Privacy Policy
Last updated: March 2026
MindHaven respects your privacy and is committed to protecting your personal data. This policy explains how we collect, use, and safeguard information when you use our website and services.
MindHaven is operated in the United Kingdom and complies with the UK General Data Protection Regulation and the Data Protection Act 2018.
1. Who We Are
MindHaven is a platform that helps neurodivergent individuals discover welcoming spaces and activities. We also provide environmental comfort analysis using open data.
For the purposes of data protection law, MindHaven acts as the data controller for personal data collected through this website.
If you have any questions about this policy, contact us at: hello@mindhavenuk.com
2. What Information We Collect
We collect only the information necessary to operate our service.
Information you provide directly
- Name
- Email address
- Organisation name, where relevant
- Booking details
- Messages submitted through contact or feedback forms
Booking information
When you book an activity through MindHaven, we may process the activity selected, date and time, and accessibility notes provided voluntarily. We share relevant booking information with the partner venue to fulfil your booking.
Technical information
We may collect limited technical data such as IP address, browser type, and device type. This information is used for security and system performance purposes only.
3. What We Do Not Collect
MindHaven does not sell personal data, use advertising tracking, use behavioural profiling, collect health records, or track users across third party websites.
ComfortScore calculations are based solely on open environmental data and do not rely on personal tracking or behavioural surveillance.
4. How We Use Your Information
We use personal data to process bookings, respond to enquiries, provide customer support, improve platform reliability, and maintain security. We do not use your data for unrelated marketing purposes.
5. Legal Basis for Processing
Under UK GDPR, we rely on the following lawful bases: contractual necessity to process bookings, legitimate interest to maintain and improve the platform, and consent where you voluntarily provide information. You may withdraw consent at any time.
6. Data Sharing
We share personal data only when necessary. This may include partner venues to fulfil bookings, technical service providers who support website hosting, and payment processors where applicable. We do not sell or rent personal data to third parties.
7. Data Storage and Security
Personal data is stored on secure cloud infrastructure. We use reasonable technical and organisational safeguards to protect data from unauthorised access, loss, or misuse. Access to data is restricted to authorised personnel only.
8. Data Retention
We retain personal data only for as long as necessary to provide services, comply with legal obligations, and resolve disputes. Users may request deletion of their data at any time.
9. Your Rights
Under UK data protection law, you have the right to access your personal data, correct inaccurate data, request deletion, restrict processing, object to processing, and lodge a complaint with the Information Commissioner’s Office.
The ICO can be contacted at: https://www.ico.org.uk
10. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be published on this page with a revised date.