Privacy Policy applies to all users, regardless of location, and we process personal data in accordance with the privacy and security requirements of the jurisdictions where our users and services operate.

As an intermediary platform, Emotist facilitates connections between users and Mental Health Practitioners. While we take measures to ensure privacy, users are advised that their interactions with practitioners through the platform be governed by additional confidentiality policies set by those practitioners.

It is recommended that you do not use the website, mobile application(s), or related services if any of the terms of this Privacy Policy are not in accordance with the applicable laws of your country.

Definitions

Company
“Emotist,” “Company,” “Firm,” “we,” “our,” “us,” “Service Provider,” or similar terminology refer to Emotist as a technology platform facilitating Services.

User
“Client,” “user,” “you,” “your,” or other similar terminology refer to you, as a recipient of the Services provided via the Emotist platform.

Platform
“Platform” refers to the mobile application, website, or web link that users employ to access the Services provided by Emotist.

Mental Health Practitioner
“Mental Health Practitioner,” “Practitioner,” “Professional,” “Mental Health Professional,” “therapist,” or similar terminology refer to practitioners who use the platform to offer their Services.

Nature of Service

Emotist is an intermediary platform that facilitates access to mental wellness solutions, including but not limited to:

• Virtual or in-person therapy/consultation sessions with licensed psychologists, counselors, therapists, and/or psychiatrists.
• Online assessments to evaluate mood disorders, anxiety, stress levels, and other mental health conditions.
• Workshops, webinars, and self-help tools for personal development, stress management, and emotional resilience.
• Secure communication features such as encrypted chat, video calls, and private messaging with professionals.

Emotist does not provide medical or psychological treatment itself. The responsibility for compliance with professional standards and confidentiality lies with the individual practitioners using the platform.

Legal Basis for Processing Data

Where applicable, we process personal data in compliance with the privacy and security requirements of the jurisdictions where our users and services operate. This includes complying with legal requirements for consent, contractual necessity, legitimate interests, and protection of vital interests, as well as any other obligations under applicable law.

Users may withdraw consent at any time by contacting hello@emotist.com.

Types of Data Collected and When It Is Collected

We collect the following data at different stages of your interaction with the platform:

• During Account Creation: Personal information such as name, email, phone number, gender, and date of birth.
• When Logging In and Using the Platform: Account details including username, password, and activity logs.
• When Engaging with Practitioners or Completing Assessments: Health and wellness data such as self-assessments, consultation history, and wellness preferences (securely stored with encryption).
• Automatically While Using the Platform: Technical data such as IP address, device ID, browser type, and app usage logs (stored for six months for security and fraud prevention).
• At the Time of Payment Processing: Billing and transaction data such as payment details and transaction history (full payment card details are never stored).
• If You Choose to Record a Session: Session recordings are stored only with explicit consent.
• While Interacting with Platform Features: Behavioral data including user engagement and accessed features.
• If Location Access is Enabled: Location data such as IP-based geolocation or GPS tracking for service recommendations.
• When Communicating with Support or Providing Feedback: Communication data such as emails, messages, and inquiries.
• When Using Third-Party Login Options: Authentication data from providers like Google or Facebook.
• For Security and Fraud Prevention: Device and network information such as Wi-Fi network details and carrier information.

We collect and process only the minimum personal data necessary for the purposes outlined in this Privacy Policy, and retain it only for as long as required to fulfil these purposes or as mandated by law.

User Rights & Data Access

Depending on your location, you may have rights to access, correct, delete, or restrict the processing of your personal data, request data portability, or object to processing. You may also have the right to lodge a complaint with your local data protection authority. These rights apply in addition to any rights you may have under applicable data protection and privacy laws in your jurisdiction.

To exercise any of your rights under this policy, including access, correction, or deletion of your data, please email us at hello@emotist.com with the subject line: “Data Request.”

Data Retention Policy

• Billing and transaction records are retained for seven years as required by tax regulations.
• Consultation records are kept for five years to maintain quality assurance.
• Technical data is stored for one year for security and fraud prevention.
• Inactive accounts are either deleted or anonymized after two years of inactivity. Users may request account deletion by emailing hello@emotist.com, and requests will be processed within 30 days, except where legal obligations require data retention.
• Session recordings (where explicitly consented to) will be retained for a maximum period of twelve (12) months unless a longer retention period is required by law or for the resolution of disputes, after which they will be securely deleted.

Third-Party Data Sharing

We share data only with trusted third-party service providers, such as cloud hosting platforms (e.g., AWS, Google Cloud), payment processors (e.g., Razorpay, Stripe), and analytics providers for platform optimization. These providers are granted access only to the data necessary to perform their services and must adhere to strict data protection agreements and maintain standards consistent with applicable privacy and security laws in the jurisdictions where services are provided.

Data is never shared for marketing purposes, and international transfers are conducted with appropriate safeguards in place. If client data is transferred outside India, we ensure such transfers are conducted in compliance with applicable laws and with adequate contractual, technical, and organisational safeguards to protect your personal information.

Emotist does not embed or display third-party content such as external videos, ads, or social media feeds within the platform. Any outbound links (if provided) are clearly marked and governed by their respective privacy policies.

Data Security Measures

We implement encryption to secure data during storage and transmission, enforce strict access controls to prevent unauthorized access, and conduct regular security audits to identify and address vulnerabilities. Additionally, we recommend two-factor authentication (2FA) for enhanced account security. Users are responsible for safeguarding their login credentials and should report any unauthorized access or suspicious activity immediately.

All client data is stored on secure servers located in India. Where data is transferred internationally (if applicable), such transfers will be made with appropriate legal safeguards. These measures are implemented in line with industry best practices and the security requirements of applicable laws in the regions where our users and services operate.

Data Sharing with Authorities

User data may be disclosed if required by law, a valid court order, or regulatory authorities. Where legally permissible, we will assess such requests to ensure they comply with applicable laws and protect user privacy. Users will be notified of such disclosures unless prohibited by law or if notifying them would compromise an ongoing investigation.

Cookies & Tracking Technologies

We use cookies and tracking technologies to enhance user experience, analyze platform performance, and improve security. These may include essential cookies for platform functionality, analytical cookies for performance monitoring, and security cookies to prevent fraud. Users can manage their cookie preferences through browser settings or via our cookie settings page, where they can enable or disable non-essential cookies.

User Responsibilities

Users are responsible for maintaining the security of their login credentials, ensuring that the personal information they provide is accurate and up to date, and promptly reporting any unauthorized access or suspicious activity to Emotist.

Breach Notification Policy

In the event of a data breach, we will take immediate action to contain the issue and mitigate risks. Affected users will be notified within 72 hours, in accordance with applicable legal requirements. Relevant authorities will also be informed, and necessary remedial measures will be implemented to prevent future breaches.

Minors’ Data Protection

Our services are not intended for individuals under the age of 18, or the age of digital consent in your jurisdiction (whichever is higher). If we become aware that a minor has registered without appropriate guardian consent, we will take immediate steps to delete their data and terminate access to the platform.

Dispute Resolution and Governing Law

Any dispute, controversy, or claim arising out of or in connection with this Privacy Policy, including its interpretation, breach, termination, or validity, shall be settled by arbitration in accordance with the Arbitration and Conciliation Act, 1996, in Kochi, Kerala, before a sole arbitrator mutually appointed by the parties. The arbitrator’s decision shall be final and binding. However, either party retains the right to seek interim relief or injunctive relief from the courts of Kochi, Kerala, to prevent immediate harm while arbitration is ongoing. Any disputes not subject to arbitration shall fall under the exclusive jurisdiction of the courts in Kochi, Kerala.

Data Protection Contact Information

If you have questions about this Privacy Policy or our data practices, you may contact our Data Protection Officer at hello@emotist.com. For users in the EEA, UK, or Switzerland, you may also contact us through our designated representative (details available upon request).

Grievance Redressal

To address the grievances of the users, Emotist has set up a Grievance Redressal Forum. In case you are dissatisfied with any aspect of our Services, you may contact our Grievance Redressal Officer. Please contact our Grievance Redressal Officer using the details below:

Name: Jewel Kurian
Designation: Consultant Psychologist and Research
Email address: hello@emotist.com
Postal address: 4/461, Second Floor, Valamkottil Towers, Judgemukku, Thrikkakara PO, Ernakulam, Thrikkakara, Ernakulam, Kerala, India, 682021

We assure you a time bound solution not exceeding 30 days from the date of your complaint.

Policy Updates & Contact Information

Emotist reserves the right to update this Privacy Policy as needed. Users will be notified of any significant changes and will be required to review and accept the updated policy before continuing to use the app.

Registered Address: 4/461, Second Floor, Valamkottil Towers, Judgemukku, Thrikkakara PO, Ernakulam, Thrikkakara, Ernakulam, Kerala, India, 682021.
Email: hello@emotist.com