Privacy Policy

Personal Information We Collect

We may collect the following types of personal information:

• Full name
• Email address and phone number
• User credentials
• Location data (if necessary for service delivery)
• Device and usage data (such as IP address, browser type, and operating system)
• Any other personal information you voluntarily provide

How We Use Your Information

Your personal information is used for the following purposes:

• To provide, operate and improve our Services
• To communicate with you (e.g. updates, notifications, support)
• To comply with legal and regulatory obligations
• To personalize user experience within the app
• To detect and prevent fraud or misuse or security tests

Cybersecurity and Data Protection

We implement strict technical and organizational security measures to protect your personal information, including:

• Access Control: Access to personal information is restricted to authorized personnel only, using role-based access control.
• Authentication: We require strong passwords and support multi-factor authentication to secure user accounts.
• Secure APIs: All communication with our systems is authenticated and validated to prevent unauthorized access.
• Patch Management: We keep all systems and software up to date with the latest security patches.
• Backups: Regular encrypted backups are maintained to ensure data recovery in the event of data loss or breach.

Sharing Your Information

We do not sell or rent your personal information. We may share your information with:

• Verified Service providers who help us operate our app (under strict confidentiality agreements)
• Legal or regulatory authorities when required by law

Your Rights Under POPIA

As a data subject, you have the right to:

• Access the personal information we hold about you
• Correct or update your information
• Request deletion or restriction of processing (subject to legal grounds)
• Object to processing for direct marketing purposes
• Withdraw consent where processing is based on consent

Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, loss, or misuse. Access to your data is limited to authorized personnel only.

Data Retention

We retain your personal data only as long as necessary for the purposes for which it was collected or as required by law.

Data Deletion

You have the right to request that we delete the personal information we hold about you. Upon receiving your request, we will:

• Verify your identity to protect your information.
• Assess whether we are legally required or entitled to retain any portion of the data.
• Remove the eligible data from our active systems within a reasonable time frame.
• Inform you once the deletion has been completed.

Please note that:

• Some data may be retained for a limited period to comply with legal, regulatory, or contractual obligations.
• Deleted data may remain in system backups for a limited time but will not be used for any active processing.

Children's Privacy

We do not knowingly collect personal data from children. If you believe we have collected data from a minor, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting a notice in the app or emailing you where appropriate.

Contact Us

If you have any questions, complaints, or requests regarding this Privacy Policy, please contact us at privacy@mentalmosaic.com.