Privacy Policy

A Possible Space Ltd. ("we", "us", "our") operates Parts, a tool for therapists practising Internal Family Systems (IFS) to map their clients' inner worlds. This policy explains what personal data we handle, why, who we share it with, how long we keep it, and the rights you have. We've tried to write it in plain language; if anything is unclear, contact us at us@possible.space.

This is one of three documents that fit together: this Privacy Policy (how we handle personal data), the Terms of Service (the rules for using Parts), and the Data Processing Agreement (the data-protection contract between you and us for your clients' data, which prevails on data-protection matters).

• Controller: A Possible Space Ltd., company number 11617016, registered in England & Wales, registered office: The Old Bakery, 90 Camden Road, Tunbridge Wells, England, TN1 2QP.
• VAT number: GB364357384.
• ICO registration: ZC166893.
• Data-protection contact: us@possible.space. We are not required to appoint a Data Protection Officer; this address reaches the person responsible for data protection.
• Effective date: 2026-06-10. Version: 2026-06-05.

1. Our two different roles

Parts is used by therapists, who create an account and record information about their clients. Your clients do not have accounts — the therapist enters everything. This gives us two distinct roles, and which one we're in changes who is responsible for what:

• For a therapist's clients' information (the Maps they build), the therapist is the data controller — the person who decides what client information to record and is legally responsible for it. We are the **data processor** — we hold and handle that information only on the therapist's instructions, and never use it for our own purposes. The terms of that arrangement are in our Data Processing Agreement.
• For a therapist's own account, billing and marketing information, **we are the controller**, and this policy describes how we handle it.

Where client information comes from. We do not collect client information directly from clients — there is no way for a client to give it to us. It is entered into Parts by the client's therapist, who is its controller and the source of it. If you are a client wanting to know how your information is used, or to exercise your rights over it, please contact your therapist; we will support them in responding to you.

2. The information we handle

2.1 Therapist account information (we are the controller)

• Your email address, username, and display name.
• A securely hashed version of your password (we never store it in readable form).
• Whether you are a member of our Founding Circle (our early-practitioner cohort).
• Your billing status (a "paid-through" date).
• Account timestamps, including when your account was created and updated and, if you ask us to erase it, when you requested and we completed that.

Providing this information is necessary to enter into and run our contract with you; without it we cannot create or maintain your account.

2.2 Client and Map information (we are the processor)

Recorded by the therapist about their client, and provided to us by the therapist. We hold it on the therapist's behalf and treat it as the most sensitive category of data:

• The Map itself and its title (which a therapist may use to identify a client).
• Each Part: its type (manager, firefighter, exile, or unknown), its label, a free-text description, an optional body location, free-text notes, and its position on the canvas.
• Each Relationship between Parts: its type and optional notes.
• A full version history of the above — every change is retained so the Map can be reviewed over time.

This is information about a client's mental health — a **special category of personal data** under data-protection law — and may include free-text clinical notes and somatic (body-location) details. The therapist, as controller, is responsible for having a lawful basis (and any necessary consent) to record it. See section 4 on children.

2.3 Technical information

• Server logs, which may include your email address, kept to operate and secure the service.
• One essential session cookie that keeps you signed in (see section 10).

2.4 Waitlist information

If you joined our waiting list, we hold the email address you gave us, so we can tell you when Parts is available.

3. Why we use it, and our lawful bases

InformationPurposeLawful basis (for data we control)Account informationProvide and secure your accountPerformance of our contract with youBilling informationBill you and manage your subscriptionPerformance of our contract with youServer logsOperate, debug, and secure the serviceOur legitimate interest in a reliable, secure serviceWaitlist emailTell you when Parts is availableYour consentClient / Map informationProvide the mapping service to the therapistWe are the processor; the therapist holds the lawful basis (and, for special-category data, an Article 9 condition)

We do not carry out any automated decision-making or profiling.

4. Children's information

IFS is practised with adults, adolescents, and children, so a therapist may record information about a client who is a child. Where that happens, the therapist (as controller) is responsible for the lawful basis and for any parental or guardian consent required. We process such information only on the therapist's instructions. We do not knowingly collect information directly from a child — the only people who use Parts directly are adult professionals.

5. Who we share information with

We do not sell your information. We share it only with the service providers ("sub-processors") we rely on to run Parts, each bound to protect it and to use it only for the service:

ProviderWhat they doWhereWhat they receiveHetzner Online GmbHHosting and databaseFalkenstein, Germany (EU)All data, stored on our behalfScalewayEncrypted off-site backupsParis, France (EU)A full backup copy, encrypted before it leaves us so they cannot read itStripePayment processingUS (and EU/UK)Therapist billing details only — no client or clinical dataPlausible AnalyticsPrivacy-friendly, cookieless analytics on our public websiteEUPage addresses, referrer, approximate location, device type — no cookies. We do not run analytics inside the signed-in app.FastmailEmail (invitations and operational alerts)US / AustraliaTherapist email addresses

We may also disclose information where the law requires it (for example, a valid legal request), or to establish, exercise, or defend legal claims.

6. Sending information outside the UK/EEA

Most of your information stays in the EU — our systems and backups are in Germany and France. A small amount goes to two providers outside the UK and EEA (Stripe and Fastmail). When it does, it is protected by the standard safeguards regulators require: for Fastmail, the UK International Data Transfer Agreement / EU Standard Contractual Clauses; for Stripe, those plus the EU-US and UK Data Privacy Framework. You can ask us for a copy of the relevant safeguard at us@possible.space.

7. How long we keep it

InformationRetentionClient / Map informationFor as long as the Map exists; deleted when the therapist or account is erasedAccount informationFor the life of your accountInvitationsKept while your account exists, and erased with itWaitlist emailUntil you are invited and onboarded, you ask us to remove it, or 24 months — whichever is soonestServer logs30 daysBackupsA rolling 30 days

When you erase information, it disappears from our live systems straight away and is gone from our encrypted backups within 30 days. After erasure we keep only anonymised records that can no longer identify anyone (for example, internal change logs re-attributed to a placeholder) — these are no longer personal data.

8. How we protect it

We use boring, proven technology and keep our security measures in proportion to how sensitive this data is:

• Encryption in transit (HTTPS) and at rest, and encrypted off-site backups that are encrypted before they leave us, so our backup provider cannot read them.
• Access controls that limit access to authorised, named personnel on a least-privilege basis, and that scope each therapist's Maps to that therapist.
• Staff and contractors are bound by confidentiality obligations.
• An audit log of changes to clinical records, and a dedicated, restricted code path for erasure.
• We keep clinical content out of our operational logs and error alerts — these record only technical details, never a client's notes.

No system is perfectly secure, but data safety is a primary concern in how Parts is built and run. If a breach affects information we control and is likely to be a risk to you, we will notify the ICO without undue delay (within 72 hours where required) and tell you if the risk to you is high.

9. Your rights

For information we control (your account, billing, and marketing data) you have the right to: access a copy; correct it; erase it; receive it in a portable format; and restrict or object to certain processing. Where we rely on our legitimate interest (server logs), you can object to that processing. Where we rely on your consent (for example, the waiting list), you can withdraw it at any time by emailing us@possible.space; withdrawing does not affect processing we carried out before you withdrew.

To exercise any of these, contact us@possible.space. We respond within one month.

For a client's information, the therapist is the controller — a client should contact their therapist, and we will help the therapist respond.

You can also complain to the UK's data-protection regulator, the **Information Commissioner's Office (ICO)**, at ico.org.uk — though we'd appreciate the chance to put things right first.

10. Cookies

Parts uses a single strictly-necessary cookie: an encrypted session cookie that keeps you signed in. We use no advertising or tracking cookies, and our website analytics (Plausible) work without cookies. Because the only cookie is essential to providing the service, no cookie-consent banner is required.

11. Marketing

We send service emails (such as invitations, billing, and security notices) as part of providing Parts. If you joined our waiting list, we'll email you when Parts is available, because you asked us to. We do not send a marketing newsletter; if that ever changes, it will be opt-in, with an easy way to unsubscribe.

12. Changes to this policy

We may update this policy. Each version carries a date, and material changes are listed in the "Changes" section below. Where a change is significant, we'll ask you to review and re-accept it when you next sign in.

13. Contact

Questions, requests, or concerns: us@possible.space, or write to A Possible Space Ltd. at the registered office above.

Changes to this policy

• 2026-06-05 — Initial version.