“One of the questions we get asked the most is whether we can see the worries that you as a user write into our app WorryTree. The answer is that no, we can’t. None of our team including our developers has access to the worries you share here. The Privacy Policy below explains what data we have access to and how we use it so if you’d like to know more, read on or reach out to us for more information.”
Louise Stevenson, Founder of WorryTree
Privacy Policy
At WorryTree Ltd, we know that privacy and security are very important to you.
This Privacy Notice describes our privacy and data practices on the WorryTree application (our ‘WorryTree app’) and this website www.worry-tree.com (our ‘WorryTree website’). This Policy applies to all visitors, users, and others who access the Service ( referred to as ‘User(s)’ or ‘You/r’). The digital self-care tools, provided via WorryTree App, are collectively referred to as the "Service(s)".
The WorryTree app, website and related services are owned and operated by WorryTree Ltd, and we can be contacted at the contact information set out at the bottom of this policy.
This page informs you of our policies regarding the collection, use, and disclosure of your personal information when you use our services. This Privacy Policy aims to fulfill our obligation towards your Right to be Informed. We use your data to provide and improve the services we offer. We will never use or share your data with anyone except as described in this Privacy Policy. We align our data protection practices to the key principles prescribed by General Data Protection Regulation (GDPR 2018) and other Data Protection Laws (as defined below).
By using our App and other services, you agree to the collection and use of information in accordance with this Privacy Policy and cookie policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms of Service.
Updates
We may amend this privacy notice from time to time to keep it up to date. We will notify you on our policy webpage when we make any changes to the Privacy Policy. Please regularly check these pages for the latest version of this notice.
Important Notes
If you're struggling at the moment, then know that asking for help is a sign of strength not of weakness. Contact someone you can trust like your Doctor, a friend or a relative, or text SHOUT to 85258 (in the UK) to start a conversation with a crisis support volunteer.
If you are under 18 years old, please read our Privacy Policy and Terms of Service with your parents or legal guardian and ask them to provide their consent to use the WorryTree app and services at hello@worry-tree.com.
Using WorryTree services does not replace face-to-face therapy. It is meant to empower and support you and not to treat any illness or health condition.
The intended use for providing evidence-based tools and techniques is to manage emotions and encourage mental well-being in a self-help and self-monitoring context.
WorryTree services are not intended to provide a diagnosis, prognosis, treatment or cure for a condition.
Definitions
Anonymisation is the process of removing personal identifiers from data sets so that the person can no longer be identified.
Cookie is a small amount of data stored on your device (computer or mobile device).
Data or Information under this Privacy Policy means both personal and non-personal data or information.
Data Controller or Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data as defined in applicable data protection laws.
Data Processor or Processor or Service Providers or Business Associate means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller as defined in applicable data protection laws.
Data Protection Laws here means in accordance with the UK Data Protection Act 2018 (UK GDPR).
Data Subject (or User/You) means any living individual who is using our service and is the subject of Personal Data.
Encryption is the process of transforming data into unreadable text so that it is only legible to those possessing an encryption key.
Personal Data or Personal Information means data about a living person who can be identified from the data and/or other information either in our possession or likely to come into our possession and as defined in applicable data protection laws.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data as defined in applicable data protection laws.
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific user without the use of additional information.
Non-Personal Data or Non-Personal Information means any data that is made anonymous and does not reveal user-specific identity.
Sub-Processor/s is a data processor who is sub-contracted some of the personal data processing.
Who are we?
WorryTree is a private limited company having its registered offices in the UK (WorryTree Ltd). We are registered with the UK ICO. Our data protection registration number is ZB232133.
When we decide the purposes of our services and personal data processing, WorryTree will be the Controller. For all services and data processing done at the direction of and on behalf of a Controller or a Processor, WorryTree would either be a Processor or a Sub-Processor.
What personal data do we process and how do we use it?
We only use your personal data for the purposes for which we collected it. We will use it for another reason, only if compatible with the original purpose. We may process your personal data on more than one lawful basis depending on the specific purpose for which we are using your data. We may process your personal data without your knowledge and consent, where this is required or permitted by law.
The table below lists the data processing that we perform when you use our services:
Data Types | Source | Processing Purpose | Lawful Basis |
Android or Apple identifier (app-device identifier) | Collected from your device | To recognise you as a new or existing user. To create a random user identifier. To perform deletion of an identifier before sharing data for analytic purposes. To associate users to their provided data to provide uninterrupted App services. To migrate your data to a new device. To process subscription-related requests. To administer your account. To process for addressing your data rights. To comply with applicable law or regulation. | To perform our contract with you (As an end-user, our contract is your agreement to the Terms of Service and this Privacy Policy) |
Random user identifier | Created by WorryTree | To recognize you as a new or existing user. To provide App and services. To create a random truncated identifier to provide minimal data for internal analytics. To provide additional security during data transfers. To administer your account. To process your data rights. | To perform our contract with you. (As an end-user, our contract is your agreement to the Terms of Service and this Privacy Policy) |
Referral code | Created by WorryTree and entered by you | To register you as a user. To authorise access to agreed services. To provide customised App and services. To aggregate data at user level for analytics purposes. To administer your account. To process your data rights. | To perform our contract with you. (As an end-user, our contract is your agreement to the Terms of Service and this Privacy Policy) |
Name | Provided by you | To personalise content on the App and services. To administer your account. | To perform our contract with you. (As an end-user, our contract is your agreement to the Terms of Service and this Privacy Policy) |
Email Address | Provided by you | To personalise content on the App and services. To administer your account. | To perform our contract with you. (As an end-user, our contract is your agreement to the Terms of Service and this Privacy Policy) |
Device data (Operating system, OS version, device make and model, time-zone) | Collected from your device | To resolve issues. To improve App experience and use. To provide service-related information. To remind users of upcoming sessions and events. | To perform our contract with you. (As an end-user, our contract is your agreement to the Terms of Service and this Privacy Policy) |
Free text data (free text, accidental identifiers submitted, wellness data, voluntary data) |
Voluntarily provided by you | To provide the WorryTree service. To recommend tools and techniques. To support and encourage self-care. To improve product and service quality and customer experience. (Free text data is encrypted). |
To perform our contract with you. (As an end-user, our contract is your agreement to the Terms of Service and this Privacy Policy) |
Event Data (text button events, app screen events, tool events) | Events created during your use of App | To share anonymised event data with third party providers for analytics purposes. To obscure the event data to not reveal sensitive information. | To perform our contract with you. (As an end-user, our contract is your agreement to the Terms of Service and this Privacy Policy) |
Communication Information (name, email Identifier, email messages, subscription receipts, feedback messages) | Voluntarily provided by you | To respond to your inquiries, requests and feedback. To troubleshoot your issues. To provide and improve customer support services. To improve App and Services quality, safety and performance based on your feedback. | To perform our contract with you. (As an end-user, our contract is your agreement to the Terms of Service and this Privacy Policy) |
Network Data (Internet protocol address) | Collected from your device | To store in the database and network logs. To enable secured access to both the app and website. | To perform our contract with you. (As an end-user, our contract is your agreement to the Terms of Service and this Privacy Policy) (IP address is not linked to the app user identifier and not stored in the App database) |
Do we use passive sensing or location data?
WorryTree does not process any data from your mobile device sensors, including accelerometer, ambient light readings, screen on/off readings and call logs. Our App does not process your geolocation at a level that makes your data identifiable. Our App may infer your country or state based on your time zone to provide you with appropriate resources, such as scheduled reminders.
How do we share your data with third parties?
To provide you with our services, we use third-party service providers to help store and process your data. We assess the service provider’s security and privacy practices. We strictly require that they comply with confidentiality and non-disclosure obligations and applicable laws and regulations including relevant Data Protection Laws. We also require that they or their providers (fourth parties) access your data only to the extent necessary to perform tasks on our behalf. We use the following third-party service providers:
Service Provider | Purpose |
---|---|
Firebase, and Google Analytics | To analyse App event data to understand user engagement and experience. No user free text information or personal data gets shared. Only a de-identified user identifier is shared along with the event data. All event data is made cryptic so that no profile gets created at the hands of the analytics provider. No direct advertising or direct marketing is performed. However, to measure the effectiveness of our social media or other marketing campaigns, we may use these tools to help us make improvements to our service. The third-party tool APIs may automatically collect some non-personal events. Google Analytics automatically collected events can be found here. The use of Google Analytics is governed by Google Data Policy and Data Safeguards. Firebase automatically collected events can be found here. The use of Firebase is governed by Firebase Terms of Service, Use Policy and Crashlytics Terms of Service. |
Squarespace | Our website is hosted on Squarespace. Squarespace uses your visit data to perform analytics. The use of Squarespace is governed by the Squarespace Terms of Service, Privacy and Cookie Policy and GDPR Compliance Statement. |
SendGrid | We use SendGrid to send confirmation messages to new users who subscribe to our services. We may request your personal name and email ID and transmit this to SendGrid for the sole purpose of sending you the customised link to access the App. Your name and email ID will not be stored in our servers and will not be used for any other purposes. The services provided by SendGrid are based on their Terms of Service, Privacy Policy and Security & GDPR Compliance. We have a signed Data Processing Agreement (DPA) with SCCs with SendGrid. |
Google Drive, GoDaddy and Microsoft 365 Email Essentials | We use Microsoft 365 via GoDaddy to provide our email service, and to store Information received from our clients and end-users in google drive and google docs. The services provided by Google are based on their Terms of Service, Privacy Policy and GPDR Compliance. The services provided by GoDaddy are based on their Terms of Service, Privacy Policy and GDPR Compliance. |
Third-party payment gateway providers | We use payment providers such as Stripe, PayPal, Razorpay and those provided by app stores to process payment when you purchase from us. Use of the Payment providers is governed by their terms of use and privacy policy. WorryTree does not collect and store your credit card-related information. |
Business Development and Marketing Tools | We use marketing tools for lead identification, lead generation and business operations, for communications in marketing campaigns and other marketing activities. To communicate with our existing or prospective business clients or users. We ensure appropriate consent and opt-outs are provided when we reach out to prospects. We perform vendor and tool security assessment and vulnerability checks before we onboard a tool. We sign required agreements along with appropriate data protection clauses with tool suppliers. |
One Signal | We use One Signal in our app to send push notifications and in-app notifications to help you find the content and tools most appropriate to you. You can unsubscribe from these at any time within the Settings screen in WorryTree. The services provided by One Signal are based on their Privacy Policy, Terms of Service and GDPR Compliance. |
Processing of any of your personal data as per our Legitimate Interests
We may be required to process your personal data in our legitimate interests. We will always weigh your rights and freedom before we process any such requests for purposes of legitimate interest. This processing includes:
For uses and disclosures required by law
For disclosures for judicial and administrative proceedings such as court order or subpoena
For disclosures for law enforcement purposes or national security requests
For disclosure and assistance with an investigation or prosecution of suspected or actual illegal activity
For disclosure and use of a litigation hold. To freeze specific data relating to imminent, pending or current legal action, thereby preventing potential evidence alteration or deletion
For uses and disclosures for minimal research and analytics purposes to study how users use our products and services
For any service communications relating to your use of App and services
For uses and disclosures to prevent fraudulent use of or abuse of the service
For uses and disclosures to take adequate security and privacy safeguards
For uses and disclosures to ensure App and service availability, accessibility and quality
For uses and disclosures to protect your data protection rights
For uses and disclosures to protect your, our and others data protection rights, property and safety
To respond to your enquiries and requests.
In the future, if we are involved in any merger, acquisition, sale of assets, business reorganisation, or bankruptcy, we may transfer or otherwise share some or all of our assets which may include your data. We will take reasonable steps to inform you about this using the following modes.
Public notice on our website and/or
Where applicable, send in-app notification and/or
Changes to this privacy policy and in-app notice.
You can always email us at hello@worry-tree.com to exercise your data protection rights.
However, in such an event of sale or transfer, we shall reasonably ensure that your data with us is stored and used by the transferee in a manner that is consistent with this Privacy Policy and applicable Data Protection Laws. Any such third-party to whom we transfer shall have the right to continue to use the data that you provide us immediately prior to such transfer or sale. On completion of the sale or transfer, the Privacy Policy of the third-party shall apply with respect to your data.
What data do we process after taking your Consent?
We take your consent to perform the following processing:
Service Provider | Purpose | |
---|---|---|
Firebase, and Google Analytics | To analyse App event data to understand user engagement and experience. No user free text information or personal data gets shared. Only a de-identified user identifier is shared along with the event data. All event data is made cryptic so that no profile gets created at the hands of the analytics provider. No direct advertising or direct marketing is performed. However, to measure the effectiveness of our social media or other marketing campaigns, we may use these tools to help us make improvements to our service. The third-party tool APIs may automatically collect some non-personal events. Google Analytics automatically collected events can be found here. The use of Google Analytics is governed by Google Data Policy and Data Safeguards. Firebase automatically collected events can be found here. The use of Firebase is governed by Firebase Terms of Service, Use Policy and Crashlytics Terms of Service. | |
Squarespace | Our website is hosted on Squarespace. Squarespace uses your visit data to perform analytics. The use of Squarespace is governed by the Squarespace Terms of Service, Privacy and Cookie Policy and GDPR Compliance Statement. | |
SendGrid | We use SendGrid to send confirmation messages to new users who subscribe to our services. We may request your personal name and email ID and transmit this to SendGrid for the sole purpose of sending you the customised link to access the App. Your name and email ID will not be stored in our servers and will not be used for any other purposes. The services provided by SendGrid are based on their Terms of Service, Privacy Policy and Security & GDPR Compliance. We have a signed Data Processing Agreement (DPA) with SCCs with SendGrid. | |
Google Drive, GoDaddy and Microsoft 365 Email Essentials | We use Microsoft 365 via GoDaddy to provide our email service, and to store Information received from our clients and end-users in google drive and google docs. The services provided by Google are based on their Terms of Service, Privacy Policy and GPDR Compliance. The services provided by GoDaddy are based on their Terms of Service, Privacy Policy and GDPR Compliance. | |
Third-party payment gateway providers | We use payment providers such as Stripe, PayPal, Razorpay and those provided by app stores to process payment when you purchase from us. Use of the Payment providers is governed by their terms of use and privacy policy. WorryTree does not collect and store your credit card-related information. | |
Business Development and Marketing Tools | We use marketing tools for lead identification, lead generation and business operations, for communications in marketing campaigns and other marketing activities. To communicate with our existing or prospective business clients or users. We ensure appropriate consent and opt-outs are provided when we reach out to prospects. We perform vendor and tool security assessment and vulnerability checks before we onboard a tool. We sign required agreements along with appropriate data protection clauses with tool suppliers. | |
One Signal | We use One Signal in our app to send push notifications and in-app notifications to help you find the content and tools most appropriate to you. You can unsubscribe from these at any time within the Settings screen in WorryTree. The services provided by One Signal are based on their Privacy Policy, Terms of Service and GDPR Compliance. |
How do we handle incidents and requests?
There may be occasions where you wish to contact us to seek support or make an enquiry. If you contact us directly over email, we will collect minimal personal information to service your request. Your communication data is securely stored in our email account with access to only authorised users. We have signed agreements with our email provider. We will only use your data to investigate the issue or request asked. Your email will be retained within our system for a maximum of 10 years since the last correspondence. We will not spam you or contact you for any direct marketing. We will not share or sell your personal data with any third-party disclosure.
Your issues or complaints or requests about the App and services are taken very seriously. You will need to send an email request to hello@worry-tree.com. We will respond to your complaints within three business days. Some of your complaints may take longer to resolve. We will continuously provide you with an update until your complaints are satisfactorily resolved.
How do we handle data provided during promotions, campaigns and surveys?
We do not promote third-party offers as a part of the App experience. Your promotion, campaigns and survey submissions will never be linked to your WorryTree account. Your promotion, campaign, and survey submission will reside in our secure email or marketing tool accounts. The email and marketing tool account is protected by two-step verification. You can opt-out at any time from the programme by sending us an email request to hello@worry-tree.com. We will respond to your request within three business days. Your submissions will never be shared with a third-party.
How do we handle your payment data when you subscribe to our services?
We do not collect, retain and store your personal and card information. Your card processing is handled by third-party payment agencies. We do not collect any personal data from the play stores post-purchase or from any of our third-party payment gateway providers. Please read their terms and privacy policy before making a payment. The payment confirmation and subscription details are received and processed by us. This is to support you for your subscription-based requests.
What do we process when you follow us on Instagram or our other social media pages?
You have the option to follow us on Instagram using your Instagram account. You can set up an Instagram account, if you do not own one and follow us at @worrytree. We do not associate your instagram account, or any other social media account, with your WorryTree App account.
Your use of third-party weblinks
The App may carry links to third-party websites and resources. When you click on those links, you may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. We encourage you to read the privacy policy and Terms of use of every external link you visit.
What additional processing is performed?
We do not combine and process your personal data with any other third-party available data. Your data, messages or usage are not used for direct marketing nor are they sold to advertisers. We will always take your consent before using your name for social proof purposes.
We will update this Privacy Policy and inform you if we perform any additional processing.
How do we secure your data?
The security of your data is very important to us, and we work hard to secure it. We have implemented adequate technical and organisational safeguards to protect your data. Some of the steps we have taken to secure your data include:
Privacy by Design and Default
No human has access to any of the worry data you record in our App.
Adherence to the 7 key principles set out by GDPR (see here).
We perform Data Protection Impact Assessment (DPIA) for personal data processing.
Security by Design
We use TLS and SSL encryption with HTTPS during transfer and AES-256 protocol at rest.
Our systems are secured with role-based access, strong passwords and two-step verification.
We enable endpoint security in all staff systems.
We review and maintain data processing agreements with our service providers.
We have a strict hiring and background verification process in place.
We provide regular awareness and training to our staff.
We conduct annual third party compliance audits and data protection certifications.
We conduct regular checks to ensure compliance with our policies.
Certifications and Registrations
WorryTree is registered with the UK Information Commissioner’s Office (ICO).
No method of electronic transmission or method of data storage is perfect or impenetrable. While we try our best to implement controls to protect your personal data, we cannot guarantee its absolute security. To ensure your data is secure, we require your cooperation as well. Please do not copy and share your information with unknown people.
How long do we retain your data including personal data?
We may retain one copy of your data even after your subscription ends if it is reasonably necessary. This could be in the following situations:
To comply with applicable legal and statutory requirements
At the request of a returning subscriber
To respond to your requests
To fulfill processing that is in our legitimate interest.
Where not specified we retain your data for a maximum of 10 years since the last update and as per our internal information retention policies.
Other important information
Withdrawing Consent
To the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent at any time. This will not affect the lawfulness of processing of your data before we received notice that you wished to withdraw your consent.
Breach notification
If the data breach is likely to result in a high risk of adversely affecting your rights and freedom, we will notify you as required by Data Protection Laws.
Concerns and Complaints
If you have any concerns or grievances about this Privacy Policy you will need to send an email to hello@worry-tree.com with Attn. to Mrs. Louise Stevenson, Data Protection Officer (DPO) and Grievance Officer. We will respond to you within 36 hours and help resolve your concerns or complaints. We assure you a time-bound resolution not exceeding one month from the date of your complaint.
If you are not satisfied with our resolution, you have the right to complain to a Data Protection supervisory authority in your country or state of residence. We will fully cooperate with the supervisory authority. You can raise a complaint with the UK ICO by following the process outlined here. Contact details for Data Protection Authorities in the EU are available here.
How to contact for additional questions, comments or concerns?
For any product, services, subscription, technical or payment-related issues, please contact us at hello@worry-tree.com with your questions.
Our mail address for all communication is:
WorryTree Ltd
4-5 High Town
Hereford
United Kingdom
HR1 2AA
What are some Best Practices to follow to keep your devices secure?
You are also responsible for helping to protect the security of your personal data. You are responsible for maintaining the security of any personal computing device on which you utilise the Services.
The NCSC GOV.UK provides guidance on how you can improve your online security. The UK ICO provides practical advice for protecting your personal data online and when using computers and other devices. These can be found at the links below:
Cyber Aware - NCSC.GOV.UK
Online and electronic devices | ICO
The US Federal Trade Commission (FTC) publishes information for users on how to secure your personal data and devices. These can be found at the following public links.
How To Protect Your Privacy on Apps | FTC Consumer Information
Online Security | FTC Consumer Information
FTC - How to Keep Your Personal Information Secure
WorryTree strongly believes in security and safety of data in your mobile device. As a responsible Service provider, we like to share important device-based security information for your attention. These have been sourced from US FTC best practices and guidelines. Always refer back to the US FTC links provided above for more details and future security updates.
Always lock your mobile screen by setting a password. Use strong passwords and keep passwords private. Never leave your device unattended.
Always keep your mobile operating system up-to-date.
Enable remote access of your devices to enable you to locate and control your devices remotely in the event your device gets stolen.
Install anti-virus software to protect against virus attacks and infections
Avoid phishing emails. Do not open files, click on links or download programs from an unknown source.
Be wise about using Wi-Fi. Before you send personal and sensitive data over your laptop or mobile device on a public wireless network in a coffee shop, library, airport, hotel, or other public place, see if your data will be protected.
Changes to this Privacy Policy
We may modify our Privacy Policy from time to time for various reasons including to improve our privacy practices, to ensure our users’ right to be Informed, to reflect changes to our service, and to comply with relevant laws. If and when this policy is changed, we will post the new notice on our Website and the App and notify you through an in-app notification or as otherwise required by relevant law. It is your responsibility to check our Website and our App periodically for updates or changes to the policy. We encourage you to review changes carefully. If the changes to the Privacy Policy include changes to the collection, storing or processing your personal information in a way that infringes on your privacy, we will notify you clearly about the same where required by the applicable laws and regulations. If you agree to the changes, then please continue to use our service. If you, however, do not agree to any of the changes and you no longer wish to use our service, you may choose to unsubscribe or uninstall our App. Continuing to use our App and services after a notice of change has been communicated to you or published constitutes your acceptance of changes and consent to the modified Privacy Policy.
Severability and Exclusion
We have taken every effort to ensure that this Privacy Policy adheres with the applicable Data Protection Laws. The invalidity or unenforceability of any part of this Privacy Policy shall not prejudice or affect the validity or enforceability of the remainder of this Privacy Policy. This Privacy Policy does not apply to any data other than the data collected by WorryTree while providing the services.
Updated 13 July 2023