Mindora
Register
Back to Home

Privacy Policy

Last updated: March 2026

1. Introduction

We are committed to safeguarding the privacy of our website visitors and clients.

This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and clients; in other words, where we determine the purposes and means of the processing of that personal data.

We will ask you to consent to our use of cookies in accordance with the terms of this policy when you first visit our website.

In this policy, “we”, “us” and “our” refer to Mindora Ltd. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. For more information about us, see Section 12.

2. Data Controller

Mindora is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us at: privacy@mindora.ai

3. How We Use Your Personal Data

In this section we have set out the general categories of personal data that we may process, the purposes for which we may process personal data, and the legal bases of the processing.

Usage data: We may process data about your use of our website and services. The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system. This usage data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services.

Account data: We may process your account data, which may include your name, telephone number, and email address. The source of the account data is you. The account data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is consent or our legitimate interests, namely the proper administration of our website and business.

Health information: We may process health-related data including ADHD assessment responses and clinical notes (special category data). This data is processed for the purposes of providing ADHD assessment and coaching services. The legal basis for this processing is your explicit consent and the provision of healthcare services.

Enquiry data: We may process information contained in any enquiry you submit to us regarding our services. The enquiry data may be processed for the purposes of offering, marketing and selling relevant services to you. The legal basis for this processing is consent.

Transaction data: We may process information relating to transactions, including purchases of services, that you enter into with us through our website. The transaction data may include your contact details, your card details and the transaction details. The transaction data may be processed for the purpose of supplying the purchased services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.

Notification data: We may process information that you provide to us for the purpose of subscribing to our email notifications. The notification data may be processed for the purposes of sending you the relevant notifications. The legal basis for this processing is consent or the performance of a contract between you and us.

Correspondence data: We may process information contained in or relating to any communication that you send to us. The correspondence data may include the communication content and metadata associated with the communication. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users.

We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.

We may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

Please do not supply any other person's personal data to us, unless we prompt you to do so.

4. Providing Your Personal Data to Others

We may disclose your personal data to any member of our group of companies insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.

We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

Financial transactions relating to our website and services may be handled by our payment services providers. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.

We may share your data with healthcare providers and clinicians involved in your care, for the purposes of providing ADHD assessment and related services.

In addition to the specific disclosures of personal data set out in this section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

We do not sell your personal data to third parties. Your data is not used to train external AI systems.

5. Retaining and Deleting Personal Data

Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

We will retain your personal data as follows:

  • Account and registration data: will be retained for a minimum period of 120 days following initial communication and for a maximum period of 360 days following last communication.
  • Clinical records: 8 years in accordance with NHS guidelines.
  • Financial records: 7 years for tax and legal purposes.

In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the nature of the data and the purposes for which it is processed.

Notwithstanding the other provisions of this section, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

6. Amendments

We may update this policy from time to time by publishing a new version on our website.

You should check this page occasionally to ensure you are happy with any changes to this policy.

We may notify you of significant changes to this policy by email.

7. Your Rights

You may instruct us to provide you with any personal information we hold about you; provision of such information will be subject to no fee and the supply of appropriate evidence of your identity.

We may withhold personal information that you request to the extent permitted by law.

You may instruct us at any time not to process your personal information for marketing purposes.

In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes.

Under UK GDPR, you also have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data (“right to be forgotten”)
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Request transfer of your data to another provider
  • Right to Object: Object to certain types of processing
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise any of these rights, please contact us at privacy@mindora.ai

8. About Cookies

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

We use cookies for the following purposes:

  • Authentication: We use cookies to identify you when you visit our website and as you navigate our website.
  • Security: We use cookies as an element of the security measures used to protect user accounts and to protect our website and services generally.
  • Analysis: We use cookies to help us analyse the use and performance of our website and services.
  • Cookie consent: We use cookies to store your preferences in relation to the use of cookies.

We use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Google's privacy policy is available at: policies.google.com/privacy.

Most browsers allow you to refuse to accept cookies and to delete cookies. Blocking all cookies will have a negative impact upon the usability of many websites. If you block cookies, you will not be able to use all the features on our website.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Your data is stored securely and encrypted in transit. We regularly review our security practices to ensure your information remains protected.

10. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Email: privacy@mindora.ai

General enquiries: clinicians@mindora.ai

11. Complaints

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. Visit ico.org.uk for more information.

12. About Mindora Ltd

This website is owned and operated by Mindora Ltd.

You can contact us by email using the address published on our website, or by using our website contact form.