Privacy Policy

Souleya SAS operates the dashboard and related technical services under the My International Therapy brand.

This policy applies to data processed when an account is created, the dashboard is used, an appointment is booked, messages are exchanged, a payment is made or support is requested.

Depending on the case, the platform may process identity, contact details, timezone, language preferences, appointment history, messages, payments, technical logs, uploaded documents, billing information, login traces and evidence of acceptance of contractual documents.

When this information is linked to a consultation, follow-up, specialty, reason, patient-therapist message, document or invoice connected to a service, it may constitute personal health data or data from which a health context can be inferred.

When a therapist connects Google Calendar, the platform also processes the information required to detect unavailability and, if active settings provide for it, to create or update events linked to appointments.

When processing concerns sensitive data or data collected in the context of follow-up or a therapeutic service, the platform applies proportionate security measures: access control, role separation, backups, logging, confidentiality and limitation of access to authorised persons only.

Compliance does not rely on a single technical provider: the platform retains its obligations for application security, access control, compartmentalisation, logging, minimisation, confidentiality, backup, retention and management of data breaches.

Documents, attachments, invoices, exports, backups and sensitive logs are processed in non-public areas. Access requires authentication and authorisation appropriate to the user role.

The platform may use technical processors necessary for the service, including hosting, payment, email, connected calendars, technical analytics or support. Processors handle data according to their own contracts, instructions and service scopes.

AI assistance features, when enabled, must be limited to strictly necessary data, ideally aggregated or pseudonymised, and must not cause unnecessary transmission of patient notes, documents, messages or identifiers.

Processing required for account creation, booking, messaging, payment, invoicing, support and security is mainly based on performance of the contract or pre-contractual steps requested by the user.

Certain technical processing, security logs, anti-fraud controls, acceptance evidence and backups are based on the operator’s legitimate interest in securing the platform and demonstrating service compliance.

Cookies or trackers that are not strictly necessary are processed according to the rules applicable to consent or objection where required; however the platform limits its first-party audience measurement to what is strictly necessary for service management, security and improvement.

Data may be accessible, as needed, to the platform operations team, the therapist concerned, technical providers required for the service and, where necessary, legally authorised authorities.

Payments are processed by Stripe and connected calendars by Google; these providers process certain data according to their own policies and contracts.

Account data is retained while the account remains active, then archived or deleted according to applicable legal, tax, accounting, evidentiary and security obligations.

Evidence of acceptance of the Terms and the Privacy Policy may be retained longer where necessary to defend the platform’s rights or demonstrate consent or a contractual agreement.

The platform implements proportionate technical and organisational security measures: access control, encrypted passwords, logging, role separation, therapist/patient compartmentalisation, backups, session restrictions, limited support access, error monitoring and protection of sensitive files outside public areas.

Despite these measures, no system can guarantee absolute security. In case of an incident or suspected breach, the platform analyses the event, takes useful corrective measures, documents the incident and makes the required notifications where regulations require it.

To demonstrate acceptance of contractual documents, the platform records in particular the document version, technical fingerprint, date and time, IP address, user agent, language, registration context and, where relevant, the URL of the accepted document.

Subject to applicable legal limits, every data subject has a right of access, rectification, erasure, restriction, objection and, where the conditions are met, data portability.

Requests may be sent to paul@my-international-therapy.com. Proof of identity may be requested where necessary for the security of the request.

Cookies strictly necessary for operation, security, authentication, dashboard stability and first-party internal audience measurement remain permanently active in a configuration limited to service management and improvement.

The platform may measure dashboard page views, interface clicks limited to non-personal technical labels, as well as performance, stability and error indicators in order to improve the product, without cross-site matching or advertising reuse. The corresponding data is minimised, kept within the first-party scope and used to produce aggregated internal statistics.

Preferences and marketing remain optional categories managed through the banner or preference centre displayed by the dashboard.

For any question about privacy, GDPR rights or dashboard operation, you can write to paul@my-international-therapy.com.

If, after contacting us, you consider that your rights are not respected, you may also lodge a complaint with the competent supervisory authority, including the CNIL for France.

The system records the document version, technical hash, date, IP address, user agent, locale and registration context to strengthen proof of acceptance.