Privacy Policy

Effective date: 1 June 2026 · Last updated: 1 June 2026

fiftymin ("we", "our", "the app") is operated by an individual practitioner. This policy explains what data we collect when you use fiftymin, how we use it, and your rights under Indian law — including the Digital Personal Data Protection (DPDP) Act, 2023 and the IT (Reasonable Security Practices and Sensitive Personal Data or Information) Rules, 2011.

fiftymin is a tool for therapists, not their patients. Patient names and session data you enter belong to you. We store it on your behalf but do not use it for any other purpose.

1. What we collect

Account data: Your email address and password (hashed), collected when you sign up via AWS Cognito.

Practice data you enter: Patient first names, session dates, billing rates, session notes, and invoice details. This data is stored in your account and is visible only to you.

Usage data: AWS automatically logs API requests (IP address, timestamp, HTTP method). We do not use third-party analytics.

We do not collect payment card details, full patient names, diagnoses, or any clinical notes beyond what you choose to enter as session notes.

2. How we use your data

To provide the app — displaying your sessions, calculating billing, generating invoices.
To authenticate you securely on each login.
To restore your data if you lose access to your device.

We do not sell, rent, or share your data with third parties. We do not use your data for advertising or profiling.

3. Sensitive personal data

Session notes and patient information you enter may qualify as sensitive personal data or information (SPDI) under the IT Rules, 2011. We treat all data you enter with the highest level of care:

Stored in AWS DynamoDB (Mumbai region, ap-south-1) with encryption at rest.
Transmitted only over HTTPS (TLS 1.2+).
Accessible only to you via your authenticated account.
Never shared with any third party except AWS as our infrastructure provider.

4. Data storage and retention

Your data is stored on AWS infrastructure in India (ap-south-1 / Mumbai). AWS is our only sub-processor.

We retain your data for as long as your account is active. If you delete your account, we will delete all associated data within 30 days. You can request deletion at any time by emailing us.

5. Your rights

Under the DPDP Act, 2023 and IT Rules, 2011, you have the right to:

Access — request a copy of all data we hold about you.
Correction — ask us to correct inaccurate data.
Erasure — request deletion of your account and all associated data.
Grievance redressal — raise a complaint if you believe your data has been mishandled.

To exercise any of these rights, email us at the address below. We will respond within 30 days.

6. Your responsibilities

As a therapist using fiftymin, you are the data fiduciary for your patients' information under the DPDP Act. You are responsible for obtaining appropriate consent from patients before entering their data into the app, and for complying with any applicable professional obligations under the Mental Healthcare Act, 2017 and RCI/licensing requirements.

7. Cookies and local storage

fiftymin does not use cookies. We use your browser's sessionStorage to hold your login token during a session. This is cleared when you close the browser tab.

8. Children's data

fiftymin is intended for use by adult mental health professionals. We do not knowingly collect data from persons under 18. If a therapist enters information about a minor patient, the therapist bears full responsibility for obtaining lawful parental or guardian consent.

9. Changes to this policy

We may update this policy as the product evolves. If we make material changes we will update the effective date at the top of this page. Continued use of the app after changes constitutes acceptance.

10. Contact and grievance officer

For privacy requests, data deletion, or complaints:

Email: hello@fiftymin.app
We aim to respond within 30 days as required under the DPDP Act, 2023.