Last Updated: April 2026
As a trauma-informed, queer-affirmative, and anti-oppressive practice, I understand that confidentiality is not just a legal requirement—it is the absolute foundation of our therapeutic trust. Because my work involves holding space for stories of marginalization, identity, and healing, your data privacy and digital safety are non-negotiable priorities.
This policy outlines how your personal and sensitive data is collected, used, and protected in compliance with India’s Digital Personal Data Protection (DPDP) Act 2023, the US Health Insurance Portability and Accountability Act (HIPAA), and the EU General Data Protection Regulation (GDPR).
1. My Role as Your Data Fiduciary
Under the DPDP Act 2023, Akash Mohan (operating as Therapy Beyond Labels) acts as the Data Fiduciary. This means I am legally responsible for determining the purpose and means of processing your personal data and ensuring it is handled with the highest ethical and security standards.
2. What Information I Collect
To provide effective therapy and manage our professional relationship, I collect minimal, necessary information, which may include:
- Personal Identification: Name, age, pronouns, and contact details (email address, phone number).
- Sensitive Personal Data: Intake forms, session notes, mental health history, and emergency contact information.
- Administrative Data: Scheduling records and payment/billing confirmations.
3. Why I Collect It (Purpose Limitation)
Your data is collected solely for the following purposes:
- Providing clinical counseling and psychological support.
- Communicating with you regarding scheduling, sessions, and sharing relevant resources.
- Maintaining ethical and legal records as mandated by psychological governing bodies.
I do not, and will never, sell your data, share it with third-party marketers, or use it for purposes outside of our therapeutic contract without your explicit, renewed consent.
4. How Your Data is Secured
Your digital safety is protected by global enterprise-grade security. My practice utilizes a customized, heavily encrypted Google Workspace environment.
- HIPAA Compliance: I hold a signed Business Associate Agreement (BAA) with Google, ensuring that all digital infrastructure (including Google Meet for tele-therapy, Drive for notes, and Gmail) meets strict US federal healthcare privacy standards.
- DPDP & GDPR Alignment: I have executed a Cloud Data Processing Addendum (CDPA) that legally binds the platform to process your data strictly according to my instructions, ensuring zero-access encryption and compliance with Indian and European data protection laws.
5. Your Legal Rights (Data Principal Rights)
As a client (Data Principal), you have the right to autonomy over your information. Under the DPDP Act 2023, you have the right to:
- Access: Request a summary of the personal data I hold about you.
- Correction: Request updates or corrections to any inaccurate information.
- Erasure (Right to be Forgotten): Request the deletion of your personal data when you terminate therapy, subject to ethical record-keeping laws that govern medical and psychological professionals.
- Withdraw Consent: Withdraw your consent for data processing at any time.
6. Limits of Confidentiality
In alignment with professional psychological ethics, all information shared in therapy is strictly confidential. However, there are rare, legally mandated exceptions where I may be required to share information to prevent severe harm:
- If there is an imminent risk of you causing serious harm to yourself or another person.
- If there is suspected abuse or neglect of a minor, an elderly person, or a dependent adult.
- If records are subpoenaed by a legitimate court of law.
7. Grievance Redressal
If you have any questions, concerns, or requests regarding how your data is handled, you may reach out directly to me. I serve as the designated Grievance Officer for this practice and will respond to all data-related requests within 30 days.
Contact: Akash Mohan
info@akashmohan.in
Leave a Reply