Skip to main contentSkip to navigation
matchyourtherapymatchyourtherapy
MatchingTherapistsLearn
Start for freeStart
Loading...
MatchYourTherapy logomatchyourtherapy

Find the right psychotherapy in Austria – anonymous, free, and easy to understand.

Navigation

  • Home
  • About us
  • Knowledge & Self-Help
  • Pricing for Therapists

Legal

  • Security
  • Privacy Policy
  • Terms of Service
  • Imprint
  • Data Processing Agreement
  • Accessibility

Contact

  • info@matchyourtherapy.at
  • Instagram (opens in new tab)

In an acute crisis? Help is available right now.

If you or someone else is in immediate danger, contact one of these services NOW — they are free and reachable 24/7.

  • 142 — Telefonseelsorge (24/7 helpline)
  • 147 — Rat auf Draht (children & teens)
  • 0800 222 555 — Women's helpline against violence
  • 144 — Emergency services
See all emergency numbers →

© 2026 MatchYourTherapy. All rights reserved.

Made with in Austria

Privacy Policy

Information about the protection of your personal data

Table of Contents

  1. Data Controller
  2. Data Collection
  3. Legal Basis
  4. Health Data
  5. Third Parties & Data Transfer
  6. Automated Decisions
  7. Cookies
  8. Your Rights
  9. Data Retention
  10. Contact

1. Data Controller

The data controller responsible for data processing on this website is:

MMag. Dr. Gregor Studlar BA (MatchYour GmbH i.G.)

Domgasse 14

4020 Linz, Austria

datenschutz@matchyourtherapy.at

2. Data Collection

Account Data

During registration, we collect: Name, email address, encrypted password. For therapists additionally: Professional qualifications, practice address, specializations.

Matching Data

For therapy matching, we collect information about: Therapy preferences, format preferences (online/in-person), location, preferred language. This data is processed anonymously and not shared with therapists unless you explicitly consent.

Usage Data

IP addresses are processed only transiently from request headers for rate-limit checks and spam protection; they are not stored in our database. Browser type, operating system, access times and pages visited are recorded as standard hosting logs by our hosting provider Vercel (retention see section 9).

3. Legal Basis

  • Art. 6 (1) a GDPR:Consent (e.g., newsletter, sharing matching results)
  • Art. 6 (1) b GDPR:Contract fulfillment (account management, matching service)
  • Art. 6 (1) c GDPR:Legal obligations (invoice retention)
  • Art. 6 (1) f GDPR:Legitimate interests (security, fraud prevention)

4. Special Category: Health Data

During the matching process, you may voluntarily provide information about your mental well-being. This data is subject to special protection under Art. 9 GDPR.

  • Processing only with your explicit consent (Art. 9 (2) a GDPR)
  • Contact-inquiry contents (name, email, phone, message, matching answers) are stored in our database encrypted with AES-256-GCM; the key is held exclusively on our application server and is never transmitted to any subprocessor
  • No third-party access without your release
  • Deletion possible at any time upon request

5. Third Parties & Data Transfer

We use the following service providers who process data on our behalf:

Vercel Inc.

Hosting (servers in Frankfurt, EU). Additionally Vercel Web Analytics and Speed Insights for page views and performance metrics – both only with your consent.

Stripe Inc.

Payment processing (SCC, certified)

Brevo (Sendinblue SAS)

Delivery of transactional emails (registration confirmation, contact-inquiry notification, password reset) as well as email marketing lists for registered therapists (servers in France, EU). You can unsubscribe at any time via the unsubscribe link in every marketing email or by deleting your account.

Cloudinary

Image optimization & storage

Neon

Database (PostgreSQL, EU servers)

Anthropic PBC

AI analysis for matching using Claude models (USA/SCC) – only pseudonymized therapy preferences, see "Special Protection for AI Processing" below

Unsplash Inc.

Embedded stock photos (USA/SCC) – when loading images, your IP address may be transmitted to Unsplash

PostHog Inc.

Web analytics (EU servers) – both client-side and server-side only with your consent

Special Protection for AI Processing

For AI-powered matching, we use Anthropic PBC (USA). To protect your privacy, we have implemented the following technical measures:

  • Automatic pseudonymization: Before each API call, structured fields (name, city) are replaced with placeholders (e.g. [NAME], [CITY_T]). Free-text inputs are additionally scrubbed by regex filters: email addresses, Austrian phone numbers (+43/06xx), street addresses and postal code-city combinations are automatically detected and replaced with placeholders such as [EMAIL], [PHONE], [ADDRESS] and [LOCATION].
  • Reduced identifiability: Anthropic only receives pseudonymized therapy preferences (categories, scores, methods) from which typical identification features have been removed. When therapist and patient are in the same city, this is communicated as contextual information without revealing the actual city name.
  • No training with your data: Under Anthropic's terms of service for API customers, your data is not used to train the Claude models.
  • Limited retention: By default, Anthropic retains API inputs for up to 30 days for abuse monitoring and then deletes them. Because we pseudonymize before every call, those logs contain no identifying patient data.

These technical measures are designed to prevent the transmission of identifying personal data to Anthropic. Structured fields (name, city) are replaced with fixed placeholders, and free-text inputs are additionally filtered through regular expressions. The filtering is verified through automated tests.

Data processing agreements according to Art. 28 GDPR or corresponding data protection agreements exist with all service providers that process personal data on our behalf.

International Data Transfers (Schrems II)

Some of our service providers are based in the USA or other third countries. We have implemented the following safeguards for these transfers:

  • EU Standard Contractual Clauses (SCC) according to Art. 46 (2) c GDPR
  • Supplementary technical measures (encryption, pseudonymization)
  • Transfer Impact Assessments (TIA) for each US provider
  • Preference for EU server locations where possible

Providers in EU/EEA: Vercel (hosting in Frankfurt), Brevo (France, EU), Neon (EU), PostHog (EU). Providers with SCC: Stripe, Cloudinary, Anthropic, Unsplash, Vercel (Analytics/Speed Insights run on US infrastructure). Image uploads are processed exclusively through our server — your IP address is not transmitted to Cloudinary. For Anthropic, we implement additional technical filtering measures (see above). Analytics tools (PostHog, Vercel Web Analytics, Vercel Speed Insights) are only activated with your consent, both client-side and server-side.

6. Automated Decision-Making

In accordance with Art. 22 GDPR, we inform you about the use of automated decision-making:

AI-powered Matching

Our matching algorithm uses artificial intelligence to suggest suitable therapists. These suggestions are based on your therapy preferences, preferences, and location.

Your Rights

  • Matching results are recommendations, not binding decisions
  • You freely decide which therapists to contact
  • You can request a manual review of results at any time
  • You can express your point of view and contest the decision

For a manual review or questions about our automated systems, contact us at: datenschutz@matchyourtherapy.at

7. Cookies

Our website uses cookies. We distinguish between:

Necessary Cookies

Session cookies for login and security. These are required for website operation.

Functional Cookies

Store your preferences like language and theme. Only with your consent.

Analytics Cookies (optional)

With your explicit consent, we use the following analytics tools to improve our service:

  • PostHog (EU servers): Analysis of user behavior to optimize the matching process. Provider: PostHog Inc., data is processed on EU servers.

These tools are only activated after your active consent in the cookie banner. You can withdraw your consent at any time.

You can change your cookie settings at any time via the cookie banner or in your browser.

8. Your Rights

According to GDPR, you have the following rights:

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure (Art. 17)
  • Right to restriction (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object (Art. 21)

Right to Complain

You have the right to complain to the Austrian Data Protection Authority:

Austrian Data Protection Authority
Barichgasse 40-42, 1030 Vienna
dsb@dsb.gv.at

9. Data Retention

  • Account dataUntil account deletion
  • Contact inquiries – content (name, email, phone, message, symptom free-text)30 days after receipt; these fields are then automatically purged from our database by a daily cron job. The email notification that was sent to the therapist at the time of the inquiry is subject to the therapist's professional confidentiality obligation and is not covered by this deletion.
  • Contact inquiries – pseudonymized metadata (therapist ID, timestamp, topic buckets, severity bucket, 2-digit postcode bucket)Unlimited for aggregated statistics – contains no identifying patient data, but still counts as pseudonymized under Art. 4 (5) GDPR.
  • Matching session data (wizard answers, if not submitted)12 months after last use
  • Billing data7 years (legal retention requirement)
  • Server logsVercel Hobby plan: approx. 1 hour; longer accordingly on plan upgrade

10. Data Protection Contact

For questions about data protection or to exercise your rights, please contact us at:

datenschutz@matchyourtherapy.at

We will respond to your request within 30 days.

Last updated: May 2026