Taking care of your team’s privacy
Security, safety and privacy underpin everything we do at Auntie.
As a mental health service, our work impacts the private, personal and professional lives of our users - so we take every precaution to keep their data and information safe.
Auntie sessions are 100% confidential
We don't update data to government health registries
We don't share personal information with your employer
You can use Auntie completely anonymously
We’re certified by an industry-leading security provider
On a company-wide level, our ISMS is ISO 27001 certified by Nixu. This demonstrates that Auntie manages its information security and applies best practices across the board.
Auntie security and privacy
For a more detailed view, have a read of our Terms and Policies. For frequently asked questions for employers and employees, you’ll find the answers below.
We conduct tests and audits using an external, independent security expert(s). Technical audits have been performed in 2019, 2020 and 2021. The ISO27001 certification audit was done in 2021. In addition to audits, information security is taken into account in daily work, both in technology development, employee training and processes.
Both the technical information security, the selected tools and the operational processes meet the requirements of the GDPR of 25 May 2018.
Privacy for Auntie end users
The following information is stored in Auntie’s data system:
- your name
- your email address
- your phone number
- your answers to the surveys (start and end surveys, session feedback)
- your goals in the follow-up form (if follow-up form is used)
- your package and the language you select
- the name of your Auntie Professional
- the name of your employer
The data can only be accessed with a username of an authorized employee, professional or partner. There are different levels of access and each user is only granted access to information that’s necessary for the task at hand. Access to the information is limited to those for whom it is essential for the provision of the service. All Auntie professionals have signed a non-disclosure agreement and are bound by strict confidentiality. All access rights are checked regularly.
No personal information is ever shared with supervisors, management or authorities. Group-level reports can be formed with only groups consisting of at least ten people and any identifiable information is destroyed before forming such reports which makes it impossible to identify individuals.
The video meeting system is secure. The connection is secure and no one outside the room can listen, see or participate in the conversation. We use the Whereby system, you can read more about Whereby’s security and privacy practises here.
No, your information is not transferred to any government health system.
The information Auntie collects and stores is customer information. For example, Auntie doesn’t ask or store information about medical diagnoses. In addition, it’s possible to have your data removed from Auntie’s data system upon request.
The data inspection request can be sent to firstname.lastname@example.org. Unless otherwise requested, the information will be sent via encrypted email. Exercising your right of data inspection is free of charge.
Send a request to delete the data to the e-mail address email@example.com. We will inform you when the data has been deleted. Data will be deleted from the database as soon as possible after the request and all backups will be deleted within 30 days of deletion.