Privacy Policy

1. Overview

PsyBank (operated by Psikonet Yayıncılık ve Eğitim A.Ş., "we", "us", "our") is an online therapy and psychological support platform available at www.psybank.com. This Privacy Policy describes how we collect, use, store, share, and protect personal information and Google user data when you use our services.

2. Data We Collect

We collect the following categories of data:

• Account Information: Name, email address, phone number, password (hashed)
• Professional Information (therapists only): Specialization, diploma details, license information
• Appointment Data: Scheduled dates, times, duration, session notes
• Payment Information: Billing details processed through secure third-party payment providers
• Google User Data: When you connect your Google Calendar, we access your calendar events (event titles, dates, times, locations) to synchronize appointments. See Section 4 for details.

3. How We Use Your Data

We use collected data solely for the following purposes:

• Providing and improving our online therapy platform services
• Managing appointments and sending reminder notifications
• Synchronizing your calendar events between PsyBank and Google Calendar
• Communicating with you about your account and appointments
• Ensuring platform security and preventing fraud

We do not use your data for advertising, marketing to third parties, or any purpose unrelated to providing or improving user-facing features of PsyBank.

4. Google Calendar Integration

PsyBank integrates with Google Calendar to help therapists manage their appointments. This section specifically describes our use of Google user data:

4.1 What Google Data We Access

• Google Calendar events (titles, dates, times, locations, descriptions)
• Basic Google profile information (email address) for account linking

4.2 How We Use Google Data

Google user data is used exclusively for:

• Reading calendar events to display them alongside PsyBank appointments
• Creating calendar events in Google Calendar when appointments are scheduled in PsyBank
• Updating or deleting calendar events when appointments are modified or cancelled

PsyBank's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4.3 Google Data Sharing and Transfer

We do not share, transfer, sell, or disclose Google user data to any third parties.

• Not sold to third parties
• Not used for advertising or marketing purposes
• Not shared with data brokers
• Not transferred to any third-party tools, services, or partners
• Only accessible to the authenticated user who granted calendar access

4.4 Google Data Storage and Retention

Google Calendar data (access tokens, refresh tokens) is stored encrypted on our secure servers. Calendar event data is cached temporarily for synchronization purposes. When a user disconnects their Google Calendar integration: all stored Google tokens are immediately deleted, all calendar event mappings are removed, and no Google user data is retained after disconnection.

4.5 Revoking Google Data Access

You can revoke PsyBank's access to your Google Calendar at any time by going to PsyBank Settings → Calendar → Disconnect, or by going to your Google Account Permissions and removing PsyBank.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share data only in the following limited circumstances:

• Between therapist and client: Appointment information is shared between the assigned therapist and their client within the platform
• Payment processing: Payment information is processed by our secure payment provider (not stored on our servers)
• Legal requirements: When required by Turkish law or valid legal process

6. Data Security

We implement the following security measures to protect your data:

• SSL/TLS encryption for all data transmission
• AES-256 encryption for stored sensitive data (tokens, credentials)
• Secure password hashing (bcrypt)
• Regular security audits and monitoring
• Access controls limiting data access to authorized personnel only
• Secure cloud infrastructure (AWS) with regular backups

7. Data Retention and Deletion

We retain your personal data for as long as your account is active or as needed to provide services. Specifically:

• Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
• Appointment records: Retained for the duration required by Turkish healthcare regulations.
• Google Calendar data: Tokens deleted immediately upon disconnection. Event cache cleared within 24 hours.
• Session logs: Automatically deleted after 90 days.

You may request deletion of your data at any time by contacting us at [email protected].

8. Your Rights

Under Turkish Personal Data Protection Law (KVKK No. 6698) and applicable regulations, you have the right to:

• Know whether your personal data is being processed
• Request information about how your data is processed
• Request correction of inaccurate data
• Request deletion or destruction of your data
• Withdraw consent at any time

9. Cookies

We use essential cookies for session management and authentication. We do not use tracking cookies or third-party advertising cookies.

10. Changes

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. We will notify users of significant changes via email.