Privacy unknown node
Lorem Epsum
Wysa UK App Privacy Policy
Initial Effective Date: Feb 16, 2022 (GMT)
Latest Revised Date: Jan 29, 2025 (GMT)
Version: 3.1.0
You can read our child friendly privacy policy here.
Our privacy policy explains what we do with your provided information when you use our apps and services. This privacy policy applies to services provided by our UK specific applications("apps"), namely Everyday Mental Health by Wysa mobile app("Waitlist App") and Digital Referral Assistant application("e-triage web widget"). If you are using our global Wysa mobile app then refer to this privacy policy.
When you use our apps, you might try out different services, like:
Eligibility and clinical assessment submission services (“Digital Referral Assistant or DRA”)
A text or voice-based digital coach powered by an Artificial Intelligence chatbot (“AI Coach”).
Clinically verified tools delivered over text or voice (“Digital tools”).
Safety referrals for CYP users- Children and Young People (“e-triage referrals”).
Cognitive Behavioural Therapy programs recommended by your Institutional Clinician (“CCBT”).
Ability to communicate with your Institutional Clinician (“Therapist Companion”).
(coming soon) Use the AI Coach powered by Generative AI (“Wysa+”).
The app is made to help you feel happier by showing you ways to take care of your mental health and well-being. The app does not tell you if you have a disease or condition, or how to treat it. The app gives general advice for your mental health and well-being. The AI Coach is an AI technology powered software, not a real person, so it can only help in restricted ways. It does not give medical advice. If you need medical advice, it will suggest seeing a local clinician. It cannot give specific advice for complex health problems.
We will work with your public institution, healthcare institution, educational institution or other organization to offer our services. These are called Institutional services. Before you can use these services, you will need to agree to our rules and the rules of your Institution.
By using our app and services, you agree that we can use your information as described in this privacy policy and any other related policies.
1. About Wysa and Our Contact Details
Wysa is a company with offices in the UK, India, and the USA. In the UK, we are registered with the UK Information Commissioner Office, which helps protect your data. Our registration number is ZB272754.
Where Wysa decides the purpose of personal data processing, we will be the data controllers. Where we perform personal data processing at the intent and direction of your Institution, we will be data processors.
If you have any questions, comments, complaints, or requests about our app and services, you can email us at wysa@wysa.io.
2. What Information We Collect and Use
Depending on how you interact with us, we may collect personal data that can be used to identify you. Notably personal data does not include publicly available information from government records or anonymised or aggregated information.
When you use our app and services.
When you use our app and services, we collect the following information. You control the information you share with us. We design our app to collect as little personal data as possible to keep your data safe and protect your privacy. This means there is less risk of your information being misused. When you share information with us, we are responsible for taking care of it.
Information provided by you.
Information about you. This includes things like your nickname, age-range, gender, pronouns, or identifiers you may voluntarily reveal about yourself.
Conversation data. This covers what you type in messages, your challenges, preferences, feelings, moods, thoughts, task lists, and safety information. It also includes answers to surveys or questionnaires from us or your Institution, and how you use our tools like CBT programs we offer.
Correspondence data. If you email us, you might share personal data like your name, email address, home address, the company you are part of, your job title, and what you talk about in the message.
Feedback data. When we ask for your thoughts on our app and services, we gather your contact info and some basic details about you.
Information collected via automated means or by third parties.
Information from your Institution. Sometimes, your Institutions or their appointed representatives might share or ask you to share your personal data, such as your name, date of birth, Institution identifiers, contact details among others, so we can offer you our services.
App event data. We collect information about what you do in the app, like where you tap, what actions you take, your settings, notifications you get, and the screens you visit.
Device data. When you install the App, we get an ID for your device from the Google Play Store or Apple Play Store. We also collect information about your device, like the type of phone, its time zone, and its operating system. A service provider that helps us securely deliver content might also collect your IP address to provide our services.
Cookie Information. We and our third-party providers collect information about your app use via cookies or similar technologies. We use mandatory or necessary cookies to provide our services.
When you use our DRA services
When you use the e-triage web widget on your Institution website to make a referral submission, we will need to collect some information on behalf of your Institution. This helps your Institution to provide you with health and care services such as the talking therapy services.
You can fill out the information required at your own pace. We will ask for personal details (such as name, age, contact details, among others), answers to health related questions, and any long-term health issues or disabilities. Your Institution decides if you qualify for these services, not us.
We do not decide who gets the help – we just help collect the needed info and pass it to your Institution.
When you use CCBT programs and/or Therapist Companion Service.
Wysa will only share the needed personal data with your Institution and their clinician. This to help them know your progress on the assigned CCBT programs and/or use of the Therapist Companion service. These details can include, but are not limited to, CCBT program progress, notes from the clinician, check-in dates, assessment results, and any emergency alerts.
When you use the e-triage referral service as a CYP user
If you need extra help, you will be asked to fill in a form in the Waitlist App with your personal details and contact. Based on the submission, a clinician from your Institution can get in touch with you. We use this information, on behalf of your Institution, to make sure you get the support you need.
When you use the Wysa+ service
Wysa+ provides an improved experience of the AI Coach service. It allows us to provide you with high-quality, safe, and clinically-approved content. Wysa+ uses third-party Generative AI (“Gen AI”) and our own AI to chat with you. This helps the AI Coach talk about varied conversations and provide responses that are more suited to you. Where provided, Wysa+ allows you to chat in native English and other languages. Your conversation data is processed to provide this service. Every piece of content generated by the AI passes through our safety and quality checks before we use it. Our clinical staff review these content to make sure they are safe, private, high-quality, and work well.
Sources of personal data
We get your personal data either from you, your Institution, or service providers your Institution asks us to work with.
3. How We Use Your Information
Legal grounds
We need to follow data protection laws that make sure we look after your personal data properly. Here is how and why we might use it:
Consent: Sometimes, we ask you if it is okay to use your personal data. You can always change your mind later if you decide you do not want us to use it anymore by writing to us.
Contract Performance: When you use our app or services, we might need some of your personal data to provide our services and make sure everything works properly.
Legitimate Interests: We and service providers we trust might use limited information to keep our services safe from fraud or security problems. We might also use it to make our services better. But do not worry, we will not use your information to train our AI.
Legal Obligation: Sometimes, we need to use your personal data to follow the law or to protect our company and the people who use our services.
Sometimes, we need to use special category data about you, like your mental health and well-being data. We will only do this if we follow the law and have a good reason, such as:
Reasons for substantial public interest: Helping you with advice or support, like counseling, or keeping you safe while you use our app and services.
Health Care: Acting on behalf of your Institution to provide healthcare.
Public health: Acting on behalf of your Institution to help with public health issues, under the guidance of a health professional.
Uses of your Information
We might use the information you give us on our apps and services for these reasons.
Information about you
To provide and manage app and services: Here is what we do with your information:
To recognize which institution you are part of.
To recognize whether a new or existing user to the app and service.
When needed, to ask your permission to turn on your device's microphone and camera.
We allow you to use your apps.
We collect, move, save, and use your provided information to make our services work.
We set up and keep track of your chats and use of our services.
We give you content and tools that are right for your age and gender.
We let you change your nickname.
Where needed, we will connect with your Institution's approved systems to handle your information.
We keep a record of any permissions you give us.
We let you know if we change our rules or privacy notice in the Waitlist App.
Legal grounds: contract performance, legitimate interests.
Use of Conversation data
To provide and manage app and services: We do the following with your information:
We come up with ideas and create AI programs, stories, and ways to talk for our AI Coach. We only use a little bit of data and make sure it cannot be traced back to you. Your conversations are not used to train our AI
We remember the text messages you send and choices you make while using the app.
We figure out if you are feeling happy, sad, or have any problems or questions. This helps us chat with you safely and give you required resources.
We make sure we understand you so our conversations make sense.
We show you safe tools and techniques that can help you.
We make sure any personal details you accidentally share in your messages are removed and cannot be traced back to you.
We look for any medical or emergency words in your messages to help keep you safe.
If we see something that seems like an emergency, we may inform your Institution.
We keep track of your progress when you use the assigned CCBT programs.
We give you information and resources shared by your Institution when you use the Therapist Companion service.
When you use the Therapist Companion service, we share your conversation data with your Institution to help with your care.
Legal basis: contract performance, legitimate interests, and consent. Use of appropriate additional conditions for any special category personal data.
To perform well-being assessments: We do the following with your responses:
We will ask you about how you feel and your mental well-being from time to time.
We keep an eye out for emergencies and may let your Institution know to provide support.
We guide you to helpful hotlines and support resources if you need them.
We recommend tools, tips, and resources to help you feel better.
Legal basis: contract performance, legitimate interests. Use of appropriate additional conditions for any special category personal data.
To provide in-app notifications and reminders: We will send you alerts inside the app if you choose to set reminders and notifications. We will remind you about upcoming service events.
Legal basis: contract performance, consent.
For research, analytics, and compliance reporting: We might remove details that show who you are so that no one can tell the information is about you. We will use this changed information to check how well our app is working and to see if it is safe and useful. Sometimes, we also share this information with regulators to make sure we are following the laws.
Legal basis: legitimate interests, legal obligations. Use of appropriate additional conditions for any special category personal data.
Use of Correspondence data
To communicate effectively with you:We do the following with your responses:
We answer your questions, requests, complaints, and other feedback.
We fix any problems with our services.
We send you important service updates.
We keep track of our conversations with you to make sure we are doing a good job and following the rules, and also to help train our team.
Legal basis: contract performance, legitimate interests.
Use of Feedbacks
To improve our app and services: We do the following with your information:
To invite you to join activities like sharing your thoughts about our product, or helping us test it.
To understand your feedback so we can make our product and services safer and better.
To use your personal details to make sure everyone has a fair chance to join in and that we test our product with the right groups of people.
Legal basis: legitimate intersests, consent.
Use of Information from your Institution
To provide and manage app and services: We do the following for your Institution:
We may send you links or allow you to use codes so you can use the Waitlist App.
To associate and maintain end-to-end continuity in your care when you use our apps.
We may check to make sure you are part of your Institution.
We share required reports and statistics with your Institution.
If there is ever an emergency, we send a message to your Institution to get you more help.
Legal basis: contract performance. Use of appropriate additional conditions for any special category personal data.
Use of app event and device data
To understand app and service usage: We do the following with your information:
We remove any identifiers from your information before using it to check how well our app works and to make sure they are safe.
We check and record the safety and performance of the app so we can report to your Institution or meet our legal requirements.
We share data that cannot identify you about how you use the app with trusted analytics providers. This helps us make the app and its services better.
We use the Information to create new services, technologies, and products.
Legal basis: contract performance, legitimate interests, legal obligation. Use of appropriate additional conditions for any special category personal data.
For marketing purposes: We do the following with your information:
Sometimes, we create and run campaigns, send out surveys, and give updates about our programs.
We also use anonymous data to understand how well we are doing, make marketing materials, and benchmark ourselves with others.
Legal basis: legitimate interests, consent.
To ensure availability and security: We do the following with your information:
To make sure the content on our app works well and you get everything you need.
To keep your information safe from hackers and online threats.
Legal basis: contract performance, legitimate interests.
For fraud prevention: To prevent fraud or misuse of our services and to secure our systems.
Legal basis: legitimate interests.
Use of Cookie Information
We need to use some necessary cookies to make sure our apps work properly. Here is a simple guide to the kinds of cookies we might use:
Essential cookies. These are very important and are needed for the apps to work. They help make sure everything runs smoothly, like when you chat on the app. These cookies do not collect any information about you. We handle these cookies ourselves.
Analytical cookies. We also use these cookies to see how well our apps our doing. They help us understand what is working and what needs fixing. Sometimes, we use our own cookies for this, and sometimes we use Google Analytics. If you want to know what Google Analytics does with the information, you can visit their website. https://www.google.com/policies/privacy/partners/. You can opt out from Google’s cookies by downloading the Google Analytics Opt-out Browser Add-on Download Page. We do not use special Google tools to show you ads or test features on the Waitlist App and e-triage widget. We do not use Google signals, which means we do not collect information about you or what you like.
"Do Not Track" (DNT) is something you can turn on in your web browser to keep your online activities more private. However, even if you turn DNT on, we do not collect those signals today and may not be able to respond to it.
Legal basis: legitimate interests.
Additional processing when you use the DRA Service
For processing your eligibility and clinical assessment data
To process your provided data: We do the following with your information:
We gather, move and store the information you submit.
We delete your personal data when we no longer need it, as agreed with your Institution.
The app provides you with safety resources and guides you on how to use them.
Legal basis: as defined by your Institution for public health, legitimate interests. Use of appropriate additional conditions for any special category personal data specified by your Institution.
To transfer data to your institution: We do the following with your information;
We connect securely with your Institution clinical management system.
We share your eligibility and clinical assessment Information with your Institution.
Legal basis: as defined by your Institution for public health, legitimate interests. Use of appropriate additional conditions for any special category personal data specified by your Institution.
Additional processing when you use the CCBT Program and/or Therapist Companion service
Note: This service is currently available only for research and clinical investigation purposes.
For processing your data related to CCBT and/or communications with your clinician
To process your provided Data. We do the following
Provide access to the assigned CCBT programs within the waitlist app.
Provide access to use the resources provided by your assigned clinician.
Allow your Institution assigned clinicians to review your CCBT program progress and support you.
Where provided access, to allow Clinicians to review your AI Coach conversation data.
Assist you with appropriate support resources and guidance.
Legal basis: contract performance and legitimate interests.
Additional processing for Children and Young People(CYP) users.
For processing your onward support request
To process your provided data: We do the following with your information when you choose to seek additional support:
We gather, move and store the information you submit.
We share your request with your Institution.
We delete your personal data when we no longer need it, as agreed with your Institution.
Where required, We help you find safety resources and guide you on how to use them.
Legal basis: as defined by your Institution.
To transfer your request to authorised parties: We do the following with your information:
We send your request to your Institution or care provider.
If you ask us to, we can also send you a copy of your request.
If you ask us to, we can send a copy of your request to your parent or guardian too.
Legal basis: consent and as defined by your Institution.
Additional processing when you use the Wysa+ service
Use of Conversation data
To provide the Wysa+ Service: We do the following with your information:
We share your relevant conversation messages to Gen AI (“Input”).
We design prompts to guide Gen AI to respond appropriately to the Input. The prompts include your message, summaries of your chats over a period and our validated instructions.
The AI coach detects personal identifiers that you might have shared by mistake. If there are any, the AI coach will ask you to change your conversation message before sending it to Gen AI.
We have safety rules to keep your chats with Gen AI safe. All Inputs go through these safety rules. If your message does not clear the safety rules we do not send it to Gen AI. When Gen AI responds (“Output”), it also has to pass the safety rules. If it does not, we do not release the Output, instead providing a pre-defined safe response.
Legal basis: contract performance, legitimate interests.
We do not share or sell your information, messages, or how you use our apps to advertisers or companies that buy data.
Additional Processing When you join our testing or research initiatives
To process the information shared by you during participation. We do the following
Provide a participant information sheet.
Inform about the testing or study purposes.
Understand your eligibility and shortlist for the study.
Manage your joining process.
Send testing or study related information and reminders.
Seek your feedback and clarify any questions.
Use your personal details to make sure everyone has a fair chance to join in and that we test our product with the right groups of people.
Generate identifiers to associate and maintain integrity of your data across apps you use.
Legal basis: your consent and legitimate interests.
To improve our app features, experience and performance: We do the following with your information:
Invite you to join activities like sharing your thoughts about our product, or helping us test it.
Understand your feedback so we can make our product and services safer and better.
Understand and gather evidence as to whether our products are helpful in improving your mental health and wellbeing.
Establish the effectiveness and impact of Wysa programs.
Where made available, to share supportive resources with you.
Share your study related data and inputs with your Institution's research team.
Legal basis: your consent, public interest, legitimate interests. Collaborated research studies with your Institutions may be in Public Interest.
Note: You can stop participating in the testing or research at any time after it starts.
Processing for Legitimate Interests
We may need to use your personal information for important reasons. Before doing this, we will always protect your rights and privacy. Here are the reasons we might use your data:
To follow our agreements with your Institution.
If the law requires us to use or share it.
For court cases or legal orders.
For law enforcement or national security needs.
To help investigate or stop illegal activities.
To freeze data for legal reasons so that it cannot be changed or deleted.
To report public health information.
To prevent serious risks to health or safety.
To do basic research and understand how people use our services.
To communicate with you about using our app and services.
To fix and protect the app’s security and operations.
To stop fraud or misuse of our service.
To keep your data secure and private.
To make sure the app and services work well and are easy to use.
To protect your fundamental rights, and safety.
To use anonymous data for benchmarking and marketing.
To create new services, technologies, and products.
To answer your questions and requests.
4. How We Protect Your Information
Where is your information stored
The information we collect is saved and kept safe in our cloud servers managed by Amazon Web Services (AWS). Some of your information might be shared and stored with our third-party service providers to provide our services.
How long do we keep your information
When you use our Waitlist App and Services including Institutional Services
When you send us text messages, any personal identifier you share is reasonably removed and saved in a way that cannot be undone. We keep this information only for as long as we need to follow the law or our Institutional contracts. If there is no specific time limit mentioned, we keep your information for up to 10 years from the last time you updated it. After that, we delete your data from our system. Where required by law, we may retain one copy of your data. You can also choose to delete all your conversation data forever by using the 'reset my data' option in the App settings.
Your correspondence data
When you email us, we use the information you give to help you. We keep your emails safe in our Google Workspace account, and only certain staff can look at them. We will keep your email for up to 10 years from the last time you contacted us. We may archive your messages longer where required by the law.
When you use our DRA or e-triage referral service(for CYP users)
We keep your information for the time your Institution has decided. After the agreed time, we delete your information forever from our systems. Once you submit the form and your information, we cannot change it. If you need to add or edit your personal data you will need to reach out to your Institution.
When you use Wysa+ service
We keep your personal and derived information in our and third-party service provider systems only for as long as needed to meet the purposes stated in our privacy policy or as required by law. Where available, we enable "no storage of data" controls with the service providers.
When you join our testing or research initiatives
You can stop participating in the testing or research at any time after it starts. You can do this by using any of the suggested opt-out features or by sending an email to wysa@wysa.io with the subject "opt out of Wysa testing/study". Once you opt out, we will delete your study data within one year. However, the data you provided during research study or testing will be kept according to our data retention policy. We will keep this information only for as long as we need. If there is no specific time limit mentioned, we keep your information for up to 10 years from the last time you updated it. After that, we delete your data from our system. Where required, we may retain one copy of your anonymised data for a longer duration for any future audit or verification purposes.
Data Security
We use physical, organizational, and technical safeguards to keep your information safe. Here are some ways we do that:
Protecting your privacy
You do not need to register to use the app.
Just give us a nickname so our chatbot knows what to call you.
We use pseudonymized identifiers to keep your data and identity safe.
No real people can listen to what you are talking about with the AI Coach.
If you accidentally share personal data, we will make sure to remove it so no one can see it.
As a Waitlist App user, you can choose "reset my data" to delete your conversation data.
Before we use any personal data about you, we make sure it respects your rights.
Protecting your security
We use strong encryption to protect your data when it is being sent or stored.
Only certain people can access your data. They have to use strong passwords and an additional access code.
All our staff computers have extra security.
We maintain contracts with companies we work with to keep your data safe.
We carefully check the background of new staff before hiring them.
We train our staff on how to handle your information securely.
We have experts from outside our company check if we are following the rules every year.
We regularly test our app and systems for any weaknesses.
We fix any problems in our computer code to make sure it is safe.
We often check to make sure we are following our safety plans and rules.
Additional safeguards when you use Wysa+ Services
Every message sent to and from Gen AI is encrypted so no one else can read it.
We check each message you send to make sure it does not have personal identifiers. This helps keep your private details safe from being shared with the Gen AI service provider.
We always check what is sent and received from Gen AI to make sure it is safe and good to use.
We also use safety rules to double-check and make sure everything is safe.
We do not share your device data with Gen AI.
Your conversation messages are never stored at the Gen AI.
Your conversation messages are not used as training data by Gen AI.
Responsibe use of Artificial Intelligence
At Wysa, we use artificial intelligence (AI) programs to understand what you type to us. These programs help us talk with you in a way that makes sense and guides you to helpful information. Our programs follow set rules and do not learn new things on their own. We make sure our AI chatbot is fair, safe, and treats your information with care. If you use the Wysa+ service, we use third-party Generative AI technology to assist you. We have safety measures in place to keep our conversations secure and trustworthy. We also have good practices to monitor and check the use of AI at Wysa, making sure your rights are protected. Please contact us at wysa@wysa.io if you have any more questions about our use of AI.
While Wysa has put in place reasonable clinical safety and data protection controls, you understand and acknowledge that AI is a developing technology. The potential risks inherent to this technology may not be fully understood and fulsome safeguards may not be fully developed. Due to the nature of the technology, you may sometimes get incorrect responses that do not accurately reflect the action required.
We do our best to keep your personal data safe, but no method is perfect. We cannot promise complete security. You can help keep your data safe too. Please do not share personal identifiers where not asked. Please do not copy and share your chats with people you do not know.
Third-Party Sites
The App might have links to other websites or resources. When you click on these links, remember that these other sites have their own rules about privacy. We do not control these other sites and we are not responsible for their privacy rules. It is a good idea to read their privacy rules before you share any personal data on those sites.
Children’s Privacy
The apps are meant to be used only by people allowed by your Institution. If you are too young according to your Institution rules, you should not use this App. Wysa is not responsible if someone lies about their age to use the apps. If you find out that a child has shared personal data with us when they should not have, tell us by sending an email. We encourage parents and guardians to watch over their children's internet use. Tell your children not to give out personal information without your permission.
Best Practices
We want to help you stay safe online. The NCSC Gov.UK website has tips on how to make your devices more secure. The UK ICO site gives easy advice on protecting your personal data when you are online and using computers or other gadgets. You can check out the links below to learn more.
Cyber Aware - NCSC.GOV.UK
Online and electronic devices | ICO
5. Who We Share Information With
Service Providers
We work with third-party companies that help us run our app, fix any problems, and offer other important services. These companies might use your personal data to provide services for us. For a list of service providers please read here.
Legal
We sometimes need to use your personal data to follow the law. This might mean sharing your information with other people like insurance companies, courts, police, or other important organisations around the world. This could happen if they are checking something, during court cases, or if it is required by law. We might also use your information to stop serious health or safety problems, for public health reports, and to keep information safe during legal situations so it is not changed. Also, we might share your information to help with finding out or stopping fraud or crime. We will make sure your rights and interests are protected.
Reorganization
In situations like when we might sell our business, join up with another company, reorganize, or are facing bankruptcy, we may need to share some of your personal data with others. These third-parties will use your information to look at the business deal. After these changes happen, we might also share your information with the new company for the same purposes mentioned in this privacy notice. We will try to let you know by putting a notice on our website, telling your Institution, sending you a notification in the app, or updating this privacy notice.
6. Sharing Information Outside the UK
To help us run our apps and services, we sometimes need to move your data to other countries. Some of these countries might not have strict data protection laws. When we move your personal data from places in Europe and the UK, we make sure to take extra steps to keep it safe. When we send your personal data to places that have good protections, we do not need to take any extra steps. Sometimes, our trusted third-party service providers might need to send your data outside the UK or Europe. We have agreements with our service providers that include data protection safeguards to keep your data safe. We only share the necessary data between our Wysa offices to provide you with the best service. We use strong technology to keep your data safe.
If you have any questions about how we send your data to other countries, you can email us at wysa@wysa.io.
7. Your Data Protection Rights
When you trigger “Reset my data” from app settings
The "Reset my Data" feature is found in the app settings of the Waitlist App. If you use this feature, all your conversation information, including your ID, past chats, reminders, assessment answers, and settings will be deleted from our system. Once you reset, you cannot get back any of your old conversations and you will be treated like a new user. So, think carefully before using this feature.
Your Privacy Rights
What Can You Do About Your Data?
Ask Questions: You can ask us how we are using your personal data.
Get a Copy: You can ask for a copy of the information we have about you.
Fix It: If any information about you is wrong or missing, you can ask us to fix it.
Delete It: If we do not need your personal data anymore, you can ask us to delete it.
Pause It: While we look into any questions you have, you can ask us to stop using your data.
Change Your Mind: If you had said yes to something before, you can still say no later.
Send It Elsewhere: You can ask us to send your personal data to someone else electronically.
Object: You can tell us not to use your personal data for things we think are important.
No Marketing: If you do not want to get marketing emails, just click ‘unsubscribe’ in the emails.
Be fair: When you use our app, we will not treat you unfairly for using your rights.
No Sale: You can choose to stop your personal data from being sold or shared with others who might want to sell it.
Automated Decisions: Our Service uses AI to help you. We do not use AI to know your identity. We always check with you before making key suggestions. We change our conversation anytime you inform us that the AI is not helping. We and our service providers might use AI to make automated decisions or automatically process information if we need to perform our services or to stop fraud, abuse or misuse of our services. By using our Services, you consent to let us use AI for this purpose. We might change the automated approach we use in the future.
How to Exercise Your Rights
You do not usually have to pay anything to use your rights. Sometimes, we might need to check it’s really you asking. Contact us using the details at the top of this privacy notice. We will reply within one month if you ask us for something.
When We Might Say “No”
We might not be able to agree to your request if:
The law says we cannot.
It affects someone else’s privacy.
It could harm you, us, or someone else.
If we need to retain data to ensure the reliability of our research studies.
The request is too much or does not make sense.
8. How To Complain
If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy policy. If you remain unhappy with how we have used your data after raising a complaint with us, you can also complain to the ICO. The ICO’s address:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
9. Changes To This Policy
If we change our Privacy Policy, we will let you know in the app. If you keep using the app after we tell you about the changes, it means you are okay with them.
10. Change Log
V3.1.0 | Jan 31, 2025
1. Added Pharmaceutical organisation as an Institution.
2. Added Handling of pharmacovigilance and Institution-specific data.
3. Added Handling data when you join our testing or research initiatives.
4. Added Public Interest as a legal ground.
5. Added Retention of data provided when you join testing or research initiatives.
6. Added information about limitations of our AI system.
7. Added We may retain your data longer, if we need to retain data to ensure the reliability of our research studies.
8. Minor corrections, sentence reframing, handling omissions and correction of erroneous links.
V3.0.0 | October 30, 2024
Updates
Separate list of service providers
Create a child friendly version of the Privacy Policy.
Additions
Rewrite the Privacy Policy for improved readability.
Provide early notice about our Generative AI Services (Wysa+) and processing.
v2.1.0 | Feb 29, 2024
Added Details about Your request for Children & Young People (CYP) SOS referral support within What personal data do we process and handle as a Processor or Sub-processor?
Added Details about user level data sharing with Institutional users and about processing health data as a business associate within What personal data do we process and handle as a Processor or Sub-processor?
Updated Capture gender and pronouns as other information processed on behalf of Institutions.
Updated Promotional event data and Business (B2B) data details within the “What data do we process after taking your Consent?” section.
v2.0.0 | Jul 26, 2023
Updated Clearly identified all Services governed within the Privacy Policy
Updated Made fresh updates in Key Messages section
Updates Made minor updates in Definition section
Removed two sections from Privacy Policy and included in Terms of Service.
What is Everyday Mental Health by Wysa App?
Who can use the Service?
Multiple In “What personal data do we process and how do we use it as a Controller? “
Added authentication data type along with purpose of processing and lawful basis for Therapist Companion service
Added conversation data type along with purpose of processing and lawful basis
Added institution or subscriber provided data along with purpose of processing and lawful basis
Updated conversation data type with chatbot along with purpose of processing and lawful basis
Updated lawful basis of processing for Device data, Event data, Communication data, Network data
Updated purpose of processing and lawful basis of processing for age-range to include safeguards for children entering the system
Updated Change E-Triage data type to Effectiveness data type to include cCBT programs and Therapist Companion services
Updated In “What personal data do we process and handle as a Processor or sub-processor? “
Update section to cover for cCBT and Therapist Companion service
Multiple In “How do we share your data with third parties?”
Updated Replace links to subprocessor terms and security posture for Firebase, Branch.io and Voodoo
Added three new sub-processors- Zendesk, Iterable and Salesforce/Pardot
Added In Processing of any of you personal data as per our Legitimate Interests, the following
To prevent, detect and repair problems related to the security and the operations of the App
To use anonymized, non-identifiable, non-confidential user data for benchmarking and marketing;
To develop new services, technologies and products
Updated In “What data do we process after taking your Consent?”
Updated data types to cover for use of Therapist Companion where consent is taken
Updated Insight and Involvement data type for scope and purpose of processing
Updated Recruitment data type for purpose of processing
Updated In “How do we secure your data?”
Updated Made minor grammatical corrections for improved clarity
Updated In “How does the Artificial Intelligence chatbot work and is safe to use?”
Updated Provide additional explanation on NLP/NLU algorithms
Updated In “How long do we retain your data including personal data?”
Updated Made minor grammatical corrections for improved clarity
Added a copy of your data is retained In our backup for a time-bound period
Updated In “International transfer of personal data outside of the country you reside in or are currently located”
Updated Made minor grammatical modification for clarity
Multiple In “What are your data protection rights?”
Added new Right to be Informed, Right to non-discrimination and Right to opt-out of sale
Made updates in Right of Access
Multiple In “Can children use Everyday Mental Health by Wysa App?
Updated The App is not to be used by children below your Institution prescribed age.
Added Wysa does not take responsibility for any misrepresentation of age and use.
v1.2.0 | Dec 22, 2022
Additions
Addition of e-triage data processing in "What personal data do we process and how do we use it as a Controller?".
Add details around use of business development and marketing tools in "How do we share your data with third parties?".
New additions, bullet 5 and 6, within "Processing of any of your personal data as per our Legitimate Interests".
Addition of insights and involvement data and business data processing within "What data do we process after taking your Consent?".
New section to organise details around "International transfer of personal data outside of the country you reside in or are currently located".
Updates
Reorganisation and reframing of sections to provide clarity, grammatical correctness and improved alignment to our current intent and purposes.
Updates made to “Do Note” Section.
Minor updates to the table within "What personal data do we process and how do we use it?".
Update, bullets 3, 4 and 14, within "Processing of any of your personal data as per our Legitimate Interests"
Updates to the row on processing of app usage data and promotion data in "What data do we process after taking your Consent?"
Updates made to "How do we secure your data?" section
Update to paragraphs of “Right of Access” and “Right in relation to automated decision-making and profiling” within "What are your data protection rights?"
Group the “withdraw consent”, “breach notification“ and “concerns and complaints” sections within a separate section "Other important information".
v1.1.3 | Sep 20, 2022
Updates
Updates made to "What personal data do we process and handle as a Processor or sub-processor?" - Process and share analytics dashboard for aggregated analytics reporting of eTriage use with user’s Institution.
Update "Cloud Data Processors" to reflect the latest documentation on AWS and MongoDB ATLAS security program.
v1.1.2 | Aug 23, 2022
Updates
Updates made to "What personal data do we process and handle as a Processor or sub-processor?"
Send an email alert to the Institution care provider if an SOS is triggered, during Wysa app use
More clarity on the purposes of processing SOS triggers.
v1.1.2 | Aug 23, 2022
Updates
Updates made to "What personal data do we process and handle as a Processor or sub-processor?"
Send an email alert to the Institution care provider if an SOS is triggered, during Wysa app use
More clarity on the purposes of processing SOS triggers.