• Identity and contact details: name, email address, and phone number.
• Inquiry details you submit through contact forms, including subject and message content.
• Booking details: selected service, date, time slot, and verification status.
• Payment-related metadata from Stripe (for example, payment status and session identifiers). We do not store full card details on our servers.
• Technical and usage information such as IP address, browser/device data, and interaction metrics collected through analytics and anti-abuse tools.

• Provide and manage psychology, counselling, and booking services.
• Verify requests and prevent abuse (including bot protection via Google reCAPTCHA).
• Process and confirm payments through Stripe.
• Send service communications such as verification codes, booking updates, and contact responses.
• Create or manage session scheduling information (for example through calendar integrations).
• Monitor performance and improve service quality, reliability, and user experience.
• Comply with legal, regulatory, accounting, and security obligations.

Depending on your location and applicable law, we process data under one or more of the following legal bases: your consent, performance of a contract (or pre-contractual steps), our legitimate interests in operating and securing the service, and compliance with legal obligations.

We do not sell your personal data. We may share data with trusted service providers that process data on our behalf:

• Vercel (hosting, performance monitoring, and analytics).
• Stripe (secure payment processing).
• Google reCAPTCHA (spam and abuse prevention).
• Resend (transactional email delivery).
• Google Calendar API (scheduling and session event management where applicable).

Payments are processed by Stripe. Mindfullume does not store full payment card numbers, CVC codes, or full card expiration details on its own servers. Payment data handling is subject to Stripe's privacy and security practices.

We retain personal data only as long as necessary for the purposes described in this policy, including service delivery, security, dispute resolution, and legal compliance. Some booking-related data is processed in short-lived temporary storage during verification flows (for example, temporary booking tokens may expire after approximately 15 minutes).

Our service providers may process personal data in countries other than your own. Where required, we take steps intended to ensure appropriate safeguards for international transfers.

We use reasonable technical and organizational measures to protect personal data. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Depending on applicable law, you may have rights to:

• Request access to personal data we hold about you.
• Request correction of inaccurate or incomplete personal data.
• Request deletion of personal data where legally permitted.
• Object to or request restriction of certain processing activities.
• Request a portable copy of certain data where applicable law provides this right.
• Withdraw consent where processing is based on consent.

To exercise these rights, please reach out through our contact page. We may need to verify your identity before completing your request.

Our services are not directed to children under the age required by applicable law for independent consent. If you believe a child has provided personal data without proper authorization, please reach out through our contact page so we can review and take appropriate action.

We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the "Last updated" date above.

If you have any privacy questions or requests, please reach out through our contact page.