Privacy Policy

1. Introduction

Offload Technologies Ltd (“Offload”, “we”, “our”, “us”) provides digital therapy tools for mental health professionals and their clients. We are committed to protecting your privacy and safeguarding the personal and health-related information processed through our platform (“Services”).

By using Offload, you acknowledge that you have read and understood this Privacy Policy.

Data Controller:
Offload Technologies Ltd
71–75 Shelton Street, London, England, WC2H 9JQ
Email: hello@offloadweb.com

2. Who This Policy Applies To

• Therapists using Offload in their professional practice
• Clients completing exercises assigned by therapists
• Website visitors
• Newsletter subscribers

3. Data We Collect

A. Therapist Data

• Name, email
• Professional information (bio, specialities)
• Account settings and preferences
• Subscription status and billing metadata (payment details handled externally)
• Technical and usage data (e.g., device information, login timestamps)

B. Client Data

• Name, email
• Therapy exercise responses
• Journaling and mood entries
• Technical and usage data (device/browser metadata, login information)

C. Messaging Data

Offload provides secure messaging between therapists and clients using a third-party communications provider.

• Message content is processed only for delivery
• Content is not stored long-term and is automatically deleted within a short retention period (approx. 7 days)

D. Other Data

• Newsletter email addresses
• Basic analytics and usage metrics
• Cookies (as described in our Cookie Policy)

4. How We Collect Data

• Directly from users when accounts are created, forms are filled, or exercises are completed
• Automatically via cookies, logs, and service usage
• Through essential service providers that support platform functionality, such as hosting, payment processing, messaging delivery, analytics, and email notifications

5. How We Use Your Data

A. To Provide the Services

• Create and manage accounts
• Connect therapists and clients
• Deliver therapy exercises and tools
  Legal basis: Contract (therapists), Consent (clients)

B. To Process Subscription Payments

• Billing details are processed securely by an authorised payment processor
• Offload does not store full payment card or tax data
  Legal basis: Contract

C. To Communicate With You

• Account notifications, system updates, and security alerts
• Optional newsletters where you have provided consent
  Legal basis: Contract / Legitimate Interest / Consent

D. To Improve and Protect the Services

• Diagnostics, security monitoring, fraud prevention
  Legal basis: Legitimate Interest

6. Service Providers (Generic Description)

To operate the Services, Offload works with carefully selected external providers who support:

• Cloud hosting and data storage
• Payment processing
• Secure messaging and communication delivery
• Email delivery and notifications
• Newsletter management
• Analytics and performance monitoring

These providers process data only on our instructions, under confidentiality obligations, and with appropriate safeguards (including GDPR-aligned contracts and, where applicable, HIPAA-related agreements).

7. Cookies

We use cookies for functionality, security, and basic analytics.
For full details, see our Cookie Policy:
https://www.offloadweb.com/cookie-policy

8. Data Retention

• Client data: Retained until the therapist deletes the client, or after 24 months of inactivity
• Therapist data: Retained until the account is deleted or after 24 months of inactivity
• Messaging content: Automatically deleted after a short retention period (approx. 7 days)
• Newsletter data: Retained until you unsubscribe
• System backups: Retained according to the hosting provider’s secure backup schedule

9. International Transfers

Where data is transferred outside the UK/EU, appropriate safeguards are applied, such as Standard Contractual Clauses or equivalent protections, to ensure compliance with data protection laws.

10. How We Protect Your Data

We implement administrative, technical, and physical safeguards, including:

• Encryption in transit (TLS) and at rest
• Secure cloud infrastructure with restricted access
• Role-Based Access Control (RBAC) ensuring therapists access only their clients’ data
• Automatic session timeout after inactivity
• Logging of access to personal and health-related data
• Encrypted backups and multi-region redundancy
• Strict access controls for internal staff and developers

These measures meet GDPR requirements and align with HIPAA technical safeguards where applicable.

GDPR Compliance (UK & EU Users)

If you are located in the United Kingdom or the European Economic Area (“EEA”), Offload processes your personal data in accordance with the UK GDPR and EU GDPR.

Data Protection Principles

We process personal data according to GDPR requirements of:

• Lawfulness, fairness and transparency
• Purpose limitation
• Data minimisation
• Accuracy
• Storage limitation
• Integrity and confidentiality
• Accountability

Lawful Bases for Processing

We rely on several lawful bases depending on your role and how you use the Services:

• Contract: for therapists who subscribe and use Offload professionally
• Consent: for clients providing therapy exercise responses and for newsletter subscriptions
• Legitimate interests: for platform security, analytics, product improvement
• Legal obligation: where required by law (e.g., fraud prevention, regulatory compliance)

Your Rights Under GDPR

You have the following rights in relation to your personal data:

• Right of access – request a copy of your personal data
• Right to rectification – request correction of inaccurate data
• Right to erasure – request deletion of your data
• Right to restriction – limit how your data is processed
• Right to object – object to certain types of processing
• Right to data portability – request your data in a portable format
• Right to withdraw consent – where processing is based on consent
• Right to lodge a complaint with a data protection authority (e.g., the UK ICO)

We respond to all GDPR-related requests within 14 days.

International Transfers

When personal data is transferred outside the UK/EEA, we ensure appropriate protection via Standard Contractual Clauses (SCCs) or equivalent safeguards.

Data Protection Impact Assessments

Where required (such as when processing health-related data), Offload conducts Data Protection Impact Assessments to evaluate risks and implement appropriate safeguards.

Contact for GDPR Matters

You may exercise your GDPR rights or ask questions at: hello@offloadweb.com

11. Your Rights

You may request, at any time:

• Access to your personal data
• Correction of inaccurate data
• Deletion of your data
• Restriction or objection to processing
• Data portability
• Withdrawal of consent (for clients and newsletter subscribers)

Requests can be made to: hello@offloadweb.com
We aim to respond to all privacy-related requests within 14 days.

You may also lodge a complaint with the UK Information Commissioner’s Office (ICO).

12. Children

Offload is intended for adult users aged 18+.
If we become aware that data from a minor has been submitted, it will be deleted promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material updates will be communicated through the platform or by email.

14. Contact

Offload Technologies Ltd
71–75 Shelton Street
London, England, WC2H 9JQ
Email: hello@offloadweb.com.