Skip to main contentSkip to navigation
matchyourtherapymatchyourtherapy
MatchingTherapistsKnowledge
Loading...
MatchYourTherapy logomatchyourtherapy

Find the right psychotherapy in Austria, anonymous, free, and easy to understand.

Navigation

  • Home
  • About us
  • Find Therapists
  • By city
  • By topic
  • Knowledge & Self-Help
  • Pricing for Therapists

Legal

  • Security
  • Privacy Policy
  • Terms of Service
  • Imprint
  • Data Processing Agreement
  • Accessibility

Contact

  • info@matchyourtherapy.at
  • Instagram (opens in new tab)

In an acute crisis? Help is available right now.

If you or someone else is in immediate danger, contact one of these services NOW, they are free and reachable 24/7.

  • 142 — Telefonseelsorge (24/7 helpline)
  • 147 — Rat auf Draht (children & teens)
  • 0800 222 555 — Women's helpline against violence
  • 144 — Emergency services
See all emergency numbers →

© 2026 MatchYourTherapy. All rights reserved.

Made with in Austria

Privacy Policy

Information about the protection of your personal data

Table of Contents

  1. Data Controller
  2. Data Collection
  3. Legal Basis
  4. Health Data
  5. Third Parties & Data Transfer
  6. Automated Decisions
  7. Cookies
  8. Your Rights
  9. Data Retention
  10. Contact

1. Data Controller

The data controller responsible for data processing on this website is:

MMag. DDr. Gregor Studlar BA (MatchYour GmbH i.G.)

Domgasse 14

4020 Linz, Austria

datenschutz@matchyourtherapy.at

2. Data Collection

Account Data

During registration, we collect: Name, email address, encrypted password. For therapists additionally: Professional qualifications, practice address, specializations.

Matching Data

For therapy matching, we collect information about: Therapy preferences, format preferences (online/in-person), location, preferred language. This data is processed anonymously and not shared with therapists unless you explicitly consent.

Usage Data

IP addresses are processed only transiently from request headers for rate-limit checks and spam protection; they are not stored in our database. Browser type, operating system, access times and pages visited are recorded as standard hosting logs by our hosting provider Vercel (retention see section 9).

3. Legal Basis

  • Art. 6 (1) a GDPR:Consent (e.g., newsletter, sharing matching results)
  • Art. 6 (1) b GDPR:Contract fulfillment (account management, matching service)
  • Art. 6 (1) c GDPR:Legal obligations (invoice retention)
  • Art. 6 (1) f GDPR:Legitimate interests (security, fraud prevention)

4. Special Category: Health Data

During the matching process, you may voluntarily provide information about your mental well-being. This data is subject to special protection pursuant to Art. 9 GDPR.

  • Processing only with your explicit consent (Art. 9 (2) a GDPR)
  • Contact-inquiry contents (name, email, phone, message, matching answers) are stored in our database encrypted with AES-256-GCM; the key is held exclusively on our application server and is never transmitted to any subprocessor
  • No third-party access without your authorization
  • Deletion possible at any time upon request

5. Third Parties & Data Transfer

We use the following service providers who process data on our behalf:

Vercel Inc.

Hosting (servers in Frankfurt, EU). Additionally Vercel Web Analytics and Speed Insights for page views and performance metrics, both only with your consent.

Stripe Inc.

Payment processing (SCC, certified)

Brevo (Sendinblue SAS)

Delivery of transactional emails (registration confirmation, contact-inquiry notification, password reset) as well as email marketing lists for registered therapists (servers in France, EU). You can unsubscribe at any time via the unsubscribe link in every marketing email or by deleting your account.

Cloudinary

Image optimization & storage

Neon

Database (PostgreSQL, EU servers)

Anthropic PBC

AI analysis for matching using Claude models (USA/SCC, currently not active), only pseudonymized therapy preferences, see "Special Protection for AI Processing" below

Unsplash Inc.

Embedded stock photos (USA/SCC), when loading images, your IP address may be transmitted to Unsplash

PostHog Inc.

Web analytics (EU servers), both client-side and server-side only with your consent

Google (Gemini API)

AI summary of public Google reviews shown on therapist profiles (USA/SCC). Only already-public review texts are processed, never contact or matching data.

Special Protection for AI Processing

Important note on the current status: The AI-assisted matching and chat feature is currently disabled. At present, a language model is used exclusively by Google to summarize public Google reviews (see the third-party list); no contact or matching data is processed in doing so. Once the AI-assisted matching feature is activated, we use Anthropic PBC (USA) for it and have implemented the following technical measures to protect your privacy:

  • Automatic pseudonymization: Before each API call, structured fields (name, city) are replaced with placeholders (e.g. [NAME], [CITY_T]). Free-text inputs are additionally scrubbed by regex filters: email addresses, Austrian phone numbers (+43/06xx), street addresses and postal code-city combinations are automatically detected and replaced with placeholders such as [EMAIL], [PHONE], [ADDRESS] and [LOCATION].
  • Reduced identifiability: Anthropic only receives pseudonymized therapy preferences (categories, scores, methods) from which typical identification features have been removed. When therapist and patient are in the same city, this is communicated as contextual information without revealing the actual city name.
  • No training with your data: Under Anthropic's terms of service for API customers, your data is not used to train the Claude models.
  • Limited retention: By default, Anthropic retains API inputs for up to 30 days for abuse monitoring and then deletes them. Because we pseudonymize before every call, those logs contain no identifying patient data.

These technical measures are designed to prevent the transmission of identifying personal data to Anthropic. Structured fields (name, city) are replaced with fixed placeholders, and free-text inputs are additionally filtered through regular expressions. The filtering is verified through automated tests.

Data processing agreements pursuant to Art. 28 GDPR or corresponding data protection agreements exist with all service providers that process personal data on our behalf.

International Data Transfers (Schrems II)

Some of our service providers are based in the USA or other third countries. We have implemented the following safeguards for these transfers:

  • EU Standard Contractual Clauses (SCC) pursuant to Art. 46 (2) c GDPR
  • Supplementary technical measures (encryption, pseudonymization)
  • Transfer Impact Assessments (TIA) for each US provider
  • Preference for EU server locations where possible

Providers in EU/EEA: Vercel (hosting in Frankfurt), Brevo (France, EU), Neon (EU), PostHog (EU). Providers with SCC: Stripe, Cloudinary, Anthropic, Google (AI summary of public reviews), Unsplash, Vercel (Analytics/Speed Insights run on US infrastructure). Image uploads are processed exclusively through our server, your IP address is not transmitted to Cloudinary. For Anthropic, we implement additional technical filtering measures (see above). Analytics tools (PostHog, Vercel Web Analytics, Vercel Speed Insights) are only activated with your consent, both client-side and server-side.

6. Automated Decision-Making

Pursuant to Art. 22 GDPR, we inform you about the use of automated decision-making:

AI-powered Matching

Our matching algorithm uses artificial intelligence to suggest suitable therapists. These suggestions are based on the information you provide about your therapy needs, preferences, and location.

Your Rights

  • Matching results are recommendations, not binding decisions
  • You freely decide which therapists to contact
  • You can request a manual review of results at any time
  • You can express your point of view and contest the decision

For a manual review or questions about our automated systems, contact us at: datenschutz@matchyourtherapy.at

7. Cookies

Our website uses cookies. We distinguish between:

Necessary Cookies

Session cookies for login and security. These are required for website operation.

Functional Cookies

Store your preferences, such as language and theme. Only with your consent.

Analytics Cookies (optional)

With your explicit consent, we use the following analytics tools to improve our service:

  • PostHog (EU servers): Analysis of user behavior to optimize the matching process. Provider: PostHog Inc., data is processed on EU servers.

These tools are only activated after your active consent in the cookie banner. You can withdraw your consent at any time.

You can change your cookie settings at any time via the cookie banner or in your browser.

8. Your Rights

Pursuant to the GDPR, you have the following rights:

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure (Art. 17)
  • Right to restriction (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object (Art. 21)

Right to Complain

You have the right to complain to the Austrian Data Protection Authority:

Austrian Data Protection Authority
Barichgasse 40-42, 1030 Vienna
dsb@dsb.gv.at

9. Data Retention

  • Account dataUntil account deletion
  • Contact inquiries, content (name, email, phone, message, topics, severity, postcode region)Name, email, phone, message and topic data are stored encrypted (AES-256-GCM). Severity and postcode region are stored only as coarse categories that are not identifying on their own. 30 days after receipt all of these fields are automatically purged from our database by a daily cron job. You can also delete your inquiry yourself at any time via the link in the confirmation email. The email notification that was sent to the therapist at the time of the inquiry is subject to the therapist's professional confidentiality obligation and is not covered by this deletion.
  • Contact inquiries, pseudonymized residual data (therapist ID, timestamp, match score, technical status flags)12 months after anonymization; the record is then deleted from the database entirely. Topic, severity and postcode-region data are already removed by the 30-day deletion and are not retained beyond it. The remaining fields still count as pseudonymized pursuant to Art. 4 (5) GDPR.
  • Matching session data (wizard answers, if not submitted)12 months after last use
  • Billing data7 years (legal retention requirement)
  • Server logsVercel Hobby plan: approx. 1 hour; longer accordingly on plan upgrade

10. Data Protection Contact

For questions about data protection or to exercise your rights, please contact us at:

datenschutz@matchyourtherapy.at

We will respond to your request within 30 days.

Last updated: May 2026