GetUnburden

Privacy Policy

Last updated: June 5, 2026

1. Who We Are

GetUnburden ("we", "our", or "us") is a mental health support platform for medical professionals. If you have any questions about this policy, please contact our Data Protection Officer at privacy@getunburden.com.

2. Information We Collect

We collect the following categories of information when you use our Service:

  • Account Information: Full name, email address, phone number (with +91 country code), hashed password, invite code.
  • Profile Data: Avatar (optional), SOS emergency contact number.
  • Health & Wellness Data: Journal entries (Let It Out), resilience session transcripts, mood check-in logs, self-aware quiz responses, and any other mental health data you voluntarily share.
  • Community Content: Posts, replies, and comments you submit to the community feed.
  • Usage Data: IP address, browser type and version, operating system, pages visited, time spent on pages, referring URL, and timestamps of activity.
  • Communications: Emails sent to us and notifications you receive from the Service.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To create and maintain your account.
  • To provide, personalise, and improve the Service, including resilience sessions, mood tracking, journaling, and community features.
  • To send SOS alerts to your specified emergency contact via SMS (using Twilio).
  • To send service-related communications (e.g., welcome emails, password resets, account notifications).
  • To send marketing or newsletter emails — only with your consent. You may opt out at any time via the unsubscribe link in each email.
  • To detect, prevent, and address fraud, abuse, security incidents, and violations of our Terms of Service.
  • To comply with applicable legal obligations and respond to lawful requests.

4. Health Data — Special Notice

GetUnburden processes health-related data (resilience sessions, mood entries, journal content) as part of its core service. This data is considered sensitive personal information under applicable laws (including India's Digital Personal Data Protection Act, the GDPR, and the CCPA/CPRA).

  • We process this data only with your explicit consent, which you provide when you register and use these features.
  • You may withdraw your consent at any time by discontinuing use of the feature or deleting your account.
  • Your health data is never sold, never used for advertising, and never shared with third parties except as described in this policy.
  • We retain this data only as long as necessary to provide the Service or as required by law.

5. Third-Party Services

We use the following third-party service providers to help us operate the Service. Each provider is contractually bound to handle your data only on our instructions and in compliance with applicable privacy laws:

  • Twilio (SMS Alerts): We use Twilio to send SOS SMS messages to your emergency contact. Twilio receives your phone number and your SOS contact's phone number for this purpose. Twilio Privacy Policy.
  • reCAPTCHA (Bot Prevention): We use Google reCAPTCHA on registration and login forms to prevent automated abuse. reCAPTCHA collects hardware and software information and sends it to Google. Google Privacy Policy.
  • Google Fonts: The Service loads fonts from Google Fonts. Your browser requests the font files from Google's servers, which may record your IP address. Google Privacy Policy.
  • Content Delivery Networks (CDNs): We load certain libraries (Bootstrap, Chart.js, html2canvas, Shepherd.js) from public CDNs (jsDelivr, cdnjs, Cloudflare). These CDNs may log your IP address in accordance with their own privacy policies.
  • PHPMailer (Email Delivery): We use PHPMailer to send transactional emails (welcome, password reset, account deletion confirmation). Email content is transmitted over TLS.

6. Data Sharing & Disclosure

We do not sell your personal information. We do not share your personal information except in the following circumstances:

  • With service providers who act on our behalf and under our instructions (as listed in Section 5).
  • With your SOS contact — when you activate the SOS feature, we send an SMS with your location or message to the contact you designated.
  • When required by law — to comply with a legal obligation, court order, or government request.
  • To protect rights and safety — to enforce our Terms, prevent fraud or abuse, or protect the rights, property, or safety of GetUnburden, our users, or others.
  • With your consent — for any other purpose disclosed to you at the time of collection.

7. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes described in this policy:

  • Account data (name, email, phone, SOS contact): Retained until you delete your account.
  • Health & wellness data (resilience sessions, mood entries, journals): Retained until you delete your account or request deletion of specific entries.
  • Community content (posts, replies): Retained until you delete your account. Anonymous posts may remain but will be disassociated from your identity.
  • Usage data (IP logs, analytics): Retained for up to 12 months, then anonymised or deleted.
  • Communications (support emails): Retained for up to 3 years after closure of the inquiry.

When you request account deletion, we will delete or anonymise your personal data within 30 days, except where we are required by law to retain certain records.

Intermediary retention (IT Rules 2021): As an intermediary under the Information Technology Act, 2000, we retain user account information (name, email, phone, IP logs) for 180 days after account cancellation or deletion, as required by law. This data is retained solely for investigation purposes and is not used for any other purpose.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal information:

  • Encryption in transit: All data transmitted between your browser/device and our servers is encrypted using TLS 1.2 or higher.
  • Encryption at rest: Passwords are hashed using bcrypt. Sensitive data stored on our servers is encrypted.
  • Access controls: Access to personal data is restricted to authorised personnel on a need-to-know basis.
  • Regular audits: We periodically review our security practices and systems.

No method of transmission or storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Correct inaccurate or incomplete data via your profile settings or by contacting us.
  • Erasure (Right to be Forgotten): Request deletion of your personal data. You can initiate this from your profile settings.
  • Portability: Request a machine-readable copy of your data in a commonly used format.
  • Restriction: Request that we limit processing of your data in certain circumstances.
  • Objection: Object to processing based on legitimate interests or direct marketing.
  • Withdraw Consent: Withdraw your consent at any time where processing is based on consent. Withdrawal does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, contact us at privacy@getunburden.com. We will respond within 30 days.

Withdrawing Consent: Where we process your data based on your consent (including health/wellness data), you may withdraw your consent at any time. Withdrawal must be as easy as giving consent — you can do so by updating your preferences in your profile settings, discontinuing use of specific features, or contacting us. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

Complaint to Data Protection Board of India (DPBI): If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Board of India under the Digital Personal Data Protection Act, 2023. You may escalate your grievance to the Board after exhausting our internal grievance process.

If you are in the European Economic Area (EEA), you also have the right to lodge a complaint with your local data protection authority.

10. International Data Transfers

Your data is stored on servers located in the European Union (Contabo data centres, Germany). We selected this region because the EU's data protection framework (GDPR) provides an adequate level of protection recognised under Article 45 of the GDPR and is consistent with the standards required under the Digital Personal Data Protection Act, 2023 (DPDPA).

Under the DPDPA, the Central Government may notify countries to which data transfers are restricted. The European Union is not subject to any such restriction, and we will continue to monitor and comply with any future notifications.

Transfers to India and other jurisdictions: Certain service providers we use (e.g., Twilio for SMS, PHPMailer for email delivery) may process data in India or other countries. Where such transfers occur, we ensure appropriate safeguards are in place, including:

  • Contractual obligations requiring the recipient to maintain the same level of data protection as required under the DPDPA.
  • Standard contractual clauses or equivalent data transfer mechanisms where required by applicable law.
  • Data processing agreements that limit processing to our documented instructions.

If you access the Service from outside the EU, your data may be transferred to, stored, and processed in the EU or other countries where our service providers operate, in compliance with applicable data protection laws.

11. Cookies & Tracking

We use cookies and similar technologies to provide, secure, and improve our Service. Here is a list of cookies we use:

Cookie TypePurposeDuration
Session Cookie (PHPSESSID)Maintains your login sessionSession
CSRF Token CookiePrevents cross-site request forgerySession
Consent CookieRemembers your cookie consent preferences12 months

You can manage or disable cookies through your browser settings. However, disabling essential cookies may affect the functionality of the Service. When you first visit our site, you will be prompted to accept or decline non-essential cookies via our cookie consent banner.

12. Account Deletion

You may delete your account at any time from the "My Profile" section within your account settings. When you request account deletion:

  • Your profile, account information, and personal data will be queued for deletion.
  • Your posts in the community feed may be anonymised (disassociated from your identity) rather than deleted, to preserve community context.
  • We will process the deletion within 30 days of your request.
  • After deletion, we may retain anonymised/aggregated data that no longer identifies you.

13. Children's Privacy

Our Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that a minor has provided us with personal data, we will take steps to delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email and/or a prominent notice on the Service at least 30 days before the changes take effect. Your continued use after the effective date constitutes acceptance of the updated policy.

15. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

  • Data Protection Officer: privacy@getunburden.com
  • Support: support@getunburden.com

16. Grievance Officer

In compliance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, we have appointed a Grievance Officer to address your concerns regarding our Service, user data, or content on the platform.

  • Name: GetUnburden Grievance Officer
  • Email: grievance@getunburden.com
  • Response Time: We acknowledge all complaints within 24 hours and resolve them within 15 days from the date of receipt.

Please provide your full name, email address, and a detailed description of your concern. If your complaint concerns content on the platform, include a link or description of the specific content.

17. Right of Nomination

Under Section 14 of the Digital Personal Data Protection Act, 2023, you have the right to nominate one or more individuals who may exercise your data rights (including access, correction, erasure, and grievance redressal) on your behalf in the event of your death or incapacity. To register a nomination, please contact us at privacy@getunburden.com with the nominee's name and contact details. You may update or revoke your nomination at any time.

18. Data Principal Duties

Under Section 15 of the Digital Personal Data Protection Act, 2023, users of the Service ("Data Principals") have certain duties:

  • Not to impersonate another person while using the Service.
  • Not to suppress any material information while providing data to GetUnburden.
  • To furnish only authentic information and not register with false or fabricated details.
  • Not to file frivolous or vexatious grievances or complaints.
  • To comply with applicable laws while exercising rights under the DPDPA.

19. Breach Notification

In the event of a data breach that is likely to result in harm to users, we will:

  • Notify affected users without delay, providing details of the nature of the breach, the data involved, and steps being taken to mitigate the impact.
  • Notify the Data Protection Board of India within 72 hours of becoming aware of the breach, as required under Section 8(11) of the DPDPA, 2023 and Rule 7 of the DPDP Rules, 2025.
  • Take immediate remedial action to contain and prevent further unauthorised access.

We maintain a documented incident response plan and conduct regular security reviews to minimise the risk of breaches.

20. Annual Compliance Notice

In compliance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, we inform you at least once per calendar year that:

  • You must comply with our Terms of Service and Privacy Policy.
  • Non-compliance with these terms may result in restriction, suspension, or termination of your access to the Service, as well as legal consequences under applicable laws.
  • You may refer to our Privacy Policy and Terms of Service for complete details of your rights and obligations.

21. Language Availability

This Privacy Policy is available in English. Upon request, we will make this policy available in languages specified in the Eighth Schedule to the Constitution of India (including Hindi). To request a copy in another language, please contact us at privacy@getunburden.com.

22. Our Address

GetUnburden is operated from:

GetUnburden
Jodhpur, Rajasthan
India

For legal notices, please contact us at support@getunburden.com.

This Privacy Policy was last reviewed in June 2026 and will be reviewed annually thereafter.

Home· Terms of Service· Sign In· Join

We use essential cookies for authentication and security. We also use third-party services (Google Fonts, CDNs, reCAPTCHA) that may set cookies. Learn more.