Privacy Policy

1. Privacy Policy for PCC Freemind

Last Updated: 1st of October 2025

PCC Freemind Privacy Policy

PCC Freemind (“we,” “our,” or “us”) is committed to protecting your privacy and providing a safe, secure environment for all users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the “App”), which connects youths with professional counselors for support in hygiene, mental health, and social well-being.

By using PCC Freemind, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use the App.

This Privacy Policy complies with:

  • Google Play Developer Program Policies
  • Apple App Store Review Guidelines
  • Cameroon Law No. 2010/012 relating to cybersecurity and cybercrime
  • General Data Protection principles

1. Information We Collect

We are transparent about the data we collect and how we use it. We collect only the information necessary to provide our services.

1.1 Personal Information You Provide

Account Information:

  • Full name
  • Email address
  • Date of birth (to verify age eligibility)
  • User type (youth or counselor)
  • Phone number (optional, for account recovery)

Profile Information:

  • Profile photo (optional)
  • Bio or introduction
  • Areas of interest or concern (e.g., mental health, hygiene, social issues)
  • Preferred counselor attributes
  • Location (city/region only, never precise geolocation)

Health and Counseling Information:

  • Mental health concerns and goals
  • Hygiene-related questions or issues
  • Social life challenges
  • Progress notes and session summaries
  • Self-assessment responses

Communications:

  • Text messages exchanged with counselors
  • Voice messages (if feature is used)
  • Chat history and conversation logs
  • Appointment scheduling details
  • Support tickets and inquiries

Payment Information (for Premium Features):

  • We use secure third-party payment processors (Stripe, PayPal, Mobile Money)
  • We DO NOT store complete credit card numbers, CVV codes, or full banking details
  • We only store: payment method type, last 4 digits (for reference), transaction IDs, and billing email
  • All payment processing is PCI-DSS compliant

Counselor-Specific Information (for verified counselors only):

  • Professional credentials and certifications
  • License numbers and verification documents
  • Specialization areas
  • Availability schedule
  • Professional background

1.2 Information Collected Automatically

Usage Data:

  • Features accessed and frequency of use
  • Session duration and timestamps
  • Navigation patterns within the App
  • Button clicks and user interactions
  • Search queries within the App
  • Appointment booking and cancellation history

Device Information:

  • Device type and model
  • Operating system and version
  • Unique device identifiers (anonymized)
  • App version
  • Mobile network information (carrier name)
  • IP address (for security and fraud prevention only)
  • Time zone and language settings

Performance and Diagnostic Data:

  • Crash reports and error logs
  • Performance metrics (app load time, response times)
  • Network connectivity status
  • Battery usage (to optimize app performance)

1.3 Information We Do NOT Collect

We explicitly DO NOT collect:

  • ❌ Precise geolocation or GPS coordinates
  • ❌ Access to your contacts without permission
  • ❌ Access to your photo gallery without permission
  • ❌ Microphone access outside of voice messaging feature
  • ❌ SMS or phone call logs
  • ❌ Data from other apps on your device
  • ❌ Clipboard data
  • ❌ Information from children under 13 years old

        2. How We Use Your Information

        We use collected information for the following specific purposes:

        2.1 Service Delivery

        • Create and manage your account
        • Match you with appropriate qualified counselors based on your needs and preferences
        • Facilitate secure counseling sessions (chat, voice, video)
        • Store conversation history for continuity of care
        • Send appointment reminders and notifications
        • Process payments for premium services
        • Provide customer support

        2.2 Service Improvement

        • Analyze usage patterns to improve app features
        • Identify and fix bugs or technical issues
        • Optimize app performance and user experience
        • Develop new features based on user needs
        • Conduct internal research and analytics

        2.3 Safety and Security

        • Prevent fraud, abuse, and unauthorized access
        • Detect and prevent harmful or illegal activities
        • Verify counselor credentials and qualifications
        • Monitor for crisis situations requiring intervention
        • Enforce our Terms of Service
        • Comply with legal obligations

        2.4 Communications

        • Send important service updates and announcements
        • Respond to your inquiries and support requests
        • Send optional promotional messages (only if you opt-in)
        • Notify you of policy changes

        3. How We Share Your Information

        We DO NOT sell, rent, or trade your personal information to third parties for marketing purposes.

        3.1 With Your Counselor

        • Your profile information, health concerns, and chat history are shared with your matched counselor(s) to provide effective support
        • Counselors are bound by strict confidentiality agreements and professional ethics codes
        • You can request to switch counselors at any time

        3.2 With Service Providers (Third-Party Processors)

        We share limited data with trusted vendors who help us operate the App:

        Cloud Hosting & Storage:

        • Firebase (Google) – for database and authentication
        • AWS or similar – for file storage
        • Data is encrypted both in transit and at rest

        Payment Processing:

        • Stripe, PayPal, or Mobile Money providers
        • They have their own privacy policies and security measures

        Analytics & Performance:

        • Firebase Analytics (anonymized usage data only)
        • Crashlytics (error reporting)
        • No personally identifiable information (PII) is shared with analytics providers

        Communication Services:

        • Push notification providers (for appointment reminders)
        • Email service providers (for account emails only)

        All third-party service providers:

        • Are contractually obligated to protect your data
        • May only use data to perform services for us
        • Cannot use your data for their own purposes
        • Must comply with applicable data protection laws

        We may disclose information when required by law:

        • In response to valid legal requests from Cameroonian authorities under Law No. 2010/012
        • To comply with court orders, subpoenas, or legal processes
        • To protect our rights, property, or safety
        • To protect the rights, property, or safety of our users or the public
        • To detect, prevent, or address fraud, security, or technical issues

        3.4 In Emergency Situations

        If we have reasonable grounds to believe there is:

        • Imminent risk of serious harm to yourself or others
        • Evidence of child abuse or neglect
        • Threat of violence

        We may disclose necessary information to:

        • Emergency services (police, ambulance)
        • Mental health crisis teams
        • Designated emergency contacts (if provided by you)

        Our counselors are trained to recognize crisis situations and follow established emergency protocols.

        3.5 Business Transfers

        In the event of a merger, acquisition, or sale of assets:

        • We will notify you via email and/or prominent notice in the App
        • Your data will be transferred only under the same privacy protections
        • You will have the option to delete your account before the transfer

        We may share information in other circumstances with your explicit consent.

        4. Data Security Measures

        We implement industry-standard security measures to protect your data:

        4.1 Technical Security

        Encryption:

        • All data transmitted between your device and our servers uses TLS 1.3 encryption (HTTPS)
        • All sensitive data at rest is encrypted using AES-256 encryption
        • Chat messages and health information are end-to-end encrypted where technically feasible

        Password Security:

        • Passwords are one-way hashed using bcrypt/Argon2 algorithms
        • We CANNOT see, retrieve, or access your password
        • Even our administrators cannot log into your account without your password
        • Password reset requires email verification
        • Minimum password requirements enforced (8+ characters, mix of types)

        Authentication:

        • Secure session management with automatic timeout
        • Two-factor authentication available (optional)
        • Biometric authentication support (fingerprint, Face ID)

        Infrastructure Security:

        • Secure, certified cloud hosting providers
        • Regular security audits and penetration testing
        • Automated backup systems with encryption
        • DDoS protection and firewall systems

        4.2 Organizational Security

        • Limited employee access to personal data (need-to-know basis only)
        • All staff sign confidentiality agreements
        • Regular security training for all team members
        • Counselors undergo background checks and credential verification
        • Incident response plan for data breaches

        4.3 Your Role in Security

        To keep your account secure:

        • ✅ Use a strong, unique password
        • ✅ Enable two-factor authentication
        • ✅ Never share your password with anyone
        • ✅ Log out after using shared devices
        • ✅ Keep your app updated to the latest version
        • ✅ Report suspicious activity immediately

        Important: While we implement robust security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we continuously work to protect your information.

        5. Your Data Rights and Choices

        Under Cameroonian law and international data protection principles, you have the following rights:

        5.1 Access and Portability

        • Access: Request a copy of all personal data we hold about you
        • Portability: Receive your data in a structured, commonly-used, machine-readable format (JSON, CSV)
        • Timeline: We will respond within 30 days

        5.2 Correction and Update

        • Update your profile information anytime in the App settings
        • Request correction of inaccurate or incomplete data
        • We will update your information within 7 days of verification

        5.3 Deletion (Right to be Forgotten)

        • Request account deletion at any time via App settings or email
        • What gets deleted:
          • Account credentials
          • Profile information
          • Personal health data
          • Chat history
          • Payment records (except as required for legal/accounting purposes)
        • Timeline: Deletion completed within 30 days
        • Note: Some data may be retained for legal compliance (e.g., financial records for 7 years)

        5.4 Restriction and Objection

        • Object to certain data processing activities
        • Restrict processing of your data under specific circumstances
        • Opt-out of marketing communications (you’ll still receive service-related messages)

        5.5 Data Retention Control

        • You can request early deletion of specific data (e.g., old chat logs)
        • You can download your data before deletion

        5.6 How to Exercise Your Rights

        To exercise any of these rights:

        • Email: privacy@pccfreemind.com
        • In-App: Settings → Privacy → Data Rights
        • Mail: PCC Freemind, Buea, Southwest Region, Cameroon

        We will verify your identity before processing requests.

        6. Data Retention

        We retain your personal information only as long as necessary:

        Data TypeRetention PeriodReason
        Account InformationUntil account deletionService provision
        Chat/Session HistoryUntil account deletion or 3 yearsContinuity of care
        Payment Records7 years after transactionLegal/tax requirements
        Usage Analytics2 years (anonymized)Service improvement
        Crash Logs90 daysTechnical debugging
        Deleted Account Data30 days (backup retention)Recovery window

        After deletion:

        • Data is permanently removed from active systems within 30 days
        • Backup copies are overwritten within 90 days
        • Some anonymized, aggregated data may be retained indefinitely for research (cannot identify you)

        7. Permissions and APIs We Use

        We request only necessary permissions and are transparent about their use:

        7.1 Required Permissions

        Camera (iOS & Android):

        • Purpose: Profile photo upload, sharing images with counselor
        • When used: Only when you tap “Take Photo” or “Video Call”
        • Can be denied: Yes, you can still use the app without camera access

        Microphone (iOS & Android):

        • Purpose: Voice messages, audio/video calls with counselors
        • When used: Only during calls or when recording voice messages
        • Can be denied: Yes, text chat will still work

        Photo Library (iOS & Android):

        • Purpose: Upload existing photos to profile or share with counselor
        • When used: Only when you tap “Choose from Gallery”
        • Can be denied: Yes, you can use camera instead or skip

        Notifications (iOS & Android):

        • Purpose: Appointment reminders, new messages from counselor
        • When used: For time-sensitive communications
        • Can be denied: Yes, but you may miss important updates

        Internet Access (Android):

        • Purpose: Connect to our servers for all app functionality
        • When used: Always (app requires internet)
        • Can be denied: No, app requires internet to function

        7.2 Optional Permissions

        Biometric (Fingerprint/Face ID):

        • Purpose: Quick, secure login
        • When used: Login screen (if enabled in settings)
        • Can be denied: Yes, use password instead

        Calendar (Optional feature):

        • Purpose: Add counseling appointments to your calendar
        • When used: Only if you choose “Add to Calendar”
        • Can be denied: Yes

        7.3 Permissions We NEVER Request

        • ❌ Phone calls or SMS
        • ❌ Contacts access
        • ❌ Location (GPS)
        • ❌ Other apps’ data
        • ❌ Background location
        • ❌ Device admin privileges

        7.4 API Usage

        • We use Google Play Services for push notifications (Android)
        • We use Apple Push Notification Service (iOS)
        • We use Firebase Authentication for secure login
        • All API usage complies with provider policies

        8. Children’s Privacy (COPPA and Age Requirements)

        8.1 Age Restrictions

        • Minimum Age: 13 years old globally, 16 in some regions
        • Users Under 18: Encouraged to use app with parent/guardian knowledge
        • We do NOT knowingly collect data from children under 13
        • While we strongly encourage parental involvement, we do not require parental consent for ages 13-17 as our service provides important mental health support
        • Parents/guardians can contact us to request account deletion for minors
        • We provide age-appropriate counseling with trained youth specialists

        8.3 If We Discover Underage Users

        If we learn we’ve collected data from a child under 13:

        • We will delete the account immediately
        • We will erase all associated data within 30 days
        • We will not use the data for any purpose

        Parents: If you believe your child under 13 has created an account, contact us immediately at privacy@pccfreemind.com.

        9. International Data Transfers

        Primary Data Location: Our servers are located in [specify region, e.g., Europe, USA]

        Cross-Border Transfers:

        • Some service providers may process data outside Cameroon
        • All transfers are protected by:
          • Standard Contractual Clauses (EU-approved)
          • Privacy Shield or equivalent frameworks
          • Encryption in transit and at rest

        Your data is protected regardless of where it’s processed.

        10. Google Play and App Store Compliance

        10.1 Google Play Target API Level Policy

        • Our app targets Android API Level 34 (Android 14) or higher
        • We comply with the latest Google Play security and privacy requirements
        • We regularly update our app to meet new policy requirements

        10.2 Deceptive Behavior – We Commit To:

        • ❌ NO misleading app descriptions or features
        • ❌ NO impersonation of other apps or entities
        • ❌ NO false claims about app functionality
        • ✅ Transparent about what our app does and doesn’t do
        • ✅ Honest marketing and app listings

        10.3 Device and Network Abuse – We Will NOT:

        • ❌ Interfere with other apps or device functionality
        • ❌ Alter device settings without user permission
        • ❌ Use excessive data, battery, or system resources
        • ❌ Display ads outside our app
        • ✅ Optimize for performance and battery efficiency

        10.4 User Data Protection – We Guarantee:

        • ✅ Transparent data collection practices (this policy)
        • ✅ Secure data transmission and storage
        • ✅ Limited data collection (only what’s necessary)
        • ✅ User control over their data
        • ✅ No selling of user data
        • ✅ Prominent disclosure of sensitive data access

        10.5 Sensitive Permissions Handling

        We handle sensitive permissions responsibly:

        • Request permissions only when needed (runtime permissions)
        • Explain why each permission is needed (in-app messages)
        • Allow users to deny permissions and still use core features
        • Never request permissions deceptively

        The App may contain links to third-party websites or services (e.g., educational resources, crisis hotlines).

        Important:

        • We are NOT responsible for the privacy practices of third-party sites
        • Third-party sites have their own privacy policies
        • We encourage you to review their policies before providing any information
        • Leaving our App to visit third-party sites is at your own risk

        12. Marketing and Communications

        12.1 Types of Communications

        Service Communications (Cannot opt-out):

        • Account verification emails
        • Appointment confirmations and reminders
        • Security alerts
        • Policy updates
        • Payment receipts

        Marketing Communications (Can opt-out):

        • New features and updates
        • Special offers or promotions
        • Wellness tips and resources
        • Surveys and feedback requests

        12.2 How to Opt-Out

        • Click “Unsubscribe” in any marketing email
        • Adjust notification preferences in App settings
        • Email preferences@pccfreemind.com
        • You’ll still receive essential service communications

        13. Analytics and Cookies

        13.1 Mobile App Analytics

        We use Firebase Analytics to understand app usage:

        • Data collected: Session duration, features used, user flows (anonymized)
        • Purpose: Improve app performance and user experience
        • NO personal identifiers are sent to analytics
        • You can opt-out in App settings → Privacy → Analytics

        13.2 Cookies (Web Version Only)

        If we launch a web version:

        • Essential cookies for functionality (cannot be disabled)
        • Analytics cookies (can be disabled)
        • No advertising or tracking cookies
        • Cookie consent banner will be displayed

        14. Data Breach Notification

        In the unlikely event of a data breach:

        Our Response:

        1. Immediate investigation and containment
        2. Assessment of affected data and users
        3. Notification to affected users within 72 hours via email
        4. Notification to relevant authorities as required by law
        5. Detailed explanation of what happened and what data was affected
        6. Steps we’re taking to prevent future breaches
        7. Recommendations for protecting yourself

        Your Actions:

        • Change your password immediately
        • Monitor your accounts for suspicious activity
        • Enable two-factor authentication
        • Contact us with any concerns

        15. California Privacy Rights (CCPA)

        If you’re a California resident, you have additional rights:

        • Right to know what personal information is collected
        • Right to know if personal information is sold (we DON’T sell data)
        • Right to delete personal information
        • Right to opt-out of sale (not applicable as we don’t sell)
        • Right to non-discrimination for exercising rights

        Contact for CCPA requests: privacy@pccfreemind.com with “CCPA Request” in subject line.

        16. European Union Users (GDPR)

        If you’re in the EU/EEA, you have additional rights under GDPR:

        • Right to data portability
        • Right to restriction of processing
        • Right to object to processing
        • Right to lodge a complaint with your local Data Protection Authority

        Legal Basis for Processing:

        • Consent (for optional features)
        • Contract performance (to provide services)
        • Legal obligation (to comply with laws)
        • Legitimate interests (to improve services, prevent fraud)

        Data Protection Officer: dpo@pccfreemind.com

        17. Updates to This Privacy Policy

        17.1 How We Notify You

        We may update this Privacy Policy periodically:

        • Minor changes: Updated on this page with new “Last Updated” date
        • Material changes: Email notification + in-app alert
        • You’ll be asked to review and accept major changes

        17.2 Version History

        We maintain previous versions of this policy:

        17.3 Continued Use

        Continued use of the App after changes means you accept the updated policy.

        18. Contact Us

        We’re committed to addressing your privacy concerns:

        For Privacy Questions or Requests:

        Response Time: Within 5 business days for initial response, 30 days for full resolution

        For Counselor-Related Issues:

        For Data Breaches or Security Issues:

        19. Governing Law

        This Privacy Policy is governed by the laws of Cameroon, including:

        • Law No. 2010/012 of 21 December 2010 relating to cybersecurity and cybercrime in Cameroon
        • Any applicable international data protection agreements

        Disputes shall be resolved under Cameroonian jurisdiction.

        By using PCC Freemind, you consent to:

        • This Privacy Policy
        • Our collection and use of information as described
        • Transfer of data as described in this policy

        If you do not agree, please do not use the App.

        Summary of Key Points

        ✅ We protect your privacy: Your data is encrypted and secure
        ✅ We don’t sell data: Your information is never sold to third parties
        ✅ You have control: Access, correct, or delete your data anytime
        ✅ Passwords are secure: We can’t see your password (one-way hashed)
        ✅ Transparent practices: We’re clear about what data we collect and why
        ✅ Counselor confidentiality: Your sessions are private and secure
        ✅ Minimal permissions: We only request necessary access
        ✅ You can delete your account: Full data deletion within 30 days

        Thank you for trusting PCC Freemind with your mental health journey. Your privacy and security are our top priorities.

        This Privacy Policy is effective as of January 10, 2025. Last updated: January 10, 2025.

        Version 1.0