Privacy Policy

At Brave Little Minds, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Name and email address
• Phone number
• Organization name and details
• Professional credentials (for healthcare providers)
• Billing information

1.2 Usage Data

We automatically collect information about how you use our platform:

• Login times and IP addresses
• Features and pages accessed
• Device and browser information
• Error logs and performance data

1.3 Patient Data

As a healthcare platform, we process patient data on behalf of our customers (therapy clinics). This may include:

• Patient names and contact information
• Appointment history
• Session notes and therapy documentation
• Billing records

Important: We process this data as a data processor on behalf of healthcare providers who are the data controllers.

2. How We Use Information

We use collected information to:

• Provide and maintain our services
• Process transactions and send billing notifications
• Send appointment reminders and notifications
• Improve our platform and develop new features
• Provide customer support
• Ensure security and prevent fraud
• Comply with legal obligations

3. Data Storage and Security

3.1 Storage

Your data is stored on Supabase (PostgreSQL) infrastructure with:

• Encrypted data at rest and in transit
• Regular automated backups
• SOC 2 compliant data centers

3.2 Security Measures

We implement security measures including:

• SSL/TLS encryption for all data transmission
• Permission-based access controls
• Row-level security for data isolation
• Regular security audits
• Audit logging for all data access

4. Data Sharing

4.1 Third-Party Service Providers

We share data with trusted third parties who help us operate our platform:

• Razorpay: Payment processing
• Twilio: WhatsApp and SMS notifications
• Resend: Email delivery
• Supabase: Database and authentication
• Vercel: Hosting and infrastructure
• Sentry: Error tracking

4.2 Legal Requirements

We may disclose information if required by law or in response to valid legal requests from public authorities.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide services. After account closure:

• Account data is retained for 30 days for recovery
• Billing records are retained for 7 years for tax purposes
• Patient data is retained according to healthcare regulations

6. Your Rights

You have the right to:

• Access: Request a copy of your data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data
• Export: Request your data in a portable format
• Restriction: Request limitation of data processing

To exercise these rights, contact us at care@bravelittleminds.com.

7. Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising cookies.

8. Children's Privacy

Our platform is designed for healthcare providers, not for children. Patient data involving minors is managed by their healthcare providers and guardians in compliance with applicable laws.

9. International Data

Our primary operations are in India. If you access our services from outside India, your data may be transferred to and processed in India.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through our platform. The "Last updated" date at the top indicates when changes were made.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: care@bravelittleminds.com
• Address: Gurugram, Haryana, India