Privacy Policy

At PsIA, your privacy is not just a compliance requirement—it's a core value. Whether you're exploring our website, joining our waitlist, or participating in our continuing research & development, we're committed to handling your personal data thoughtfully, transparently, and securely.

This Privacy Policy explains how PsIA ("us," "we," or "our") collects, uses, stores, and protects your personal data when you visit our website or interact with us. "Personal Data" means any information that, on its own or combined with other information, can identify you as an individual.

We are committed to upholding high standards of privacy and adhering to applicable regulations, including:

• Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial legislation, including Quebec Law 25

• The European Union's General Data Protection Regulation (GDPR)

• California's Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) and California Online Privacy Protection Act (CalOPPA)

• Colorado Privacy Act (CPA)

• Utah Consumer Privacy Act (UCPA)

• Connecticut Data Privacy Act (CTDPA)

• Virginia Consumer Data Protection Act (VCDPA)

• Brazil's Data Protection Legislation (LGPD)

• South Africa's Protection of Personal Information Act (POPIA)

This policy applies to your interactions with PsIA during our pre-launch phase and beyond, specifically:

• Visiting our website (www.psia.app or related domains).

• Joining our waitlist, subscribing to our mailing lists, or expressing interest through various forms or interactions.

• Contacting us via email or forms.

• Participating in user research activities (like surveys, interviews conducted by our team, or feedback sessions using interactive tools).

• Creating and using a PsIA account as part of our early access program.

This Policy does not cover third-party websites, applications, or services that might be linked from our site (e.g., research tools, social media). These external sites operate independently and have their own privacy policies. We encourage you to review their policies if you choose to interact with them.

We believe in collecting only the data we truly need for specific purposes, based on your consent or other legal grounds. This includes:

**a) Information You Provide Directly:**

• **Contact Information:** Such as your name (optional) and email address, collected when you subscribe to specific email communications (like our waitlist or newsletters), contact us, or register for an account. We collect this based on your explicit consent for the specific purpose stated at the time of collection.

- *Why:* To send you the communications you requested (e.g., pre-launch updates, newsletters), respond to your inquiries, manage your account, and invite you to participate in relevant research & development. Information collected may be associated with your account if you choose to register for our services.

• **Professional Information:** Such as your profession and practice jurisdiction (optional).

- *Why:* To help us understand our community and tailor PsIA to better meet therapists' needs (collected with consent).

• **Feedback and Research Responses:** Any information, text, audio, or video you choose to share when participating in surveys, providing feedback, or during interviews conducted by our team. Interviews conducted directly by our team often utilize video conferencing tools like Zoom. With your explicit consent, these sessions may be recorded, and features like transcription or other AI processing (such as generating summaries or identifying key themes) might be used to help us analyze the feedback effectively. This data may be processed and stored within our customer relationship management (CRM) system, Attio.

- *Why:* To gather valuable insights that help us shape a more meaningful and useful platform, and to better understand your needs. Your participation is always voluntary, and specific consent will be sought for recordings or the use of specific tools and AI processing features.

**b) Information Collected Automatically:**

• **Device and Usage Data:** When you visit our website, we may collect technical information like your IP address, browser type, language settings, operating system, and general usage patterns (e.g., pages visited). This is often collected via server logs or basic analytics tools.

- *Why:* To understand how visitors interact with our site, improve user experience, ensure security, and diagnose technical issues.

**c) Information Collection via Third-Party Research Tools:**

• We utilize trusted third-party tools for specific functions essential to our research. Notably, we use Voicepanel, an AI-powered platform, to facilitate interactive research conversations (which may involve voice, video, or text responses). When you choose to participate in research using such tools, Voicepanel collects your responses directly on our behalf based on your consent. It may also use AI processing for functions like transcription and thematic analysis to help us understand the feedback. We carefully vet partners like Voicepanel for their privacy and security practices.

**Important Note on Children's Privacy:** Our website and services are not directed at individuals under the age of 16. We do not knowingly collect Personal Data from children. If you believe we have inadvertently collected such information, please contact us immediately so we can remove it.

Your Personal Data is used solely for the following purposes, grounded in our legitimate interest to develop our service and communicate with interested individuals, or based on your explicit consent:

• **To Communicate With You:** Sending the specific communications you consented to receive (e.g., waitlist updates, newsletters, marketing emails), responding to your messages, providing service-related information, and informing you about important updates.

• **To Conduct Research:** Collecting and analyzing feedback through dedicated research activities (like interviews using Zoom or interactive conversations via Voicepanel) and website usage patterns to improve our platform design and user experience.

• **To Manage Relationships and Improve Services:** Understanding your needs and feedback through our communications with you. This may include analyzing consented call recordings and related AI processing outputs (like transcriptions or summaries) stored in our CRM system (Attio) to improve our interactions, tailor future communications, and enhance our services. Data collected during pre-launch may be linked to your profile upon registration or further consent to provide a continuous experience and maintain relationship history.

• **To Maintain and Secure Our Services:** Ensuring our website functions correctly and protecting against misuse.

• **To Meet Legal Obligations:** Complying with applicable laws and regulations.

We process your data based on the following legal grounds:

• **Your Consent:** For activities like subscribing to specific email lists (waitlist, marketing, newsletters), participating in recorded or AI-assisted research interviews (including related AI processing), or receiving specific marketing communications. You can withdraw consent at any time.

• **Our Legitimate Interests:** To develop our business, understand our audience, manage relationships effectively using tools like our CRM, improve our offerings based on aggregated or anonymized insights, maintain website security, and communicate essential non-marketing service updates, provided these interests don't override your rights and freedoms.

• **Legal Requirements:** When necessary to comply with the law.

We **never** sell or rent your Personal Data.

We share your Personal Data only in limited circumstances and with appropriate safeguards:

• **Service Providers:** We may use trusted third-party companies to perform specific functions necessary for our operations. These include:

- **Email campaign providers / marketing automation platforms** like MailerLite: To manage email subscriptions, send communications you've consented to, and provide preference management tools.

- **CRM platforms** like Attio: To help us manage contact information and communication history, and potentially process consented call recordings/transcripts and related AI processing outputs obtained via tools like Zoom.

- **Video conferencing platforms** like Zoom: For conducting interviews and meetings.

- **AI-powered research platforms** like Voicepanel: For facilitating interactive feedback sessions.

- **Cloud hosting services**: For data storage. These providers are contractually obligated to protect your data and use it only for the services we've requested.

• **Legal Requirements:** We may disclose your information if required by law, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. Where possible and legally permissible, we will notify you of such disclosures.

• **Business Transfers:** If PsIA undergoes a merger, acquisition, or sale of assets, your Personal Data might be transferred as part of that transaction. We would provide notice before your information is transferred and becomes subject to a different privacy policy.

Cookies are small text files stored on your device when you visit a website. During our pre-launch phase, our use of cookies is minimal:

• **Essential Cookies:** Some cookies may be necessary for the basic functioning of our website or embedded tools (like remembering your consent choices or supporting the functionality of research tools like Voicepanel or video conferencing tools).

• **Analytics Cookies (Optional):** We might use basic analytics tools that employ cookies to help us understand website traffic and usage patterns (anonymously where possible).

We aim for transparency. You will typically be informed about non-essential cookies via a banner where you can manage your preferences. You can also usually configure your browser settings to refuse or alert you about cookies. However, disabling essential cookies might affect the functionality of certain parts of our site or research tools.

We keep your Personal Data only for as long as it's necessary for the purposes for which it was collected, or as required by law.

• **Email List Subscriptions (Waitlist, Marketing, etc.):** We retain your contact information for a specific list as long as you remain subscribed to that list. You can unsubscribe or manage your preferences at any time (see Section 10). If you unsubscribe from all communications and do not have another active relationship with us (e.g., an account), we will delete your contact information after a reasonable period, unless required otherwise by law. This data may be stored within our CRM (Attio) and/or our email campaign management platform (MailerLite).

• **Research Data:** Interview recordings, transcripts, outputs from AI processing (like summaries or analysis), and interactive tool responses are retained for the duration needed for analysis and product development, after which they will be anonymized or deleted according to the specifics of the research consent. This data may be stored within our CRM (Attio), cloud storage provider and/or another secure platform.

• **Website Usage Data:** Typically retained for a shorter period, sufficient for security and analytics purposes.

When data is no longer needed for its specified purpose and there is no legal requirement to retain it, we securely delete or anonymize it.

We take the security of your Personal Data seriously and implement appropriate technical and organizational measures to protect it against accidental loss, unauthorized access, alteration, or disclosure. These measures include:

• Using secure HTTPS connections for data transmission.

• Implementing access controls to limit who can view Personal Data.

• Regularly reviewing our security practices

• Ensuring third-party service providers (including Attio, Zoom and Voicepanel) have adequate security measures.

While we strive to protect your data, no system is 100% secure. In the unlikely event of a data breach, we will notify you and relevant authorities as required by law.

Your Personal Data may be stored and processed in Canada, the United States, the European Union, or other locations where our service providers (like Attio, Zoom, Voicepanel, hosting providers, email providers, etc.) operate. When we transfer data across borders, we ensure appropriate safeguards are in place (like Standard Contractual Clauses for transfers outside the EEA or adequacy decisions) to protect your data in accordance with this policy and applicable laws.

Depending on your location (e.g., Quebec, elsewhere in Canada, EEA, California, Brazil, South Africa), you have specific rights regarding your Personal Data. We are committed to honoring these rights, which may include:

• **Right to Access:** To know if we process your data and request a copy of it. (PIPEDA, GDPR Art. 15, CCPA/CPRA, CPA, VCDPA, CTDPA, UCPA, LGPD, POPIA)

• **Right to Rectification:** To correct inaccurate or incomplete data. (PIPEDA, GDPR Art. 16, CPRA, CPA, VCDPA, CTDPA, LGPD, POPIA)

• **Right to Erasure (Right to be Forgotten):** To request deletion of your data, subject to certain exceptions (e.g., legal obligations, ongoing relationship based on consent/contract). (GDPR Art. 17, CCPA/CPRA, CPA, VCDPA, CTDPA, UCPA, LGPD, POPIA)

• **Right to Restrict Processing:** To limit how we use your data in specific circumstances. (GDPR Art. 18, LGPD)

• **Right to Data Portability:** To receive your data in a structured, machine-readable format and transfer it elsewhere (applies to data provided by you, processed based on consent or contract). (PIPEDA, GDPR Art. 20, LGPD)

• **Right to Object:** To object to processing based on our legitimate interests. (GDPR Art. 21, LGPD, POPIA)

• **Right to Withdraw Consent:** To withdraw your consent at any time for processing based on consent (like unsubscribing from marketing lists or participating in specific research, including consent for recording and related AI processing). Withdrawing consent applies going forward, not retroactively. You can typically manage your email preferences or unsubscribe directly via links provided in our emails or through a preference center when available.

• **Right to Opt-Out (Specific Jurisdictions like California):** To opt-out of the "sale" or "sharing" of personal information (as defined by laws like CPRA) or targeted advertising. (Note: PsIA does not currently "sell" personal information in the conventional sense). (CPRA, CPA, VCDPA, CTDPA, UCPA)

• **Right to Non-Discrimination:** You will not be treated differently for exercising your privacy rights. (CCPA/CPRA, CPA, VCDPA, CTDPA, UCPA)

• **Right to Lodge a Complaint:** To file a complaint with your local data protection authority if you believe your rights have been violated. (GDPR Art. 77, LGPD, POPIA)

• **Right to Appeal (Specific US States):** To appeal our decision regarding your rights request. (CPA, VCDPA, CTDPA)

**How to Exercise Your Rights:** If you wish to exercise any of these rights, please contact us using the details below. For your protection, we may need to verify your identity before fulfilling your request. We'll respond within the timeframes required by applicable law.

As PsIA evolves, we will update this policy. We will post any changes on this page (www.psia.app/privacy) and update the "Last Updated" date. For significant changes, we may also notify you directly (e.g., via email if you are subscribed to one of our lists). We encourage you to review this policy periodically.

Have questions about this policy or your privacy at PsIA? We welcome them. Please reach out to our designated Privacy Officer:

• **Privacy Officer:** Gregory Fortin-Vidah, Head of Product Development

• **Email:** privacy@psia.app

• **Website:** www.psia.app/privacy

We value your trust and are committed to being transparent and responsive partners in safeguarding your privacy.