Privacy Policy

Healing Hugs Psychological Solutions (Pvt) Ltd
Effective Date: 06/29/2025
Last Updated: 06/29/2025

Healing Hugs Therapy (Pvt) Ltd (“we,” “our,” or “us”) is committed to protecting your privacy and handling your personal information with the utmost care, confidentiality, and transparency. This Privacy Policy outlines how we collect, use, store, and protect the personal and sensitive data of users (“you,” “your”) who access and use our secure online counselling platform and related services.

By using the Healing Hugs Therapy platform (the “Platform”) and the services we provide (the “Services”), whether on your own behalf or on behalf of someone else, you agree to the terms set out in this Privacy Policy. You also consent to the collection, use, and management of your personal information in accordance with the practices described herein.

This Privacy Policy is part of our Terms and Conditions, and the definitions used in those Terms apply here as well.

Healing Hugs reserves the right to amend this Policy from time to time to reflect changes in legal, regulatory, or operational requirements. We encourage you to review this Policy periodically to stay informed about how your data is being managed.

We understand the sensitive nature of personal and mental health information and take our duty to protect your data seriously. Any information we collect is strictly for the purpose of delivering and improving our services, fulfilling legal and regulatory obligations, and ensuring the secure and ethical operation of our platform. We do not sell or share your personal data with external parties for marketing or unrelated purposes.

By accessing or using Healing Hugs Therapy, you confirm that you have read, understood, and agreed to the terms of this Privacy Policy.

1. Collection of Personal Information

We collect personal data from you when you interact with the Platform, create an account, book sessions, or communicate with us or our mental health professionals. This information includes, but is not limited to:

  • Identifying data: Full name, date of birth, gender, username.
  • Contact details: Email address, phone number.
  • Health-related data: Information you disclose during sessions, uploaded documents, therapist notes (only accessible to your assigned provider), and mental health history.
  • Technical data: IP address, browser type, time zone settings, operating system, device identifiers.
  • Usage data: Platform interaction logs, session booking history, and support requests.
  • Payment data: Transaction records and billing details processed via third party gateways.

We collect this data either directly from you or indirectly via third-party systems (e.g., analytics tools or payment processors). We do not knowingly collect information from individuals under 18 years of age without verified parental or guardian consent.

2. Purpose of Data Processing

Your personal data is collected and processed for the following purposes:

  • To register and manage your user account and ensure secure access.
  • To schedule, facilitate, and record therapy sessions.
  • To communicate important platform-related updates, reminders, and service messages.
  • To personalize your user experience and provide customer support.
  • To comply with legal and regulatory obligations.
  • To detect, prevent, and mitigate fraudulent or unauthorized activity.
  • For administrative operations, security auditing, and analytics to improve platform performance and safety.

Where legally required, we will request your explicit consent for data processing, particularly for sensitive data or optional marketing communications.

3. Data Storage and Retention

Your personal data is stored securely using encrypted systems. All therapy notes and health-related information are kept safely within the Healing Hugs platform and are only accessible to authorized professionals involved in your care.

We keep your data only as long as necessary to provide our services or meet legal requirements. In most cases, health records are stored for up to 7 years after your last session, in line with professional and legal guidelines.

4. Sharing and Disclosure of Information

Healing Hugs does not sell or rent your personal information. We may disclose your data in the following limited circumstances:

  • To your assigned Provider, for the sole purpose of delivering counseling services.
  • To trusted service providers (e.g., payment processors, IT support, cloud hosting) who are bound by strict confidentiality and data protection agreements.
  • If legally compelled to do so by law enforcement, regulatory authorities, or court order.
  • In case of imminent risk of harm to you or others, in accordance with professional ethical guidelines and legal duty of care.

Where data is transferred outside Sri Lanka, such transfers are made in compliance with applicable legal requirements, and we ensure appropriate safeguards are in place.

5. Security Measures

The security of your personal information is of utmost importance to us at Healing Hugs Therapy. We are committed to ensuring the confidentiality, integrity, and privacy of all personal data submitted through our platform. Our security practices are regularly reviewed and updated to reflect advancements in technology and emerging threats.

We take all reasonable steps to protect your data from misuse, interference, loss, and from unauthorized access, alteration, or disclosure. While we strive to maintain the highest standards of data protection, it is important to understand that no method of data transmission over the Internet or method of electronic storage can be guaranteed to be completely secure. Once we receive your data, we apply rigorous safeguards to ensure it is protected within our systems.

Our team members and service providers are contractually and ethically bound to uphold strict confidentiality and data protection responsibilities. However, to the fullest extent permitted by law, Healing Hugs Therapy cannot be held liable for any loss or damage arising from unauthorized access to your personal information beyond our reasonable control.

6. Your Rights

As a data subject under the Personal Data Protection Act No. 9 of 2022, you are entitled to exercise the following rights:

  • Right to Access: Request a copy of your personal data held by us.
  • Right to Rectification: Request corrections to any inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data, subject to legal retention exceptions.
  • Right to Object: Object to data processing under certain circumstances.
  • Right to Withdraw Consent: Revoke consent at any time without affecting prior processing.
  • Right to Data Portability: Request transfer of your data in a machine-readable format.

Requests must be made in writing to our Data Protection Officer at dpo@healinghugstherapy.com. We will respond within the legally mandated period (21 days in Sri Lanka).

7. Cookies and Tracking Technologies

Our Platform uses cookies to enhance user experience and analyze web traffic. You may choose to disable cookies through your browser settings; however, this may affect platform functionality.

We do not use third-party advertising or behavioral tracking services.

8. Updates to This Privacy Policy

We reserve the right to update this Privacy Policy at any time to reflect legal, technical, or service changes. All updates will be posted on our Platform with a revised “Last Updated” date. Continued use of the Platform after changes have been posted constitutes your acceptance of those changes.

9. Contact Us

If you have any questions or concerns about this Privacy Policy or your data rights, please contact:

Healing Hugs Psychological Solutions (Pvt) Ltd
Email: info@healinghugstherapy.com
Website: www.healinghugstherapy.com