Legal & Policies

1. Information We Collect

1.1 Personal Information

When you sign in to our website, we collect:

• Email Address: Used for authentication and communication
• Name: If provided through OAuth providers (Google)
• Profile Picture: If provided through OAuth providers

1.2 Automatically Collected Information

When you visit our website, we may automatically collect:

• Browser Type: Information about your web browser
• Device Information: Type of device you're using
• IP Address: Your internet protocol address (anonymized)
• Usage Data: Pages visited, time spent, and interactions

2. How We Use Your Information

We use the information we collect to:

• Provide Authentication: Enable you to sign in and access your account
• Send Magic Links: Deliver secure sign-in links to your email
• Maintain Your Session: Keep you signed in across visits
• Track Downloads: Remember which resources you've accessed
• Improve Our Services: Understand how our website is used
• Send Notifications: Inform you about new resources (if opted in)
• Provide Support: Respond to your inquiries and requests

3. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your data based on:

• Consent: You have given clear consent for us to process your personal data
• Legitimate Interests: Processing is necessary for our legitimate interests (providing services)
• Contract: Processing is necessary to fulfill our service to you

4. Third-Party Services

4.1 Supabase (Authentication & Database)

We use Supabase for authentication and data storage. Your data is stored securely on servers located in the EU/UK. See Supabase Privacy Policy.

4.2 EmailIt (Email Delivery)

We use EmailIt to send magic link emails. Your email address is processed for delivery only. Emails are not stored or used for marketing purposes without your consent.

4.3 Google OAuth (Optional)

If you sign in with Google, we receive basic profile information (name, email, profile picture). See Google Privacy Policy.

5. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption: All data transmitted is encrypted using HTTPS/SSL
• Secure Storage: Data stored with industry-standard encryption
• Access Controls: Limited access to personal data
• Regular Security Audits: Ongoing security assessments
• Token Expiration: Magic link tokens expire after 15 minutes
• Single-Use Tokens: Authentication tokens can only be used once

6. Data Retention

We retain your data as follows:

• Account Data: Retained while your account is active
• Authentication Tokens: 7 days (or until you sign out)
• Magic Link Tokens: 15 minutes (then automatically deleted)
• Cookie Consent: Until you change your preferences

When you delete your account, we remove all personal data within 30 days.

7. Your Rights Under GDPR

If you are in the EU/UK, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to certain types of processing
• Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at hello@mindthebox.uk

8. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

9. Contact & Data Protection Officer

1. Acceptance of Terms

By creating an account, accessing, or using Mind The Box services, you acknowledge that you have read, understood, and agree to be bound by these Terms and Conditions and our Privacy Policy.

2. Eligibility

You must be at least 16 years old to use our services. By using Mind The Box, you represent that:

• You are at least 16 years of age
• You have the legal capacity to enter into these Terms and Conditions
• You will provide accurate and truthful information when creating an account

3. User Accounts

3.1 Account Creation

To access certain features, you may need to create an account. When creating an account:

• You must provide a valid email address
• You are responsible for maintaining the confidentiality of your account
• You are responsible for all activities that occur under your account
• You must notify us immediately of any unauthorized use of your account

3.2 Account Deletion

You may delete your account at any time by contacting us at hello@mindthebox.uk. Upon deletion, your personal data will be removed in accordance with our Privacy Policy.

4. Acceptable Use

You agree not to:

• Use our services for any illegal or unauthorized purpose
• Violate any laws in your jurisdiction
• Infringe upon the intellectual property rights of others
• Transmit any harmful code, viruses, or malware
• Attempt to gain unauthorized access to our systems or networks
• Interfere with or disrupt our services
• Harass, abuse, or harm other users
• Use automated systems (bots, scrapers) without our permission

5. Intellectual Property Rights

5.1 Our Content

All content, features, and functionality of Mind The Box are owned by Mind The Box or our licensors and are protected by copyright, trademark, and other intellectual property laws.

5.2 Resources and Downloads

Resources provided through Mind The Box are for personal use only unless otherwise specified. You may:

• Download resources for personal, non-commercial use
• Print resources for personal use

You may not:

• Sell, rent, or lease our resources
• Redistribute resources for commercial purposes
• Remove copyright or attribution notices from resources
• Claim ownership of our resources

6. Disclaimers & Limitations

7. Governing Law

These Terms and Conditions are governed by and construed in accordance with the laws of England and Wales. You agree that any disputes arising from these Terms will be subject to the exclusive jurisdiction of the courts of England and Wales.

8. Contact Information

1. What Are Cookies?

Cookies are small text files that are placed on your device (computer, smartphone, or tablet) when you visit a website. They are widely used to make websites work more efficiently and provide information to website owners.

2. How We Use Cookies

We use cookies for the following purposes:

2.1 Strictly Necessary Cookies

These cookies are essential for our website to function properly. They include:

• Authentication Tokens: Keep you signed in securely (expires after 7 days)
• Session Storage: Temporary data for your current browsing session
• Cookie Consent: Remember your cookie preferences

Note: These cookies cannot be disabled as they are necessary for the website to function. Blocking them may prevent you from using certain features, particularly authentication.

3. What We Store

4. Third-Party Cookies

4.1 Supabase Authentication

We use Supabase for authentication, which may set cookies to maintain your login session. These cookies are necessary for the authentication service to work.

4.2 Google OAuth (Optional)

If you choose to sign in with Google, Google may set cookies for authentication purposes. See Google's Privacy Policy for more information.

5. Managing Cookies

You have several options for managing cookies:

5.1 Cookie Settings

You can manage your cookie preferences at any time using our Cookie Settings tool.

5.2 Browser Settings

Most web browsers allow you to control cookies through their settings. You can:

• View what cookies are stored and delete them individually
• Block third-party cookies
• Block all cookies from specific sites
• Block all cookies completely
• Delete all cookies when you close your browser

5.3 Browser-Specific Instructions

• Google Chrome
• Mozilla Firefox
• Safari
• Microsoft Edge

6. Data Retention

Cookie and storage data retention periods:

• Authentication tokens: 7 days or until you sign out
• Magic link tokens: 15 minutes (then automatically deleted)
• Session storage: Cleared when you close your browser
• Cookie consent: Permanent until you change preferences

7. Updates to This Policy

We may update this Cookie Policy from time to time to reflect changes in technology, legislation, or our data practices. We will notify you of any significant changes by updating the "Last Updated" date at the top of this page.

8. Contact Us

1. Our Core Values

1.1 Compassion & Empathy

We approach mental health with deep compassion and understanding. Every person's mental health journey is unique, and we honor that diversity without judgment.

1.2 Accessibility for All

Mental health support should not be a privilege. We are committed to providing free, accessible resources to anyone who needs them, regardless of their circumstances.

1.3 Evidence-Based Practice

All our resources are grounded in evidence-based therapeutic approaches and current best practices in mental health care. We regularly review and update our content to reflect the latest research.

1.4 User Privacy & Dignity

We treat your data with the utmost respect and care. Your mental health journey is personal, and we are committed to protecting your privacy and dignity at all times.

2. Professional Responsibility

2.1 Scope of Service

Mind The Box provides educational resources and self-help tools. We are clear about what we are and what we are not:

• We are: A provider of mental health education and self-care resources
• We are not: A substitute for professional mental health care, crisis intervention, or emergency services

2.2 Professional Boundaries

We maintain clear professional boundaries and always encourage users to seek appropriate professional help when needed. We do not:

• Provide diagnosis or treatment of mental health conditions
• Offer crisis intervention or emergency support
• Replace the role of qualified mental health professionals
• Make promises or guarantees about outcomes

2.3 Signposting & Referral

We provide clear signposting to appropriate professional services, including:

• Emergency services (999 in the UK)
• Crisis helplines (Samaritans, CALM, etc.)
• NHS mental health services
• Professional counseling and therapy services

3. Safeguarding Commitment

3.1 Vulnerable Users

We take our responsibility to vulnerable users seriously. Our resources are designed to be supportive and never to cause harm. We:

• Use inclusive, non-stigmatizing language
• Avoid triggering content or provide appropriate warnings
• Promote safety and harm reduction
• Encourage professional support when appropriate

3.2 Crisis Management

While we do not provide crisis intervention, we clearly communicate crisis resources and encourage immediate professional help for anyone experiencing a mental health crisis.

4. Transparency & Honesty

4.1 Funding & Independence

We are transparent about our funding sources and maintain editorial independence. We do not allow commercial interests to influence our mental health resources or recommendations.

4.2 Limitations & Uncertainties

We are honest about the limitations of self-help resources and the complexities of mental health. Where evidence is uncertain or conflicting, we acknowledge this openly.

4.3 Content Attribution

We properly attribute all sources, research, and references used in our resources. We respect intellectual property and credit the work of others.

5. Inclusivity & Anti-Discrimination

5.1 Commitment to Equality

Mental health affects people of all backgrounds. We are committed to:

• Creating resources that are culturally sensitive and inclusive
• Avoiding discrimination based on race, gender, sexuality, disability, age, or any other characteristic
• Recognizing and addressing barriers to mental health care
• Promoting mental health equity

5.2 Accessibility

We strive to make our resources accessible to people with disabilities and those with different access needs. This includes:

• Clear, simple language
• Accessible website design
• Alternative formats where possible
• Consideration of digital accessibility standards

6. Data Ethics & Privacy

6.1 Minimal Data Collection

We only collect the minimum data necessary to provide our services. We do not collect or store sensitive mental health information without explicit consent.

6.2 Data Protection

We implement robust security measures to protect your data and comply with GDPR and UK data protection laws. Your data will never be sold or used for purposes you haven't consented to.

6.3 Right to Privacy

You have complete control over your data. We respect your right to access, correct, delete, or export your personal information at any time.

7. Continuous Improvement

7.1 Feedback & Learning

We actively seek feedback from users and mental health professionals to improve our resources and services. We are committed to continuous learning and development.

7.2 Quality Assurance

We regularly review our resources to ensure they remain accurate, relevant, and aligned with best practices in mental health care.

7.3 Accountability

We hold ourselves accountable to these ethical standards and welcome constructive criticism. If we fall short, we commit to acknowledging this and taking corrective action.

8. Ethical Partnerships

8.1 Collaboration

We work with mental health professionals, organizations, and advocates who share our values. We only partner with organizations that maintain high ethical standards.

8.2 Commercial Relationships

We maintain transparency about any commercial relationships and ensure they do not compromise our independence or the quality of our resources.

9. Environmental & Social Responsibility

9.1 Sustainable Practice

We consider the environmental impact of our operations and strive to minimize our carbon footprint through digital-first delivery of resources.

9.2 Social Impact

We recognize our role in reducing stigma and promoting mental health awareness. We use our platform responsibly to contribute positively to mental health discourse.

10. Contact & Concerns