Privacy Policy

Last updated: March 2026

Who we are

MoodHelp Ltd ("we", "us", "our") operates myworries.com. We are registered in England and Wales. We take the privacy of children and families extremely seriously.

Data we collect

• Account data: Email address, password (hashed), name
• Child profile data: Display name (can be nickname), age, developmental track
• Clinical data: Worry Profile scores, exposure attempt records, daily check-ins, PAI responses
• Safety data: Safety flags are retained for 7 years in accordance with safeguarding legislation
• Usage data: Feature interactions, session duration (anonymised)

How we use your data

• To provide the myworries service and personalise your child's experience
• To generate clinical assessments (Worry Profile, PAI scoring)
• To detect safety concerns and provide crisis resources
• To improve the service (anonymised, aggregated data only)

Data we never collect or share

• We never sell data to third parties
• We never use data for advertising
• We never share identifiable data with schools, insurers, or employers
• We do not use tracking cookies for advertising purposes

Children's data (ICO Children's Code)

We comply with the ICO Age Appropriate Design Code (Children's Code). This means:

• Privacy settings are set to the highest level by default
• We do not use nudge techniques to encourage data sharing
• Geolocation is never collected
• Profiling is used only to provide the clinical service, never for commercial purposes
• Data minimisation: we collect only what is necessary for the service
• No pre-ticked consent boxes

Your rights under UK GDPR

You have the right to:

• Access your data (data portability)
• Correct inaccurate data
• Delete your data (right to erasure), except safety flags retained under legal obligation
• Object to processing
• Withdraw consent at any time

Data retention

• Account data: retained while account is active, deleted 90 days after account deletion
• Clinical data: deleted upon account deletion request
• Safety flags: retained for 7 years (legal obligation under safeguarding legislation)
• Anonymised research data (if consented): retained indefinitely

Security

All data is encrypted in transit (TLS 1.3) and at rest. We use Supabase (PostgreSQL) with Row Level Security policies. Access to production data is restricted and audited.

Contact

For privacy enquiries: privacy@myworries.com