Skip to main content

Privacy Policy

This Privacy Policy (“Policy”) is published in compliance with:

(a) The Information Technology Act, 2000,
(b) The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and
(c) The Digital Personal Data Protection Act, 2023 (collectively, the “Applicable Laws”).

This Policy is an electronic record under the Information Technology Act, 2000 and the rules made thereunder and does not require any physical or digital signature.

1. Introduction and Applicability

1.1. This Privacy Policy sets out the manner in which Beyond Echoes, a sole-proprietorship entity having its principal place of business in Pune, Maharashtra, India (hereinafter referred to as “Beyond Echoes”, “We”, “Us”, or “Our”), collects, receives, stores, processes, discloses, transfers, and protects the Personal Data and Sensitive Personal Data or Information (“Personal Information”) of users (“You” or “User”) while accessing or using the website www.beyondechoes.in (“Website”) and any related psychotherapy or consulting services (“Services”).

1.2. By accessing or using the Website or availing any Services, you expressly consent to the collection and processing of Your Personal Information in accordance with this Policy and the Applicable Laws of India.

2. Governing Law

This Policy shall be governed by, construed, and enforced solely in accordance with the laws of India.

Any dispute arising in connection herewith shall be subject to the exclusive jurisdiction of the competent courts at Pune, Maharashtra, India.

3. Categories of Information Collected

3.1. Personal Information:
Information that identifies You or can reasonably identify You, including:

(a) Name, address, contact number, and email address
(b) Age, gender, and demographic information
(c) Details voluntarily shared concerning physical or psychological well-being, mental health history, or therapeutic matters
(d) Payment-related information, limited to details necessary for the processing and confirmation of payments made via:
– Unified Payments Interface (UPI),
– Direct bank transfer,
– Credit/debit cards,
– Secure third-party payment gateways such as Razorpay,
– International remittance platforms such as Wise (TransferWise) and PayPal.

Beyond Echoes does not store complete payment instrument details (such as full card numbers, CVV, or PINs). Payment information is processed through secure and compliant third-party channels, in accordance with applicable Reserve Bank of India (RBI) and data protection regulations.

(e) Any communications, feedback, or documents You voluntarily provide.

3.2. Technical Information:
Data automatically collected during Website use, including Internet Protocol (IP) address, browser type, device identifiers, and Website usage statistics. Cookies or analytics tools may be utilised for functionality and performance improvement.

4. Purpose and Lawful Basis of Processing

Beyond Echoes shall process Personal Information solely for lawful purposes connected to the provision of Services, including:

(a) Scheduling and delivery of psychotherapy or consulting sessions
(b) Communication of appointments, reminders, invoices, and administrative correspondence
(c) Processing of payments and maintaining lawful accounting records
(d) Compliance with statutory and professional obligations
(e) Ensuring client safety in situations of risk to self or others; and
(f) Enhancement of Website functionality and service quality.

Processing shall always be limited to the purposes for which consent was obtained or as otherwise required under Applicable Laws.

5. Confidentiality and Disclosure

5.1. All disclosures made during therapy sessions are treated as strictly confidential. Confidentiality shall be waived only where:

(a) There exists a serious and imminent risk of harm to Yourself or any other person
(b) Disclosure is mandated by a competent court, regulatory authority, or statute
(c) There arises a legal duty to report child abuse or similar offences; or
(d) You have provided written consent permitting limited disclosure.

5.2. Beyond Echoes may engage external service providers (including payment processors and IT infrastructure providers) solely for operational purposes. Such entities shall be bound by written confidentiality and data-protection obligations consistent with this Policy and Applicable Laws.

5.3. Under no circumstances shall Beyond Echoes sell, rent, or trade Personal Information to any third party for commercial gain.

6. Data Storage, Retention, and Security

6.1. All Personal Information shall be stored on secure, access-controlled servers located within the territory of India.

6.2. Beyond Echoes implements reasonable security practices, including managerial, technical, and physical safeguards, in accordance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

6.3. Therapy records and process notes, where maintained, shall be retained for a period not exceeding five (5) years from the date of termination of therapy, unless required for a longer period under law or professional ethics. Upon expiry of such period, records shall be securely destroyed or deleted.

6.4. Financial transactions conducted through UPI, bank transfer, Razorpay, Wise, or PayPal are subject to the respective platforms’ encryption and security protocols. Beyond Echoes does not assume responsibility for breaches or failures occurring within such third-party systems beyond its reasonable control.

6.5. While reasonable measures are taken, Beyond Echoes shall not be liable for any unauthorised access or data breach arising from causes beyond its reasonable control.

7. Rights of the Data Principal

Subject to verification of identity, you shall have the following rights under the DPDP Act, 2023:

(a) Right to Access and Correction: To obtain confirmation of processing and request correction of inaccurate or incomplete data.
(b) Right to Erasure: To request deletion of Personal Information once it is no longer necessary for the purposes for which it was processed, subject to legal obligations of retention.
(c) Right to Withdraw Consent: To withdraw previously granted consent, it being clarified that such withdrawal may restrict Beyond Echoes from continuing to provide the Services.
(d) Right to Grievance Redressal: To raise concerns or complaints in relation to data processing as provided herein.

All such requests shall be addressed within thirty (30) business days from receipt.

8. Cookies and Tracking Technologies

The Website may employ cookies or similar technologies for session management and performance analysis.

Users may disable cookies through their browser settings; however, some features of the Website may become unavailable as a result.

9. Children’s Data

The Services of Beyond Echoes are intended solely for individuals aged eighteen (18) years or above.

Minors may avail Services only under the express consent and supervision of a parent or legal guardian. Beyond Echoes does not knowingly collect Personal Information from children below the age of thirteen (13) years.

10. Amendments

Beyond Echoes reserves the right to modify or amend this Policy at any time to comply with changes in law or internal practice.

The updated Policy shall be published on the Website with the date of revision, and continued use of the Website shall constitute deemed acceptance of such amendments.

11. Grievance Redressal

In accordance with Rule 5(9) of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 and Section 13 of the DPDP Act, 2023, Beyond Echoes has appointed the following Grievance Officer:

Name: Divya Sankaran
Email: divya@beyondechoes.in
Address: Pune, Maharashtra, India

Any request, complaint, or communication relating to this Policy shall be made in writing to the Grievance Officer.

All grievances shall be acknowledged within forty-eight (48) hours and resolved within fifteen (15) business days of receipt, wherever practicable.

12. Disclaimer

This Policy forms an integral part of the Terms and Conditions of the Website. Nothing herein shall create or be deemed to create any contractual rights beyond the obligations expressly stated under the Applicable Laws of India.