Privacy Policy

Information about the protection of your personal data

1. Data Controller

The data controller responsible for data processing on this website is:

MatchYour GmbH

Domgasse 14

1010 Vienna, Austria

datenschutz@matchyourtherapy.at

2. Data Collection

Account Data

During registration, we collect: Name, email address, encrypted password. For therapists additionally: Professional qualifications, practice address, specializations.

Matching Data

For therapy matching, we collect information about: Therapy preferences, format preferences (online/in-person), location, preferred language. This data is processed anonymously and not shared with therapists unless you explicitly consent.

Usage Data

We automatically collect: IP address (anonymized), browser type, operating system, access times, pages visited. This data serves security and service improvement purposes.

3. Legal Basis

Art. 6 (1) a GDPR:Consent (e.g., newsletter, sharing matching results)
Art. 6 (1) b GDPR:Contract fulfillment (account management, matching service)
Art. 6 (1) c GDPR:Legal obligations (invoice retention)
Art. 6 (1) f GDPR:Legitimate interests (security, fraud prevention)

4. Special Category: Health Data

During the matching process, you may voluntarily provide information about your mental well-being. This data is subject to special protection under Art. 9 GDPR.

Processing only with your explicit consent (Art. 9 (2) a GDPR)
Data is stored encrypted
No third-party access without your release
Deletion possible at any time upon request

5. Third Parties & Data Transfer

We use the following service providers who process data on our behalf:

Vercel Inc.

Hosting (servers in Frankfurt, EU)

Stripe Inc.

Payment processing (SCC, certified)

Resend

Email delivery (transactional emails)

Cloudinary

Image optimization & storage

Neon

Database (PostgreSQL, EU servers)

Groq Inc.

AI analysis for matching (USA) – filtered data

PostHog Inc.

Web analytics (EU servers) – consent required

Microsoft Clarity

Session replay & heatmaps (USA/SCC) – consent required

Special Protection for AI Processing

For AI-powered matching, we use Groq Inc. (USA). To protect your privacy, we have implemented the following technical measures:

Automatic anonymization: Before each API call, names, email addresses, phone numbers, addresses, cities, company names and age references are automatically replaced with placeholders (e.g. [NAME], [CITY])
Reduced identifiability: Groq receives filtered therapy preferences from which typical identification features have been removed
No training with your data: Your data is not used to train AI models
Temporary processing: Data is only processed for the duration of the request and not stored

These technical measures are designed to prevent the transmission of personal data to Groq. Transmission of typical identification features (names, contact details, addresses) is prevented through automated filtering.

Data processing agreements according to Art. 28 GDPR exist with all service providers.

International Data Transfers (Schrems II)

Some of our service providers are based in the USA or other third countries. We have implemented the following safeguards for these transfers:

EU Standard Contractual Clauses (SCC) according to Art. 46 (2) c GDPR
Supplementary technical measures (encryption, pseudonymization)
Transfer Impact Assessments (TIA) for each US provider
Preference for EU server locations where possible

Providers in EU/EEA: Vercel (Frankfurt), Neon (EU), PostHog (EU). Providers with SCC: Stripe, Cloudinary, Resend, Microsoft Clarity. For Groq, we implement additional technical filtering measures (see above). Analytics tools (PostHog, Clarity) are only activated with your consent.

6. Automated Decision-Making

In accordance with Art. 22 GDPR, we inform you about the use of automated decision-making:

AI-powered Matching

Our matching algorithm uses artificial intelligence to suggest suitable therapists. These suggestions are based on your therapy preferences, preferences, and location.

Your Rights

Matching results are recommendations, not binding decisions
You freely decide which therapists to contact
You can request a manual review of results at any time
You can express your point of view and contest the decision

For a manual review or questions about our automated systems, contact us at: datenschutz@matchyourtherapy.at

7. Cookies

Our website uses cookies. We distinguish between:

Necessary Cookies

Session cookies for login and security. These are required for website operation.

Functional Cookies

Store your preferences like language and theme. Only with your consent.

Analytics Cookies (optional)

With your explicit consent, we use the following analytics tools to improve our service:

PostHog (EU servers): Analysis of user behavior to optimize the matching process. Provider: PostHog Inc., data is processed on EU servers.
Microsoft Clarity (USA): Session replay and heatmaps to improve usability. Provider: Microsoft Corporation (USA). Legal basis: EU Standard Contractual Clauses.

These tools are only activated after your active consent in the cookie banner. You can withdraw your consent at any time.

You can change your cookie settings at any time via the cookie banner or in your browser.

8. Your Rights

According to GDPR, you have the following rights:

Right of access (Art. 15)
Right to rectification (Art. 16)
Right to erasure (Art. 17)
Right to restriction (Art. 18)
Right to data portability (Art. 20)
Right to object (Art. 21)

Right to Complain

You have the right to complain to the Austrian Data Protection Authority:

Austrian Data Protection Authority
Barichgasse 40-42, 1030 Vienna
dsb@dsb.gv.at

9. Data Retention

Account dataUntil account deletion
Matching data12 months after last use
Billing data7 years (legal retention requirement)
Server logs30 days

10. Data Protection Contact

For questions about data protection or to exercise your rights, please contact us at:

datenschutz@matchyourtherapy.at

We will respond to your request within 30 days.

Last updated: February 2026