Privacy Policy

1. Introduction

Mindora (“we”, “our”, or “us”) is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you use our ADHD assessment and coaching services.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

Mindora is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us at: privacy@mindora.ai

3. Information We Collect

We collect the following types of personal information:

• •Contact Information: Name, email address, phone number
• •Registration Data: Preferred assessment times, additional information you provide
• •Health Information: ADHD assessment responses, clinical notes (special category data)
• •Technical Data: IP address, browser type, device information

4. How We Use Your Information

We use your personal information to:

• •Process your registration and manage your assessment bookings
• •Provide ADHD assessment and coaching services
• •Communicate with you about your assessment and appointments
• •Improve our services and user experience
• •Comply with legal and regulatory requirements

5. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• •Consent: You have given clear consent for us to process your personal data
• •Contract: Processing is necessary to perform our services
• •Legal Obligation: Processing is necessary to comply with the law
• •Legitimate Interests: Processing is necessary for our legitimate business interests

6. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected:

• •Registration data: 2 years after your last interaction with us
• •Clinical records: 8 years in accordance with NHS guidelines
• •Financial records: 7 years for tax and legal purposes

7. Your Rights

Under UK GDPR, you have the following rights:

• •Right of Access: Request a copy of your personal data
• •Right to Rectification: Request correction of inaccurate data
• •Right to Erasure: Request deletion of your data (“right to be forgotten”)
• •Right to Restrict Processing: Request limitation of how we use your data
• •Right to Data Portability: Request transfer of your data to another provider
• •Right to Object: Object to certain types of processing
• •Right to Withdraw Consent: Withdraw consent at any time

To exercise any of these rights, please contact us at privacy@mindora.ai

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Your data is stored securely and encrypted in transit. We regularly review our security practices to ensure your information remains protected.

9. Third-Party Sharing

We may share your data with:

• •Healthcare providers: Nightingale Hospital and clinicians involved in your care
• •Service providers: Secure hosting and technology partners
• •Legal authorities: When required by law

We do not sell your personal data to third parties. Your data is not used to train external AI systems.

10. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

11. Complaints

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. Visit ico.org.uk for more information.