1. Introduction
Treat ("we", "us", or "our") operates the Treat platform, including the website and mobile application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Service.
By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our Service.
2. Information We Collect
2.1 Information You Provide
- Account information: Name, email address, phone number, and password when you create an account.
- Profile information: Profile photo, location, and any additional information you choose to provide.
- Booking information: Service preferences, appointment dates, notes, and health-related preferences necessary to facilitate bookings.
- Professional credentials: If you register as a health professional — licence number, qualifications, service area, and availability.
- Communications: Messages you send through our platform, support requests, and feedback.
- Payment information: Payment details are processed by our third-party payment provider (Maaly). We do not store full card numbers or CVV codes.
2.2 Information Collected Automatically
- Device information: Device type, operating system, and app version.
- Usage data: Pages visited, features used, time spent, and interactions with the Service.
- Log data: IP address, browser type, and error logs.
3. How We Use Your Information
We use your personal information to:
- Create and manage your account
- Facilitate bookings between customers and health professionals
- Process payments securely via our payment provider
- Send booking confirmations, reminders, and service-related communications
- Provide customer support and respond to enquiries
- Improve our Service through analytics and feedback
- Comply with legal obligations
- Detect and prevent fraud or abuse
- Send marketing communications (only with your consent, and you may opt out at any time)
4. Legal Basis for Processing (GDPR)
If you are in the European Economic Area, we process your data on the following legal bases:
- Contract performance: To provide the booking service you have requested.
- Legitimate interests: To improve our service, prevent fraud, and maintain platform security.
- Consent: For marketing communications and optional data processing.
- Legal obligation: To comply with applicable laws and regulations.
5. Sharing Your Information
We do not sell your personal information. We may share it only:
- With health professionals: We share relevant booking details (name, appointment time, notes) with the professional you book.
- Payment processing: Maaly processes payments on our behalf and is subject to their own privacy policy.
- Service providers: Trusted third parties who help operate our platform (cloud hosting, analytics, support tools), bound by confidentiality agreements.
- Legal requirements: When required by law, court order, or to protect the rights and safety of Treat, our users, or the public.
- Business transfers: In the event of a merger or acquisition, your information may be transferred with notice to you.
6. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. You may request deletion of your account at any time. We may retain certain information for up to 7 years as required by New Zealand financial and health regulations. Anonymised and aggregated data may be retained indefinitely.
7. Your Rights
Depending on your location, you may have the following rights:
- Access: Request a copy of your personal data.
- Correction: Request correction of inaccurate data.
- Deletion: Request deletion of your data ("right to be forgotten").
- Portability: Request your data in a machine-readable format.
- Objection: Object to processing for marketing or legitimate interests.
- Restriction: Request restriction of processing in certain circumstances.
- Withdraw consent: Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact us at privacy@treat.co.
8. Data Security
We implement industry-standard security measures including:
- TLS/SSL encryption for all data in transit
- Encrypted storage for sensitive data
- Access controls and authentication requirements
- Regular security reviews
No method of transmission over the internet is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your information using commercially reasonable means.
9. Children's Privacy
Our Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.
10. Third-Party Services
Our Service integrates with:
- Maaly — Payment processing. See Maaly's Privacy Policy.
- Anthropic Claude — AI-powered support chat. Conversations may be processed by Anthropic in accordance with their privacy policy.
We are not responsible for the privacy practices of third-party services. We encourage you to review their policies.
11. International Data Transfers
Treat operates primarily in New Zealand. If you access the Service from outside New Zealand, your information may be transferred to and processed in New Zealand or other countries. We ensure appropriate safeguards are in place for international transfers.
12. Cookies
We use session cookies and local storage to maintain your login session and preferences. We do not use third-party tracking cookies. You can disable cookies in your browser settings, though this may affect functionality.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated date, and where appropriate, by email. Continued use of the Service after changes constitutes acceptance.
14. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact us: