For Therapists: Upheal Try Free ↗
Best AI Therapy

Privacy Policy

Last updated: 17 June 2026

Mental-health data notice: This site covers AI therapy and mental-health tools. Pages you visit may indicate a personal interest in mental health. We treat browsing activity on this site as sensitive data and apply the protections described below.

1. Who we are

The controller for personal data processed through this website is:

Stephan Kulik
111 Chlorakas Avenue, Shop 9, Suite 546, 8220 Chloraka, Paphos, Cyprus
A private individual based in Cyprus
Contact: [email protected]

We operate the website bestaitherapy.ai (also referred to as “Best AI Therapy”). The site is run by a private individual based in Cyprus, not a company. References to “we”, “us”, or “our” mean that operator.

2. What data we collect and why

2.1 Analytics (Google Analytics 4)

We use Google Analytics 4 (measurement ID: G-QBWHXTN1VT) to understand how visitors use our site. GA4 collects:

  • Pseudonymous device identifiers (client ID stored in _ga cookies)
  • Pages visited, time on page, scroll depth, clicks
  • Approximate geographic location (country/region level; IP address is anonymised by Google before storage)
  • Browser type, device type, operating system
  • Referral source (e.g. search engine, social media, direct)

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) — improving our editorial content and understanding audience needs, balanced against your interest in not being tracked. Where required by the ePrivacy Directive (and equivalent national laws), we rely on your consent obtained via our cookie consent mechanism.

Processor: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data may be transferred to the United States under the EU–US Data Privacy Framework. See Google’s Privacy Policy.

Opt-out: You can install the Google Analytics Opt-out Browser Add-on or decline analytics cookies in our cookie consent banner.

2.2 Affiliate click tracking

When you click an affiliate link on this site, we record an anonymised event (page path, partner name, link URL) via Google Analytics. We do not send your name, email address, or any personal identifier to affiliate networks through our own tracking.

If you proceed to click through to a third-party platform (e.g. Upheal, Wysa, Freed, SimplePractice, Alma, Mentalyc), that platform’s own privacy policy applies. Affiliate networks used include:

  • Refersion — used for Wysa (15% commission). Refersion may set its own tracking cookies.
  • Impact — used for Freed ($50/referral). Impact may set its own tracking cookies.
  • Direct referral links for Upheal ($300/referral), SimplePractice ($100+), Alma ($500), and Mentalyc (revenue share).

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) — receiving commissions that fund editorial operations.

2.3 Contact form / email

If you contact us at [email protected], we process your email address, name, and the content of your message. We use this solely to respond to your enquiry and retain messages for up to 3 years for audit and correction-request tracking.

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) — responding to correspondence.

2.4 Server / hosting logs

Our hosting provider automatically records standard access logs (IP address, request path, timestamp, response code) for security and infrastructure monitoring. Logs are retained for 30 days and are not used for profiling.

Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) — network security and service reliability.

3. Cookies

We use the following cookies. For full details see our Cookie Policy.

CookiePurposeDuration
_gaGA4 client identifier2 years
_ga_*GA4 session state2 years
top-bar-dismissed (sessionStorage)Dismiss top-pick barSession only
mobile-bar-dismissed (sessionStorage)Dismiss mobile CTA barSession only

4. Your rights under GDPR

If you are in the EEA, UK, or Switzerland you have the right to:

  • Access (Art. 15): request a copy of your personal data.
  • Rectification (Art. 16): correct inaccurate data.
  • Erasure (Art. 17): request deletion where data is no longer necessary.
  • Restriction (Art. 18): restrict processing while a dispute is resolved.
  • Portability (Art. 20): receive data in a structured, machine-readable format.
  • Object (Art. 21): object to processing based on legitimate interests, including profiling.
  • Withdraw consent (Art. 7(3)): withdraw any previously given consent at any time.
  • Lodge a complaint with the Office of the Commissioner for Personal Data Protection (Cyprus) (dataprotection.gov.cy), or with your local EU/EEA supervisory authority.

To exercise any of these rights, email [email protected]. We will respond within 30 days as required by Art. 12 GDPR.

5. Data transfers outside the EEA

Google Analytics and Refersion operate servers in the United States. Transfers are covered by the EU–US Data Privacy Framework and/or Standard Contractual Clauses. We do not otherwise transfer data to third countries.

6. Data retention

GA4 data: retained for 14 months (shortest available GA4 setting). Email correspondence: 3 years. Server logs: 30 days. Contact data is deleted on request.

7. Sensitive data

This site covers mental-health topics. We do not intentionally collect health data. If your use of the site could be inferred to relate to a health condition (e.g. visiting a page about a specific therapy app), we treat any analytics data derived from that visit as sensitive data under Art. 9 GDPR and apply proportionate protections, including anonymisation and restricted access.

We do not share any information about individual users’ site visits with healthcare providers, insurers, employers, or mental-health platforms.

8. Changes to this policy

We may update this policy to reflect changes in our practices or applicable law. Material changes will be announced on this page with an updated “Last updated” date. We recommend reviewing this page periodically.

9. Contact

For all privacy-related enquiries: [email protected]. We aim to respond within 5 business days and will always respond within 30 days as required by GDPR.

In crisis? Call 988 or text HOME to 741741 — free, confidential, 24/7