Privacy Policy

Your privacy matters to us. This policy explains how we collect, use, and protect your personal information.

Last updated: June 2026

What We CollectHow We Use ItSharingRetentionSecurityYour RightsCookiesContact

Draft Policy

This privacy policy is currently being finalised to ensure full compliance with GDPR and Irish data protection laws. Final policy will be published soon.

BeeWell ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. We comply with the General Data Protection Regulation (GDPR) and the Irish Data Protection Acts 1988-2018.

1

Information We Collect

We collect information you provide directly and information collected automatically when you use our platform.

Account Information

  • Name and email address
  • Phone number
  • Password (encrypted)
  • Profile information

For Therapists

  • Professional qualifications
  • Accreditation body membership
  • Practice details
  • Bank account details for payments

Booking & Payment Data

  • Session bookings and history
  • Payment transactions (processed by Stripe)
  • Cancellation records

Technical Data

  • IP address
  • Browser type and version
  • Device information
  • Usage data and analytics

Sensitive Data: We do not collect or store the content of therapy sessions. The therapeutic relationship and session content remain confidential between you and your therapist.

2

How We Use Your Information

We use your information for the following purposes:

Provide Services

To create and manage your account, facilitate bookings, and process payments.

Verify Therapists

To verify therapist qualifications and accreditation status.

Communications

To send booking confirmations, reminders, and important service updates.

Improve Platform

To analyse usage patterns and improve our services.

Legal Compliance

To comply with legal obligations and protect our rights.

3

Sharing Your Information

We do not sell your personal information. We may share your information in the following circumstances:

With Therapists/Clients

When you book a session, relevant contact and booking information is shared between Client and Therapist to facilitate the service.

Service Providers

We use trusted third-party services to operate our platform:

  • Stripe - Payment processing
  • Google Meet - Online session hosting
  • Google reCAPTCHA - Bot/abuse protection on sign-up (see Cookies)
  • AWS SNS - SMS verification codes
  • Hosting providers - Secure data storage

Legal Requirements

We may disclose information if required by law or to protect the rights, property, or safety of BeeWell, our users, or others.

4

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

Active

While your account is active and in use

7 Years

Financial records for tax compliance

On Request

Deleted when you close your account

5

Data Security

We implement appropriate technical and organisational measures to protect your personal data:

Encryption

All data transmitted using SSL/TLS encryption

Secure Storage

Data stored on secure, access-controlled servers

Password Security

Passwords hashed using industry-standard algorithms

Access Controls

Limited staff access on a need-to-know basis

6

Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

Right to Access

Request a copy of the personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure

Request deletion of your personal data ('right to be forgotten').

Right to Restriction

Request restriction of processing in certain circumstances.

Right to Portability

Receive your data in a structured, commonly used format.

Right to Objection

Object to processing based on legitimate interests or marketing.

To exercise any of these rights, please contact us at . We will respond within 30 days.

7

Cookies

BeeWell uses strictly necessary cookies required for the platform to function, plus Google reCAPTCHA on our sign-up forms to protect against automated abuse (see below). We do not use advertising or marketing cookies.

Session Cookie

When you log in, we set a single session cookie that keeps you authenticated while you use the platform.

NamePurposeContentsDuration
next-auth.session-token
(HTTPS: __Secure- prefix)		Keeps you logged in between page visits. Without it you would need to sign in on every page.An encrypted JSON Web Token (JWT) signed with a server-side secret. It contains your internal user ID, account role (e.g. User or Therapist), and the session expiry time. The contents are not readable without the server key.1 hour of inactivity (standard)
8 hours ("Remember me")
Deleted on logout

Strictly necessary — no consent required. Because this cookie is essential for authentication, it is exempt from consent requirements under the ePrivacy Directive. Disabling it will prevent you from logging in.

Local Storage

We also store your most recent therapist search filters in your browser's local storage (not a cookie) so they are restored when you return to the search page. This data never leaves your device and is cleared when you clear your browser data.

Bot protection (Google reCAPTCHA)

Our registration forms use Google reCAPTCHA to distinguish humans from automated bots and protect against spam and abuse. To do this, reCAPTCHA collects information about your device and behaviour — including your IP address, browser and device details, and on-page interactions — and sets its own cookies. This information is sent to and processed by Google. We do not send your registration details (name, email, phone, password) to Google — only reCAPTCHA's own verification token. We rely on reCAPTCHA on the basis of our legitimate interest in keeping the platform secure. See Google's Privacy Policy and Terms of Service.

Managing Cookies

You can delete or block cookies through your browser settings. Blocking the session cookie will prevent you from logging in. Local storage can be cleared via your browser's developer tools or privacy settings.

8

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Data Controller: BeeWell

Email:

Address: Dublin, Ireland

You also have the right to lodge a complaint with the Irish Data Protection Commission (DPC) if you believe your rights have been violated.

Questions About Your Privacy?

We're committed to transparency. Reach out if you have any concerns.

Terms & Conditions