Privacy Policy

True Tone Academy ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you visit our website.

Effective Date: January 03, 2026

Therapy related

This Privacy Policy governs the collection, use, storage, and disclosure of personal and health data for online psychotherapy sessions provided by True Tone Academy, an online psychotherapy service in India. It complies with the Mental Healthcare Act, 2017, Digital Personal Data Protection Act, 2023 (DPDP Act), DPDP Rules 2025, Telemedicine Practice Guidelines 2020, and Telepsychiatry Operational Guidelines 2020 (as applicable in 2025).

Scope and Applicability

This Policy applies exclusively to online psychotherapy sessions delivered via our secure web/app platform, including video, audio, or text-based therapy, chat features, self-assessment tools, and appointment scheduling. It covers data of clients (patients), therapists, and guardians where relevant, aligning with telepsychiatry standards for identity verification, consent, and confidentiality. In-person services or hybrid models fall outside this scope unless specified.

Types of Data Collected

We collect:

Identification data: name, age/DOB, gender, phone, email, government ID (for verification), emergency contacts.
Psychotherapy data: session notes, chat/video transcripts (if consented), mood journals, assessments, treatment plans, progress tracking, risk evaluations (e.g., suicide risk).
Platform usage data: IP address, device info, browser/app version, session timestamps, login logs, cookies (for functionality/security), geolocation (if enabled for emergency services).
Billing data: payment details, transaction IDs. Data is minimised to psychotherapy necessities, with pseudonymisation for analytics.

Purposes of Processing

Data supports:

Delivering online psychotherapy: scheduling, identity verification (client and therapist credentials), live sessions, follow-ups, crisis intervention.
Clinical management: maintaining digital records, therapist supervision (anonymised where possible), quality audits.
Platform operations: security, fraud prevention, service improvements using de-identified aggregates.
Legal compliance: mandatory reporting (e.g., imminent harm), billing, regulatory audits. No data used for marketing or AI training without explicit, separate consent.

Consent and Client Rights

Explicit, informed consent obtained via platform before first session, covering data processing for therapy and platform use; separate clinical consent for treatment under MHCA. For minors under 18, guardian consent and verification required; therapists ensure capacity assessment. Rights include access, correction, erasure (subject to record retention), objection/withdrawal; requests processed within DPDP timelines after verification.zensible+5

Confidentiality and Sharing

Strict confidentiality per MHCA and telepsychiatry guidelines; data shared only:

With assigned therapist on need-to-know basis.
Processors (e.g., cloud for video, payment gateways) under DPDP-compliant contracts.
Emergencies/legal mandates (e.g., harm risk, court orders). No third-party sharing for ads/research without consent; de-identified data for platform enhancements only.cis-india+4

Security Measures

End-to-end encryption for sessions/chats, secure video (e.g., compliant with IT Rules), two-factor authentication, role-based access, audit logs, regular penetration testing, and breach response per DPDP (notification within 72 hours if required). Therapists verify client identity pre-session; platform verifies therapist credentials.

Data Retention and Transfers

Session records retained minimum 3-5 years per MHCA/telepsychiatry guidelines, then securely deleted. Usage logs per DPDP security needs. Cross-border transfers (e.g., cloud) only with DPDP safeguards like standard clauses.

Data Protection Officer

Contact: Mr. Senthilkumar [sskumar@gmail.com]. For rights exercise or complaints, reach us; escalate to Data Protection Officer. Continued use of platform implies acceptance.

Music Session related

Information We Collect

Personal Information: Name, email address, phone number, and any details provided through contact forms, registration forms, or inquiries.
Payment Information: Collected securely via third-party payment gateways (we do not directly store credit/debit card details).
Usage Data: Information about how you interact with our website, including IP address, browser type, and pages visited.

How We Use Your Information

To respond to inquiries and provide class-related information.
To process registrations and manage student enrollments.
To send important updates, schedules, or announcements related to classes and events.
To improve user experience and website functionality.

Data Sharing

We do not sell or rent your personal information to third parties.
We may share information with trusted service providers (e.g., payment processors, email service providers) only to the extent necessary to deliver our services.
We may disclose information if required by law or to protect our legal rights.

Cookies and Tracking

Our website may use cookies to enhance user experience, track visits, and improve site functionality.
Users can adjust browser settings to disable cookies, but some features may not function properly.

Data Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access or disclosure.
However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

Your Rights

You may request access, correction, or deletion of your personal information by contacting us.
You may opt out of receiving promotional communication at any time.

External Links

Our website may contain links to third-party sites. We are not responsible for the privacy practices of those websites.

Updates to This Policy

We may update this Privacy Policy from time to time.