PsiloScreen
PsiloScreen
Privacy

Privacy Policy

How we collect, use, and protect your information

Last updated: February 17, 2026Effective: February 17, 2026

This Privacy Policy explains how Entheology Project, as the operator of PsiloScreen.me, collects, uses, shares, and protects information related to your use of our psilocybin harm-reduction screening tool. This policy complies with the GDPR, the UK GDPR, the CPRA, and applicable privacy regimes in Canada (PIPEDA), Australia, and New Zealand.

1. Scope and Legal Status

PsiloScreen.me is an educational harm-reduction tool designed for informational purposes only. We do not provide medical advice, diagnosis, or clinical treatment. Any information collected is used solely to improve the educational and screening services we provide.

2. Data Categories Collected

We collect the following types of information:

a. Personal and Technical Data

  • Browser type, device information, IP address
  • Session data, cookies, and user interaction analytics

b. Health and Genetic Information (Special Category Data)

  • Self-reported health, age, risk factors, or reaction history related to psilocybin use
  • Optional genetic or familial mental health history if provided voluntarily

c. Contact or Account Information (if applicable)

  • Email address, username, password, or feedback communications

3. Lawful Basis for Processing

Under GDPR Article 6(1):

  • Processing of general user data is based on legitimate interests (GDPR Art. 6(1)(f)).
  • Processing necessary to deliver requested screening services is based on contractual necessity (GDPR Art. 6(1)(b)).

For special category data (health/genetic), processing occurs only with your explicit consent (GDPR Art. 9(2)(a)).

4. Consent and Withdrawal

You must explicitly consent before submitting any health or genetic information. Consent may be withdrawn at any time by contacting [email protected] or using on-site tools. Withdrawal does not affect prior lawful processing.

5. Purposes of Processing

We use your data to:

  • Generate harm-reduction screening insights based on self-reported inputs
  • Conduct anonymized analytics to enhance accuracy and safety tools
  • Maintain system security and detect misuse or technical issues

We do not use health or genetic data for advertising or profiling.

6. Data Minimization and Anonymization

We follow data minimization principles under GDPR Art. 5(1)(c). Screening data is stored only as needed to provide the service and may be de-identified or aggregated for research or statistical analysis.

7. Retention and Deletion

Data is retained for the shortest period necessary:

Anonymous sessions

Deleted within 30 days

Account-based data

Up to 12 months post last activity

Server logs

Anonymized within 90 days

Users may request deletion at any time under GDPR Art. 17 and Cal. Civ. Code § 1798.105.

8. International Transfers

If data is transferred outside the EEA, UK, or Canada, transfers are governed by Standard Contractual Clauses (SCCs) and equivalent mechanisms ensuring adequate protection (GDPR Art. 46(2)(c)).

9. Sharing and Disclosure

We do not sell personal data. Limited sharing occurs with vendors providing hosting, analytics, or communication services, under written data protection agreements. Where required by law, data may be disclosed to authorities.

10. Security Measures

We implement appropriate technical and organizational measures per GDPR Art. 32, including encryption, pseudonymization, and role-based access controls.

11. Your Rights

Depending on jurisdiction, you may have the right to:

  • Access your data (GDPR Art. 15; Cal. Civ. Code § 1798.110)
  • Correct inaccuracies (GDPR Art. 16; Cal. Civ. Code § 1798.106)
  • Delete your data (GDPR Art. 17; CPRA § 1798.105)
  • Withdraw consent (GDPR Art. 7(3))
  • Data portability (GDPR Art. 20)
  • Object to certain processing (GDPR Art. 21)

Requests can be made through [email protected]

12. CPRA Disclosures

Under Cal. Civ. Code § 1798.121, we disclose that we collect and use sensitive personal information (health/genetic data) only for the purposes of screening and safety enhancement and do not use it for advertising.

13. Children's Privacy

PsiloScreen.me is not designed for individuals under 18. We do not knowingly collect data from minors.

14. Policy Updates

We may update this Policy periodically to comply with evolving regulations. Changes will be posted with a new effective date.

15. Contact

Data Controller:

Entheology Project, Inc.
2021 Fillmore St PMB 2035
San Francisco, CA 94115
Email: [email protected]

If you are based in the EEA or UK, you may lodge a complaint with your local data protection authority under GDPR Art. 77.

Also review our Terms & Conditions

Understand your full rights and obligations

Read