Siffi - Privacy policy

Revised on 31.12.2025

Minudoc OÜ (the  “Company”, “Siffi”, “we” ) values your privacy. This notice explains what personal data we process when you use the Siffi platform, why we process it, how long we keep it, who we share it with, and what rights you have under the GDPR.

Who we are (Controller) and how to contact us?

Controller: MinuDoc OÜ (operating the Siffi platform).
Email: contact@siffi.com

Data Protection Officer (DPO): Tarmo Pihl
DPO email: privacy@siffi.com

Important: Siffi provides a workplace wellbeing platform and does not provide healthcare services. Wellbeing specialists available via Siffi provide wellbeing support (e.g., counselling, coaching, therapy-style support where allowed by applicable law and professional standards). If you need urgent medical help, contact emergency services.

Our role vs. other parties (Controller/Processor)

Siffi can act in different roles depending on the processing activity:

1. Siffi as Controller (platform operations)
   Siffi acts as an independent controller for platform operations such as:
   • account creation and login,
   • platform security and fraud prevention,
   • customer support,
   • platform analytics (non-content),
   • billing and accounting for platform fees (where applicable),
   • compliance and audit.
2. Siffi as Processor (data transmission for specialists)
   When you use the platform to communicate with a wellbeing specialist, Siffi may process certain content on behalf of the specialist to enable secure messaging, booking, and service delivery via the platform. In those cases, the specialist is the controller for the content they process for service delivery, and Siffi acts as a processor (under a data processing agreement).
3. Employer customer (where your access is provided by your workplace)
   If your employer provides Siffi as a workplace benefit, your employer is typically a controller for employee eligibility (e.g., who can access the benefit and at what level). Siffi processes limited data to administer access to the service.

What data we collect and where we get it from

We collect personal data directly from you, from your device/app, and from interactions on the platform. We also receive certain data from your wellbeing specialist (e.g., booking confirmations and service metadata) and, where applicable, from your employer (e.g., eligibility status).

Data categories

A) Account and identity data

• first and last name,
• e-mail address, phone number,
• language and communication preferences,
• employer eligibility status (if your employer provides access).

B) Service and transaction data

• bookings (date/time), duration, provider chosen,
• transaction records (platform-related billing records, if applicable),
• service usage events (e.g., feature use, session count).

C) Wellbeing and sensitive content (may include special category data)

Because Siffi relates to wellbeing and mental health, content you share may include health-related information (special category data under GDPR), such as:

• messages you send to a wellbeing specialist via the platform,
• issues and goals you describe in chats,
• wellbeing profile information from questionnaires across multiple wellbeing dimensions,
• attachments you voluntarily share (photos, videos, files) for better support decisions,
• AI counsellor conversation content and summaries (see Section 8).

D) Support, quality, and technical data

• support requests and related correspondence,
• quality feedback (e.g., ratings and comments, where provided),
• device and app logs: device model, OS, app version, permissions, security-related logs, IP address (as applicable),
• diagnostic logs for error prevention and troubleshooting.

Optional data: profile photo; attachments; some questionnaire items (where marked optional).

Why we process your data and what happens if you don’t provide it

We process personal data to:

• create and manage your account,
• enable bookings and communication with wellbeing specialists,
• operate the supervised chat and AI counsellor features (if you choose to use them),
• provide customer support and maintain service quality,
• ensure platform security and prevent misuse,
• meet legal and accounting obligations.

If you do not provide the data required to create an account and use core features (e.g., contact details), we cannot provide access to the platform. If you do not provide (or withdraw) consent for processing wellbeing/health-related content, you may not be able to use features that require such content (e.g., chat, AI counsellor, certain questionnaires).

Legal bases for processing (GDPR)

1. Article 6 GDPR (general personal data)
   • Contract necessity (Art. 6(1)(b)) – to provide the platform and requested services (account, booking, messaging delivery, platform functions).
   • Legitimate interests (Art. 6(1)(f)) – to secure the platform, prevent fraud, ensure availability, and improve reliability (e.g., security logging, abuse prevention).
   • Legal obligation (Art. 6(1)(c)) – to comply with legal requirements (e.g., accounting and audit).
2. Article 9 GDPR (special category data, incl. health-related wellbeing content)
   Where processing involves health/wellbeing content, we rely on:
   • Explicit consent (Art. 9(2)(a)) – for processing wellbeing/health-related content in chats, questionnaires, and AI features, and for transmitting such content via the platform.

Who we share data with (recipients)

We share data only as necessary for the purposes described above:

1. Wellbeing specialists
   To enable bookings and communication, we share relevant data with the specialist you choose (e.g., your name/contact, booking details, and messages/attachments you send).
2. Sub-processors (service providers)
   We use trusted providers to operate the platform. Our sub-processors include:
   • OpenAI (AI processing),
   • Microsoft (cloud and/or platform services),
   • Amazon S3 (data storage),
   • Messente (SMS messaging).
   All of the above use EU servers for Siffi processing.
3. Public authorities
   We may disclose data if required by law, court order, or valid request by a competent authority. We may also disclose limited data to establish, exercise, or defend legal claims.
4. Employer customer (workplace-sponsored access)
   We do not share your message content, AI counsellor summaries, attachments, or specialist notes with your employer. See Section 7 for details on what an employer can and cannot see.

What your employer can see (workplace benefit)

If your employer provides Siffi access:

1. Your employer can see:
   • whether you are eligible/activated (yes/no),
   • high-level aggregated and anonymised usage statistics at company level (e.g., total utilisation rates, most used service categories, overall satisfaction trends).
2. Your employer cannot see:
   • your chat messages (with specialists or AI),
   • your AI counsellor conversation summaries,
   • your questionnaire answers and wellbeing profile,
   • attachments you share (photos/videos/files),
   • specialist session content, notes, or any individual-level sensitive data.

AI, supervised chat, and AI counsellor

Siffi uses AI in two features: supervised chat and AI counsellor. These features are designed to support wellbeing guidance and navigation and are not a substitute for human professional support.

Supervised chat (anonymised, no memory)

• In supervised chat we anonymise/pseudonymise your input for AI processing by removing direct identifiers where feasible.
• We do not keep a persistent AI “memory” for supervised chat. Each conversation is processed without carrying your prior supervised chat context forward.

• The AI counsellor may create a short summary of your conversation (e.g., main topics, goals, and agreed next steps).
• This summary is used to provide continuity in future AI counsellor conversations.

International transfers

We do not store or transfer your personal data outside the EEA for Siffi processing. Our listed sub-processors are configured to use EU servers for Siffi processing.

How long we keep your data (retention)

We keep data only as long as necessary for the purposes described, unless a longer period is required by law.

Account data

Stored while your account is active. If you delete your account, we delete or irreversibly anonymise personal identifiers unless we must retain some data for legal obligations.

Wellbeing content (messages, questionnaires, attachments)

Special-category wellbeing content is stored for 7 days from the time it is entered into the platform, after which it is deleted or irreversibly anonymised (unless you choose to keep something longer, e.g., an AI counsellor summary as described below).

AI counsellor summary

The AI counsellor summary is stored for continuity until you delete it or until your account is deleted (unless retention is required by law).

Transaction and accounting records

Accounting and audit records are retained for 7 years (where required by applicable law).

Security and technical logs

Security and diagnostic logs are retained for a limited period necessary to secure the service and investigate incidents, typically 24 months depending on the log type and risk level.

Deleting your account

You can delete your account in the app or web platform (Profile → Delete my account). When you delete your account:

• your personal identifiers (e.g., name, email, phone) are erased,
• any remaining platform statistics may be kept only in anonymised form (no longer linkable to you),
• legally required records (e.g., accounting) are retained for the required period.

Security

We use appropriate technical and organisational measures to protect your data, including (as applicable):

• 2 factor authentication,
• encryption in transit and at rest,
• access controls and least-privilege access,
• logging and monitoring,
• secure backups and recovery,
• vendor due diligence and data processing agreements,
• incident response procedures.

Your rights under GDPR

You have the right to:

• access your data,
• rectify inaccurate data,
• erase data (where applicable),
• restrict processing (where applicable),
• object to processing based on legitimate interests,
• data portability (for data processed on contract or consent, where technically feasible),
• withdraw consent at any time (in your account settings; withdrawal does not affect earlier lawful processing),
• lodge a complaint with the supervisory authority.

Changes to this notice

Revised on 31.12.2025

This privacy notice explains how we (the “Provider”) processes your personal data when you book and receive services from us via the Siffi platform.

Important: Siffi (Minudoc OÜ) operates the platform and has its own privacy notice. This notice applies to the Provider’s processing for providing services to you.

Who we are (Data Controller) and how to contact us

Our contact information will be shared with you when you make a booking. You can also inquire about the details regarding the Provider from Siffi (Minudoc OÜ) platform.

Our relationship with Siffi and roles (Controller/Processor)

The Provider is the data controller for processing your personal data for the purpose of delivering the service to you (including any notes/records we create in relation to the service, where applicable).

Siffi (Minudoc OÜ) is a separate party that operates the platform. Siffi may process your data as an independent controller for platform operations (accounts, platform security, support) and may also act as a processor where it technically enables secure communication and booking flows between you and the Provider.

What data we process and where we get it from

We may process the following categories of data:

A) Identity and contact data

• name, contact details (email/phone), employer info

B) Booking and service data

• booking time/date, duration, language preference,
• records necessary to deliver the service (e.g., session goals),
• service delivery metadata (e.g., attendance, cancellations).

C) Wellbeing and sensitive content (may include special category data)

Because services may relate to mental wellbeing, information you share may include health-related or other sensitive information (special category data under GDPR), such as:

• issues, symptoms, or personal circumstances you describe,
• messages and attachments you send via platform,
• questionnaires or assessments you complete (if used)..

D) Billing and accounting data

• service price, invoices/receipts (where applicable), payment status (where applicable).

E) Technical data (limited)

• minimal data needed to provide the service via the platform (e.g., confirmation of message delivery/booking).

Sources: We receive data (i) from you, (ii) from Siffi in connection with your booking and platform communications, and (iii) only if applicable from third-party systems that you explicitly connect or that are required by law for regulated providers.

Why we process your data

We process your data to:

1. Provide the service you book (including preparation and follow-up).
2. Communicate with you about your booking and service delivery.
3. Manage billing/accounting and comply with legal obligations.
4. Ensure safety and protect rights (e.g., handling complaints, preventing misuse, or responding to emergencies where necessary).

If you do not provide the required data, we may be unable to deliver the service (e.g., contact you, confirm bookings, or provide appropriate support).

Legal bases for processing (GDPR)

We rely on the following legal bases depending on the situation:

1. General personal data (Article 6 GDPR)
   • Contract (Art. 6(1)(b)) – to provide the service you request (booking, communication, delivery).
   • Legal obligation (Art. 6(1)(c)) – accounting, statutory recordkeeping (where applicable).
   • Legitimate interests (Art. 6(1)(f)) – service integrity, safety, preventing fraud/abuse, handling disputes (balanced against your rights).
   • Vital interests (Art. 6(1)(d)) – only in urgent situations to protect life.
2. Special category data (Article 9 GDPR)
   
   Because wellbeing services may involve health-related information, we rely on one of the following:
   • Explicit consent (Art. 9(2)(a)) – where we process wellbeing/health-related content (e.g., detailed discussions, questionnaires, attachments) and where consent is the appropriate basis for the Provider’s model; and/or
   • Provision of care / treatment by a regulated professional (Art. 9(2)(h)) – only if the Provider is a regulated health professional/organisation and this basis applies under local law and professional secrecy requirements.

Withdrawal of consent: If we rely on consent, you can withdraw it at any time. Withdrawal does not affect earlier lawful processing. Please note that withdrawing consent may limit our ability to provide the service going forward.

Recording (audio/video) and notes

• Video sessions: If video sessions are used, audio/video is processed to conduct the session.
• Recordings: We do not record sessions.
• Notes/records: The Provider may keep service-related notes/records to ensure continuity and quality of support and to meet legal obligations where applicable.

Who we share data with (recipients)

We do not sell your data. We may share it only as necessary:

• Siffi (Minudoc OÜ) – to enable platform messaging, booking, and service delivery via the platform.
• IT and professional service providers supporting the Provider (e.g., secure email, accounting, legal advisers), under confidentiality and data processing agreements where required.
• Authorities – if required by law, court order, or to protect rights.
• Corporate transactions – if the Provider undergoes merger/acquisition/restructuring; we will apply appropriate safeguards.

International transfers

We aim to keep processing within the EEA. If we ever transfer personal data outside the EEA, we will do so only with appropriate safeguards (e.g., EU Standard Contractual Clauses) and will provide additional information on request.

How long we keep your data (retention)

We keep data only as long as needed for the purposes in this notice and as required by law:

• Booking and service administration data: retained for 7 years after the last service interaction (to manage follow-ups, complaints, and continuity), unless a different legal period applies.
• Accounting records: retained for 7 years.
• Service notes/records: retained according to applicable professional and legal requirements. If the Provider is a regulated healthcare provider, statutory retention periods may be significantly longer.

When retention ends, we delete or irreversibly anonymise the data.

Your rights (GDPR)

You have the right to:

• access your data,
• correct inaccurate data,
• request deletion (where applicable),
• restrict processing (where applicable),
• object to processing based on legitimate interests,
• data portability (for data processed on contract/consent, where applicable),
• withdraw consent (if consent is the basis),
• lodge a complaint with your supervisory authority.

How to exercise rights: contact us at privacy@siffi.com.

If you are not satisfied, you can contact the relevant Data Protection Authority in your country. In Estonia, this is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).

Security

We apply appropriate technical and organisational measures to protect personal data, including access controls, confidentiality obligations, secure storage, and incident handling processes.

Changes to this notice

We may update this notice from time to time. The updated version will be made available before you book new services (and/or within the platform).