Privacy Notice

Last updated January 2025; effective from January 2025

🤝 About us

We are Spill App Ltd and are located at 9th Floor 107 Cheapside, London, United Kingdom, EC2V 6DN. We are registered on Companies House under number 10602161 with the ICO number ZA459842 — you can look us up in the ICO register here.

In the US, we are Spill Inc and are located at Corporation Trust Center, 1209 Orange Street, City of Wilmington, County of New Castle, Zip Code 19801.

If you have any questions about how we process your personal data then you can contact our DPO on dpo@spill.chat.

❓ What we do

Spill App Ltd provides all-in-one mental health support for employees. This includes one-to-one sessions, manager mental health training, and regular feelings check-ins — embedded into the company's Slack or MS Teams.

As a company dealing with sensitive issues to do with people’s mental health, we take privacy and confidentiality extremely seriously.

Spill processes your data for the purpose of offering our service, meaning remote sessions, wellbeing tools, and mental health content.

⚙️ Spill’s role

Principally, we’re a data controller with regards to the user data we collect for the purposes of providing the Spill services. If you’re based in the US, Spill Inc and Spill App Ltd are joint controllers for this data.

Being a controller means that we are trusted to look after and deal with your personal information in accordance with data protection law. We determine the ways and means of processing your data and must therefore be accountable for it.

However, in some cases we may also act as a data processor where your employer is the controller. When we first start to work with a company, the employer can do any of the following:
(1) Provide Spill with all employees’ Slack IDs so we can invite employees to Spill via the Spill Slack app;
(2) Provide Spill with all employees’ Microsoft Teams IDs so we can invite employees to Spill via the Spill MS Teams app;
(3) Provide Spill with all employees’ email addresses so we can invite employees to Spill via email
(4) Enable email domain access in which case employees can create their own accounts by logging in with their work email

In the cases of 1, 2 and 3 above, Spill can contact the employee (you!) to offer our Spill services. We are doing this on the instruction of your employer and are therefore a processor. In the case of 4, Spill does not invite employees to the platform and are therefore not processing data on behalf of your employer. In this case, we are only data controllers.

If you have questions about the invitation process via Slack, Microsoft Teams or email, please contact your employer.
‍
Note: If you are the organiser of a Team Check-in, then we are a processor for the data used to set up the invite by you. If you select a meeting, Spill will use the video link URL for that event in order to generate a Team Check-in URL. When setting up the meeting, Spill will only process the data you ask us to process and do this as a processor on behalf of your employer. For details about the information collected during Team Check-in, please see below.
‍
If you have any questions about how we handle your personal data, please email us at dpo@spill.chat.

🔒 Your rights

As a data subject you have rights in respect of our processing of your personal data when we are the controller of your data:
‍Your right of access - you have the right to ask us for copies of your personal information.
‍Your right to rectification - you have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
‍Your right to erasure - you have the right to ask us to erase your personal information in certain circumstances.
‍Your right to restriction of processing - you have the right to ask us to restrict the processing of your information in certain circumstances.
‍Your right to object to processing - you have the right to object to our processing your information if the legal basis is legitimate interests.
‍Your right to data portability - this only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under a contract, or in talks about entering into one, and the processing is automated.

If you want to exercise any of these rights, please just contact us on dpo@spill.chat. In the UK and the EU you also have the right to lodge a complaint about our processing with a supervisory authority.

In the UK that is the ICO whose details are here.

If you are an EU user then you also have the option to communicate with our EU Data Rep for any issues or to exercise your rights. Please see the section about our EU Data Rep.

🔎 How we process your data

As a general principle, we try to only collect the data we can’t function without — and delete it as soon as we no longer need it (unless we are legally obliged to keep it). We collect and use data at different stages during your interactions with Spill. Click on the stage that you are most interested in for more detail.
‍
In brief:
     We never share your data outside Spill unless it’s absolutely necessary.
     All your data is kept confidentially.
     We will never share data with your employer without your consent.

Onboarding onto Spill

If you are using Spill via the Slack or MS Teams Spill apps and you accept the invite and onboard onto Spill, we will collect your confirmation that you have accepted our Terms of Use and read this Privacy Notice.

If you are using Spill via email login, and you accept the invite and onboard onto Spill, we collect confirmation that you have accepted our Terms of Use and read this Privacy Notice.

If you are using Spill via email domain access and proactively create an account with Spill, we collect confirmation that you have accepted our Terms of Use and read this Privacy Notice. In this case, your employer has not invited you to the platform and therefore will not know whether or not you have access to Spill.

Like all digital services, once you are signed up to our Spill services our system automatically collects information about how you use our product. Analytics are obtained through Mixpanel and are used to improve Spill and to let Spill provide anonymous and aggregated reporting on service usage to its clients (your employer).

Spill will only share limited usage data (e.g. “13 people from your organisation have used Spill in the last month”) with its clients on request and this data will never reveal anything to employers about individual users of Spill.

When sessions are charged on a pay-as-you-go basis, you may be the only person at your company using Spill. We will therefore have to share data on your usage with the person who bought Spill for you. That means that whilst the content of therapy sessions remain completely confidential, your admin sees the bill and therefore will know when you start therapy, how many sessions through you are and when you finish. We remind you of this immediately after you sign up and ask that you agree to it before moving into the booking and message sending service.

Our lawful basis for processing this data is a combination of contract (you are signing up to our service), legitimate interest for analytics and aggregating data, and then consent to process any data about your mental wellbeing that you supply at this point.

We retain answers to these questions for seven years after you leave your employer or the Spill platform. We keep analytics and usage data until you leave your employer or the Spill platform.

If you use Spill services as a non- or ex-employee, we use your data in exactly the same way as above, but any reference to “your employer” refers instead to the company through which your access to Spill is provided.

If you move to paying for Spill sessions as a private client, rather than through your employer, no data will be shared with your employer. We will, however, also collect contact and payment details in order to take payment for any Spill sessions you have. Our lawful basis for processing this data is a combination of Contract and Legitimate Interest, and we will retain this data for 7 years after you stop using the platform.

Booking a session

‍When you book a session with one of our practitioners, we ask for a few pieces of information.

We will ask you for your name and an email address in order to send calendar invites and reminders for sessions. You are not required to use your work email address.

We also need a phone number to reach you on, in case the practitioner needs to get in touch, and the name and number of an emergency contact. This is because we hold ourselves to the standard of the UK’s BACP Ethical Guidelines. This means our practitioners have to contact the emergency contact in certain select circumstances – for example, if they believe a client might hurt themselves or someone else.

When you book, we will also ask for your age (to check you are above 18), your pronouns (optional), a bit about what brought you to Spill, whether you have used a similar service before and whether you are looking for a practitioner with a particular area of expertise or specialism — you can leave this blank, though, when you book. This is so the practitioner has a bit of context around the client and can tailor their approach as best as possible.

Finally we ask a bit about what you want to get out of therapy with Spill — you can leave this blank, though, when you book. This is so the practitioner has a bit of context around the client and can tailor their approach as best as possible.

Our lawful basis for processing this data is a combination of legitimate interest, so we can provide services to you, and your consent for any health data that you provide. We retain this data for 7 years after you stop using Spill services.

Attending a session by phone or video

When you attend a session, we record the date and time that the session was held. This is so we can see how many sessions are happening in total and make sure we pay practitioners the right amount for any sessions they have given.

When you attend a session or cancel a session, we store this under your Spill ID, away from your identifiable information. If you opt into Team Check-in, a practitioner will look at how you’re feeling and your session attendance when evaluating whether or not to send you a message reminding you of additional support.

The practitioner who holds the session is also required to keep notes on the content of the session, in a secure system confidential within the service. These notes will be kept for seven years after being logged, and will only ever be accessed when there is legitimate need to do so, for example if you ever want access to the notes for your own records, or if Spill or the counsellor is ever legally required to provide the notes. Because both Spill and the practitioner are independently obliged to maintain this data for legal reasons, we are considered to be Joint Controllers of these notes.

In the UK, Spill is bound by the Ethical Guidelines of the major UK bodies governing psychotherapeutic practice to keep all therapeutic conversations private and confidential within the boundaries set by UK law. Spill conversations between client and practitioner are confidential, but we have legal and ethical obligations.

For example, if a practitioner feels concerned about a client after a session, we would like to get in touch and offer additional support. Either our Clinical Supervisor or the client’s practitioner will get in touch with the client to follow up. If we can’t get in touch with the client we will try to get in touch with their emergency contact and, failing this, if deemed to be necessary we will get in touch with the emergency services. For more information on how this works in the UK, please have a look through our [Safeguarding Policy](https://www.notion.so/Archived-do-not-delete-Safeguarding-Policy-June-2022-v-3-0-36ff107e1df34106bd0654fd125c8a35?pvs=21).

In the US, in line with US law for mental health care, our practitioners will contact the emergency services if they believe you might hurt yourself or someone else. There are a small number of other extreme situations where they will also do this - they vary state by state, but in general, they cover situations involving the abuse or neglect of children or other vulnerable people.

If your practitioner feels a bit concerned about you (for instance, if you miss a session without notice after discussing a difficult situation with them), then they will seek advice from other clinicians in the service, such as the Spill Clinical Supervisor or the Clinical Lead, as is standard clinical practice. This means they'll share a summary of their concerns, which may also be shared with other Spill practitioners you speak with in the future: but the information remains confidential within the service.

After seeking advice, they may get in touch with you, to make sure you're OK. They will use the email address and phone number you gave Spill when you booked the session or any other contact details you gave them directly. We will never tell your employer or anyone else if this happens, unless you ask us to.

Following some sessions, we will ask you for feedback. This is entirely optional to fill in. We store this information in order to improve our services and give feedback to counsellors and, in some cases, to report back on satisfaction with Spill to your company Spill administrator, if you agree. Spill will always store your feedback against a unique user ID, and only share it with the people you have asked us to.

When you choose to share feedback with either your company Spill administrator or your therapist, Spill is the controller of this data. If you choose to include your name, we carry out a controller-to-controller transfer of your response to your company, otherwise it is shared anonymously.

When you choose to share feedback with others in a Slack or Microsoft Teams channel in your company workspace, Spill is the controller of this data. We carry out a controller-to-controller transfer of this data to the channel, at which point your company is also a controller.

When you choose to share feedback for your company to share on their careers page, Spill carries out a controller-to-controller transfer of this data to your company, at which point we act as the processor to host the data on their behalf, as well as having our own copy as a Controller for our own purposes.

When we process data about the appointment or ask you for feedback and process the results, our lawful basis is legitimate interest. When you share data about your mental wellbeing with our practitioners, our additional basis for processing is your public interest (Counselling). Should we need to share any data about you in an emergency then we will use vital interest as our lawful basis. We retain this data for 7 years.‍

‍Messaging a practitioner

When you submit a question to one of our practitioners, we store this under your Spill ID, away from your identifiable information, so not even the practitioner knows who has asked the question. Information held on your Spill ID is used in certain circumstances for triage purposes when you interact with Spill in the future.

We then send it to one of our practitioners to answer. Both the question and the answer are securely stored by Spill. This is so if you ever want to read back over your answer at some point in the future you can do so.

It also means we can see how many questions are being asked in total and therefore make sure we employ enough practitioners to be able to answer them.

When we process data about the question and answer or ask you for feedback and process the results, our lawful basis is legitimate interest. When you share data about your mental wellbeing with our practitioners, our additional basis for processing is your public interest (Counselling). Should we need to share any data about you in an emergency then we will use vital interest as our lawful basis. We retain this data for 7 years.

‍
When you have been invited to take part in a Team Check In

Your Spill administrator may choose to enable a Team Check-in on your Spill plan. When you take part in a Team Check-In, you can choose to be anonymous or share your responses with Spill and/or your company.

Sharing with Spill: If you log in with Slack then we will connect your responses to your user ID and store them so that we can track how you feel over time. If you do not log in with Slack then we cannot connect your responses to your user ID so your responses will be anonymous to Spill. We still store all responses (both anonymous responses and those linked to the user ID where you have chosen to log in) so we can identify why and when people choose not to log in. This helps us build a better product for users and admins.

Sharing with your company: You are able to choose whether you share all or some of your mood score (number between 1 and 10) and your emotions (pick up to 3 from 12 or enter your own in a free text field) with everyone who has access to join the call as well as whoever is responsible for Spill at your company (we call them company admins). If you choose not to share your responses, they will remain anonymous to your company. If you choose to share them, you can choose which ones you share and whether you want your name to appear next to them or ‘Anonymous’.

We also check in on how you’re doing week-on-week. When you submit check in responses, we store this under your Spill ID, away from your identifiable information. Our system then uses an algorithm to determine how you may be feeling and flag you to a therapist so they can contact you if appropriate. You can choose whether or not to take us up on the support – either way we’re always here if you ever need us.

Our lawful basis for processing this data is your consent. We retain this data for 7 years.

Note: If you are the organiser of Team Check-ins, then we are a processor for the data used to set up the invite by you. We will give you the option to connect Spill to your Google Calendar in order to make it easier for you to select the meeting which you wish to link to Spill. Spill will read a list of meetings from your Google Calendar in order to show these to you as options to choose from, but Spill does not store information about these events. If you select a meeting, Spill will use the video link URL for that event in order to generate a Team Check-in URL. When setting up the meeting, Spill will only process the data you ask us to process and do this as a processor on behalf of your employer.

When you attend a manager training session

When you book a manager clinic with one of our practitioners, we ask for a few pieces of information.

We will ask you for your name and an email address in order to send calendar invites and reminders for sessions. You are not required to use your work email address. We also need a phone number to reach you on, in case the practitioner needs to get in touch via phone (for example if your connection stops working during the call).

Finally, we ask a few questions around what brought you to the manager training. For example, we ask what your management experience has been to date. This is so the practitioner has a bit of context around the client and can tailor their approach as best as possible.

Our lawful basis for processing this data is legitimate interest, so we can provide services to you, and your consent for any health data that you provide.

We retain this data for 7 years from the date of the appointment.

W‍hen you book an ADHD assessment

When you make a request for an ADHD assessment via Spill, we will ask you for some context on how an ADHD assessment would help you. This is an optional question, and your response will be shared with your company admin to help them approve or deny your assessment request. You’ll also be able to choose whether you make this request anonymously or with your name.

If your request is approved, we’ll collect your bank details so you can pay for the agreed portion of the assessment. In order to book you in, we’ll share your name, email address and phone number with the psychiatric practice we use to carry out assessments. After this point, the Privacy Notice of our external practitioner applies.

We retain this data for 7 years after you stop using Spill services. Our lawful basis for processing this data is contract.

📦 What happens if our business changes hands?

We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, depending on the lawful basis, be permitted to use that data only for the same purposes for which it was originally collected by us.In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes.

🖊️ Changes to Our Privacy Notice

We may change this Privacy Notice from time to time (for example, if the law changes). We recommend that you check this page regularly to keep up to date.

If we make any material changes to the manner in which we process and use your personal data, we will contact you to let you know about the change.

🇪🇺 EU Data Rep

If you’re based in the EU/EEA and are an EU data subject or if you’re based in Switzerland and are an FADP data subject, you can raise questions about your personal data by either contacting our DPO on dpo@spill.chat or you can contact us via our EU GDPR Representative, DataRep:
datarequest@datarep.com