Effective from: 10th December 2025
1. WHO WE ARE
1.1 Paranimo Limited (Company Number 11992617) is a company incorporated in England and Wales with its registered office at 28 Salisbury Road, Farnborough, England, GU14 7AL. We operate two platforms: Paranimo and Matchifi.
1.2 This policy explains how Paranimo Limited ("We," "Us," or "Our") collects, uses, and protects personal data from users of our websites and platforms (collectively, "Platform"). The security and privacy of our users' personal data is central to our service and we want this document to give our users the confidence to use our platforms without concern or anxiety.
1.3 The UK Data Protection Act 2018 and UK GDPR set out the data protection rights for UK citizens. More information can be found here: https://ico.org.uk/for-organisations/guide-to-data-protection/
1.4 Our platforms comprise:
• Paranimo: Our mental health platform that matches qualified therapists with therapy clients
• Matchifi: Connects Clients with a wider range of independent Service Providers such as coaches, mentors, or other professionals
1.5 These platforms act as marketplaces to facilitate Service Providers providing their services to Clients, including through Business Customer portals and reseller arrangements.
2. WHAT PERSONAL DATA WE COLLECT
2.1 Our General Principles
2.1.1 We keep personal data collection to the absolute minimum required to provide our service.
2.1.2 We only collect personal data for specified, explicit and legitimate purposes.
2.1.3 We will only use personal data for purposes stated herein, and will gain permission before making any change to those stated purposes.
2.2 Age Restrictions
2.2.1 We do not knowingly collect personal data from individuals under the age of 18 years old unless facilitated through a Business Customer explicitly configuring the Platform for such use.
2.2.2 If you are under 18 years of age you cannot use this service or give us your personal data unless authorised by an approved Business Customer Portal.
2.2.3 By using our services, you are confirming that you are at least 18 years old or have appropriate authorisation.
2.3 Data We Collect by User Type
2.3.1 End User Data (Clients)
(a) Required personal data: Email address and password (encrypted). We do not share email addresses with Service Providers without consent.
(b) Optional: Display name (real name or pseudonym), phone number and availability. The display name will be used to identify you in the Client list of your Service Provider, but you can remove your name from their list at any time by withdrawing your consent.
(c) Booking Records: Service Providers booked, date, time, and session status, session duration and type, number of sessions, payment transaction history
(d) Communications: Platform messages, support enquiries and notifications
(e) Data NOT Collected:
• Reasons for seeking services
• Mental health conditions or diagnoses
• Service Provider selection criteria
• Session content (calls are not recorded)
• Clinical information
• Bank account details or card numbers
(f) Payment Processing: All payment processing is handled by Stripe. We do not collect or store bank account details or full card numbers. See Section 5.7 and https://stripe.com/gb/privacy
(g) Platform Analytics: We analyse aggregated, non-identifiable usage patterns. Individual user activity cannot be identified from this data.
2.3.2 Service Provider Data
(a) Required Data: Full name (publicly displayed), email address, password (encrypted) and phone number (for business customer portal admin)
(b) Public Profile Data: Photograph (optional), Video introduction, biography, specialisations, qualifications and availability
(c) Verification Documents:
(d) Paranimo Platform:
• Professional body membership details
• Professional indemnity insurance
• Qualification certificates
• DBS check (optional)
(e) Matchifi Platform: Requirements determined by each Business Customer, which may include:
• Professional qualifications
• Insurance documentation
• Industry accreditations
• Training certificates
• References
• Background checks
Service Providers are informed of requirements before joining a Matchifi business customer portal.
(f) Booking and Payment Data: Clients served, session dates, times and types, duration, payment and commission records (processed via Stripe) and cancellations and rescheduling
(g) Communications: client messages via Platform, business Customer communications and support enquiries.
(h) Data NOT Stored:
• Session content
• Clinical notes or professional records
• Treatment plans or assessments
• Bank account details or card numbers (Payment processing handled by Stripe. )
Professional records maintained by Service Providers as independent data controllers. See Sections 5.7 and 6.2.6.
2.3.3 Business Customer and Administrator Data
(a) Business Customer Data:
• Organisation name and business registration details
• Primary contact information (name, email, phone number)
• Billing and payment information (paynents handled by Stripe)
• Subscription tier and platform configuration preferences
• Usage analytics and reporting data (aggregated)
• Scheme configuration data (funding limits, user allowances, platform settings)
(b) Administrator Data:
• Full name and job title
• Business email address and phone number
• User management permissions and access levels
• Audit trail of administrative actions
Processed under Article 6(1)(b) (performance of contract with the Business Customer) and Article 6(1)(f) (our legitimate interests in security and platform administration).
2.3.4 Reseller Data
(a) As all Business Customers have reseller rights, additional data may include:
• End-user introduction records
• Revenue and commission data
• Marketing and promotional materials
• Support interaction records
Processed under Article 6(1)(b) UK GDPR. Reseller rights terminate with subscription.
3. HOW WE COLLECT YOUR PERSONAL DATA
3.1 Personal data may be voluntarily given to Paranimo by you through the platforms, or as meta-data passed to us through standard online communication.
3.2 We may also receive personal data from:
• Referrals (email addresses only) where someone suggests you join the platform
• Professional organisations (for Service Provider verification)
• Business Customers may introduce users to the Platform, but all further processing occurs under Paranimo’s role as Data Controller.
3.3 Additional data collection:
• Correspondence records if you contact us or other users through the platform
• Phone numbers for direct phone-based sessions (with consent)
• Manual registration initiation when Service Providers provide email to Paranimo representatives
3.4 We will never record any content from video call sessions.
3.5 Where information is supplied to us through third parties, we ensure by contract that GDPR compliant consent exists.
4. OUR LEGAL BASIS AND WHY WE USE YOUR PERSONAL DATA
4.1 Legal Basis
4.1.1 The legal basis for processing your information:
• Consent of the user
• Where necessary to perform our contract with you
• Legitimate interests for platform security, analytics, and business operations
Where a Business Customer manages its own users within a scheme, they act as Joint Data Controllers for decisions relating to their internal organisational requirements, as set out in Section 6.
4.2 Purpose by User Type
4.2.1 Service Provider Data
(a) Registration and login functionality (b) To advertise skills and experiences through publicly viewable profiles (c) Processing bookings and payments (including as disclosed agent) (d) Account and profile management (e) Self-billing invoice generation and commission calculations
4.2.2 Client Data
(a) Registration and login functionality (b) To show Service Providers your name (with permission) in advance of booking (c) Processing bookings and payments (d) Account management
4.2.3 Business Customer Data
(a) Platform access management and billing (b) Scheme administration and user management (c) Usage reporting and analytics (d) Customer support and technical assistance (e) Reseller activity management and commission processing
4.3 How We Process Your Data
4.3.1 Service Delivery
(a) Registration and login (b) Creating and managing profiles (c) Advertising booking availability (d) Managing calendars and bookings (e) Processing payments and generating invoices (f) Facilitating video calls (g) Commission calculations and payments
4.3.2 Agency Relationship Processing
(a) Where we act as disclosed agent for Service Providers, we process personal data for:
• Self-billing invoice generation
• Client billing on behalf of Service Providers
• Payment processing and commission deduction
• VAT compliance and reporting
4.3.3 Communications
(a) Service updates, maintenance notifications, and technical issues (b) Account security matters and verification requirements (c) Terms and policy changes requiring attention (d) Payment and billing matters (e) Platform improvements and feature updates (f) Support and assistance related to account usage (g) Compliance and regulatory matters
4.3.4 Analysis and Improvement
(a) Analysing user interactions to ensure functionality works effectively (b) Usage analysis to assess growth and inform business development (c) Ensuring service compatibility with devices and browsers (d) Assessing service effectiveness
5. WHO WE SHARE YOUR PERSONAL DATA WITH
5.1 General Principles
5.1.1 Sensitive personal data will not be shared with any third party unless you give permission except where obliged to do so by law, regulation, or legal process.
5.2 User-to-User Sharing
5.2.1 Only a Client's chosen Service Provider can see the Client's name (with Client permission).
5.2.2 Service Provider profiles are publicly available for marketing purposes.
5.2.3 Service Providers may see Business Customer organisation names when providing services to scheme members.
5.3 Business Customer Data Sharing
5.3.1 In accordance with our Terms of Service, certain personal data may be shared between Clients, Service Providers, and Business Customers for:
• Delivering services through funded schemes
• Managing user consent and access
• Customer support activities
• Invoicing and payment processing
• Compliance and audit purposes
• Safeguarding responsibilities
• Scheme administration
Business Customers receive access only to personal data relating to users within their own scheme and do not have control over the Platform’s processing purposes or technical means
5.3.2 Business Customer Administrators can:
• View and manage users within their schemes
• Access usage reports and analytics for their organisation
• See Service Providers who have provided services to their scheme members
• Manage billing and subscription settings
• Access data necessary for safeguarding responsibilities
Administrator access operates within the permissions and system rules defined by Paranimo.
5.4 Reseller Data Sharing
5.4.1 As Business Customers have reseller rights, they may:
• Access data about End-Users they have introduced
• Receive commission and revenue information
• View performance analytics for their reseller activities
• Access support data for End-Users they manage
5.5 Agency Relationship Data Sharing
5.5.1 In our role as disclosed agent for Service Providers:
• Client billing information is shared for invoice generation
• Service Provider details are included in client invoices
• Payment and commission data is processed and shared
• VAT information is collected and processed as required
5.6 Third-Party Sharing
5.6.1 We may share personal data with third parties in these circumstances:
• Personal identifiers with third-party service providers required for core services
• Professional organisation membership verification
• Where necessary for protecting rights or safety of staff, partners, or users
• Where obliged by law, regulation, or legal process
• For legally compliant invoicing and VAT compliance
5.7 Third-Party Service Providers
Auth0: User authentication and authorisation services. Privacy policy: https://auth0.com/privacy/ (using EU servers).
Stripe: Payment processing. Privacy policy: https://stripe.com/gb/privacy.
Sendgrid (Twilio): Notification emails or chat system. Privacy policy: https://www.twilio.com/legal/privacy.
Courier: Notification emails. Privacy policy: https://www.courier.com/privacy-policy.
PlanetScale: Database hosting. Privacy policy: https://planetscale.com/legal/privacy.
Vercel: Hosting and blob storage for invoices. Privacy policy: https://vercel.com/legal/privacy-policy.
Whereby: Video conferencing. Privacy policy: https://whereby.com/information/tos/privacy-policy/.
For US-based providers, we ensure appropriate safeguards through Standard Contractual Clauses or other approved transfer mechanisms.
6. DATA CONTROLLER ROLES
6.1 User Types
Our Platforms serve several categories of users:
• Administrator: a person authorised by a Business Customer to manage a Scheme
• Business Customer: An organisation that purchases or resells access to the Platform for its staff, students or customers.
• Client: An individual receiving services from a Service Provider.
• End User: Any individual using a Paranimo Limited Platform.
• Reseller: A Business Customer who promotes or resells access to the Platform.
• Service Provider: A therapist using Paranimo, or any independent service provider using Matchifi.
6.2 Data Controller Roles
6.2.1 Paranimo Limited as Data Controller
Paranimo Limited is the Data Controller for all personal data processed on the Paranimo and Matchifi Platforms. Paranimo determines the purposes and means of processing, including platform functionality, data collection, retention, analytics, security, matching, payments, communications, and compliance activities.
Paranimo does not act as a Data Processor for Business Customers except where explicitly stated in a separate written agreement.
6.2.2 Business Customers as Joint Data Controllers (Limited Scope)
Business Customers act as Joint Data Controllers only for the processing that results from decisions they make about their own users within their scheme, such as eligibility, access permissions, safeguarding responsibilities and administrative actions. All processing takes place within the framework and limitations defined by Paranimo. Business Customers do not determine platform-wide purposes or means of processing.
These decisions relate only to the Business Customer’s internal organisational needs and do not give the Business Customer control over the Platform’s technical architecture, data flows or processing purposes outside their own scheme.
6.2.3 Service Providers as Independent Data Controllers
Service Providers are independent Data Controllers for professional, clinical or service-delivery records they create or maintain outside the Platform, such as treatment notes, assessments, or any information required by their regulator or insurer. Paranimo does not access or store such material.
6.2.4 Joint Processing Arrangements
In circumstances where both Paranimo and a Business Customer determine certain purposes of processing (for example, scheme administration, onboarding, or safeguarding duties), they act as Joint Controllers under UK GDPR Article 26. The responsibilities are allocated through contractual arrangements and summarised in this Privacy Policy.
6.2.5 Agency Role
When acting as a disclosed agent for Service Providers, Paranimo processes information necessary for invoicing, billing and commission processes. Paranimo is a Data Controller for its own accounting and regulatory obligations.
7. HOW LONG WE KEEP YOUR PERSONAL DATA
7.1 We retain information only as long as necessary to fulfil services or comply with applicable legislation, regulatory requests, and court orders.
7.2 This typically means 7 years, but users can change or delete personal information at any time.
7.3 Specific retention periods may apply for:
• Invoice and payment records (7 years for tax purposes)
• Professional verification documents (duration of service provision plus 7 years)
• Safeguarding records (as required by applicable regulations)
8. DATA STORAGE AND SECURITY
8.1 All customer data is stored in the cloud using:
• AWS services (EU-west-1 Ireland region). AWS GDPR information: https://aws.amazon.com/compliance/gdpr-center/
• Vercel blob storage for invoices
• PlanetScale Database hosting
8.2 We take appropriate administrative and technological measures to ensure personal data is protected:
• Data access limited based on ownership and sensitivity
• Staff have minimum necessary contact with personal data
• Industry-standard security practices
• Regular security monitoring and updates
8.3 We cannot guarantee absolute security of personal data. Additional personal data beyond registration requirements is optional and provided at your own risk.
8.4 In the event of a data breach impacting your personal data, we will notify you and the ICO promptly, as required by law.
8.5 Access controls differ for Paranimo staff, Service Providers, Business Customers and Clients in accordance with the controller roles defined in Section 6
9. DATA PROTECTION OFFICER
9.1 Given the nature and scale of our data processing activities, particularly processing special category data (mental health information) and systematic monitoring of users, we have appointed a Data Protection Officer (DPO).
9.2 Our DPO can be contacted at: Daniel.condliffe@paranimo.co.uk
9.3 You may contact our DPO directly regarding:
• Questions about our data processing activities
• Concerns about data protection compliance
• Requests to exercise your data protection rights
10. YOUR RIGHTS
10.1 Data Protection Rights
10.1.1 Your right to access: Request to see all personal data we hold about you.
10.1.2 Your right to rectification: Request correction of inaccurate data or completion of incomplete data.
10.1.3 Your right to erasure: Request deletion of your data under certain circumstances.
10.1.4 Your right to restrict processing: Request restriction of processing under certain circumstances.
10.1.5 Your right to portability: Request transfer of data to another organisation or directly to you.
10.1.6 Your right to object to processing: Object to processing under certain circumstances.
10.1.7 Your right to withdraw consent: Withdraw consent for data processing at any time via your account settings.
10.2 Who to Contact for Your Rights
10.2.1 Depending on who is the Data Controller for your specific data:
• Paranimo Limited (support@paranimo.co.uk or Daniel.condliffe@paranimo.co.uk) for data we control
• Your Business Customer for data they control related to your scheme access
• Your Service Provider for data they control related to your professional relationship
• Where responsibilities overlap (e.g., jointly controlled processing), Paranimo and the Business Customer cooperate to ensure your rights are respected
10.2.2 We will help direct your requests to the appropriate Data Controller where necessary.
10.3 Marketing Preferences
10.3.1 All marketing messages are opt-in. You can:
• Use 'unsubscribe' links in marketing emails
• Update preferences in your account
• Contact us directly to opt out
10.4 Regulatory Authority
10.4.1 Data protection in the UK is regulated by the Information Commissioner's Office (ICO): https://ico.org.uk
11. INTERNATIONAL TRANSFERS
11.1 Transferring data outside the UK/EEA (e.g., to US-based providers) is not standard policy. However, in the rare occurrence it does occur due to commercial needs, we ensure appropriate safeguards for data transferred through:
• Standard Contractual Clauses
• Data Processing Agreements with adequate protection measures
• Other approved transfer mechanisms under UK GDPR
12. ACCOUNT SECURITY
12.1 You are responsible for keeping your login credentials confidential.
12.2 We recommend:
• Using strong passwords and regular updates
• Enabling multi-factor authentication where available
• Signing out when not using the platform
• Securing your internet connection, especially in public environments
12.3 You are liable for all activities conducted through your account until you notify us of unauthorised access.
13. OTHER IMPORTANT INFORMATION
13.1 Third-Party Websites
13.1.1 Our privacy policy only applies to our platforms. Third-party websites linked from our platforms have their own privacy policies.
13.2 Policy Changes
13.2.1 Our privacy policy is under regular review and will be updated on this webpage.
13.2.2 We will notify you of material changes by email or platform notification.
13.3 Business Transfers
13.3.1 If Paranimo is acquired by a third party, they will need to obtain consent to change your acceptance of these policies, but personal data will be considered a transferable asset.
14. HOW TO CONTACT US
14.1 For questions about this privacy policy or to exercise your data protection rights:
Email: support@paranimo.co.uk
Phone: 0333 049 9994
DPO: Daniel.condliffe@paranimo.co.uk
14.2 Company Details:
Paranimo Limited
Company Number: 11992617
Registered Office: 28 Salisbury Road, Farnborough, England, GU14 7AL
________________________________________
COOKIE POLICY
Introduction
This Cookie Policy explains our use of cookies on Paranimo and Matchifi subdomains (e.g., app.paranimo.co.uk, therapist.paranimo.co.uk, admin.paranimo.co.uk). For questions, contact support@paranimo.co.uk.
What Are Cookies?
Cookies are text files stored by your browser to track visitor behaviour, authenticate logins, and manage permissions. Most browsers accept cookies by default, but you can adjust settings. Disabling them may impair Platform functionality.
How Do We Use Cookies?
We use strictly necessary cookies to ensure Platform security and functionality, including authentication and access control.
Third-Party Cookies
We use trusted third-party cookies:
• Stripe: Payment processing (see https://stripe.com/gb/cookie-settings)
• Auth0: Authentication (see https://auth0.com/docs/sessions-and-cookies/cookies)
• Vercel: Hosting and authentication support (see https://vercel.com/legal/privacy-policy)
• PlanetScale: Database operations (see https://planetscale.com/legal/privacy)
• Content Delivery Networks: Cached content delivery
Strictly Necessary Cookies
These cookies enable registration, login, and secure access. Accepting them is required to use the Platform; rejecting them prevents proper login and reduces support capabilities.
Managing Cookies
Adjust cookie settings via your browser or our cookie management tool on the Platform. Disabling cookies may block registration/login.
Browser guides:
• Chrome: https://support.google.com/chrome/answer/95647
• Safari: https://support.apple.com/guide/safari/sfri11471/mac
• Firefox: https://support.mozilla.org/en-US/kb/cookies-information
• Edge: https://support.microsoft.com/help/17442
.png)