Privacy Policy
Last Updated: November 5, 2025
Effective Date: November 5, 2025
1. Introduction
Welcome to Psychedelic Safety Institute ("we," "us," "our," or the "Organization"). We are committed to protecting your privacy and handling your personal information responsibly.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website(s) https://www.psychedelicsafety.institute/ and use our services (collectively, the "Services"). Please read this policy carefully.
By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not access or use our Services.
2. Information We Collect
We collect information that you provide directly to us, information we obtain automatically when you use our Services, and information from third-party sources.
2.1 Information You Provide to Us
Organization Information:
Name (first and last)
Organization name
Profile information
Contact Information:
Name (first and last)
Email address
Phone number
Mailing address
Organization/affiliation
Communication Information:
Messages you send us through contact forms
Email correspondence
Survey responses
Feedback and comments
Newsletter subscription preferences
Project Information:
Name (first and last)
Organization name
Project information
2.2 Information We Collect Automatically
When you access or use our Services, we automatically collect certain information:
Device and Usage Information:
IP address
Browser type and version
Device type and operating system
Unique device identifiers
Pages viewed and time spent on pages
Links clicked and navigation paths
Referring/exit pages and URLs
Date and time of visits
Location Information:
General geographic location (country, state/province, city) based on IP address
Time zone
Cookies and Tracking Technologies:
See our Cookie Policy for detailed information about our use of cookies and similar technologies
Analytics Information:
Usage patterns and trends
Feature usage statistics
Performance metrics
Error logs and diagnostic information
2.3 Information from Third-Party Sources
We may receive information about you from third-party sources, including:
Public Databases:
Publicly available research publications
Professional directories
Public social media profiles
Service Providers:
Analytics providers (e.g., Google Analytics)
Payment processors
Email service providers
CRM platforms
Social Media Platforms:
If you interact with us on social media or link your social media account, we may receive information such as your profile information, friends list, and activity
Third-Party Integrations:
If you connect third-party services to our platform, we may receive information from those services in accordance with their privacy policies
3. How We Use Your Information
We use the information we collect for the following purposes:
3.1 Providing and Improving Our Services
Operate, maintain, and improve our Services
Process transactions and send related information
Provide customer support and respond to inquiries
Personalize your experience
Develop new features and functionality
3.2 Research and Analysis
Conduct research on psychedelic safety, policy, and access
Analyze trends in the psychedelic ecosystem
Generate aggregated, de-identified data for research publications
Evaluate program effectiveness
Create reports and data visualizations
3.3 Communication
Send administrative information (account updates, security alerts, support messages)
Deliver newsletters, educational content, and research updates (with consent)
Send event invitations and announcements
Respond to your requests and questions
Request feedback and conduct surveys
3.4 Marketing and Outreach
Promote our Services, events, and research
Send promotional communications (where permitted by law)
Measure and analyze marketing campaign effectiveness
3.5 Legal and Safety
Comply with legal obligations and respond to legal requests
Enforce our Terms of Service and other policies
Protect against fraud, abuse, and security threats
Protect our rights, privacy, safety, and property
Resolve disputes
3.6 Aggregated and De-Identified Data
Create anonymized, aggregated data for research, analysis, and public reporting
Share aggregate statistics about our user base and service usage
4. Legal Bases for Processing (For EEA/UK Users)
If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data based on the following legal grounds:
Consent: You have given clear consent for us to process your personal data for specific purposes (e.g., marketing communications, certain research activities)
Contract: Processing is necessary to fulfill our contract with you or take steps at your request before entering into a contract
Legal Obligation: Processing is necessary for compliance with a legal obligation
Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and interests. Our legitimate interests include:
Operating and improving our Services
Conducting research to advance psychedelic safety and policy
Marketing our Services
Detecting and preventing fraud and abuse
Understanding how our Services are used
5. How We Share Your Information
We do not sell your personal information. We may share your information in the following circumstances:
5.1 With Your Consent
We may share your information when you give us explicit permission to do so.
5.2 Service Providers and Vendors
We share information with third-party service providers who perform services on our behalf:
Hosting providers (e.g., Vercel)
Analytics services (e.g., Google Analytics)
Email service providers
Payment processors
CRM and database management systems
Customer support tools
Security and fraud prevention services
These service providers are contractually obligated to use your information only as necessary to provide services to us and to protect your information.
5.3 Research Collaborators
We may share de-identified or aggregated data with:
Academic institutions and researchers
Policy organizations
Public health agencies
Other research collaborators
When sharing individual-level data for research purposes, we will seek your explicit consent and ensure appropriate data protection agreements are in place.
5.4 Business Transfers
If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.
5.5 Legal Requirements and Safety
We may disclose your information if required to do so by law or if we believe such action is necessary to:
Comply with legal process (subpoenas, court orders, government requests)
Enforce our Terms of Service or other agreements
Protect the rights, property, and safety of our Organization, users, or the public
Detect, prevent, or address fraud, security, or technical issues
Protect against harm to the rights, property, or safety of our users or the public as required or permitted by law
5.6 Public Information
If you post content in public areas of our Services (e.g., public forums, comment sections, social media), that information becomes publicly available and may be collected and used by others.
5.7 Aggregated or De-Identified Data
We may share aggregated or de-identified information that cannot reasonably be used to identify you, without restriction.
6. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
Retention Criteria:
Account Information: Retained while your account is active and for a reasonable period thereafter
Communication Records: Retained as needed to provide support and comply with legal obligations
Research Data: May be retained indefinitely in de-identified form for research purposes
Analytics Data: Typically retained for 26-50 months or as specified by analytics providers
Marketing Data: Retained until you withdraw consent or request deletion
When we no longer need your information, we will securely delete or anonymize it.
7. Data Security
We implement reasonable administrative, technical, and physical security measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction.
Security Measures Include:
Encryption of data in transit (SSL/TLS)
Encryption of sensitive data at rest
Access controls and authentication
Regular security assessments
Employee training on data protection
Secure data storage with reputable service providers
However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.
8. Your Rights and Choices
Depending on your location, you may have certain rights regarding your personal information:
8.1 Access and Portability
You have the right to:
Access the personal information we hold about you
Request a copy of your information in a portable format
Request information about how we use your data
8.2 Correction and Update
You have the right to:
Correct inaccurate personal information
Update incomplete information
Update your account settings and preferences
8.3 Deletion (Right to be Forgotten)
You have the right to:
Request deletion of your personal information
Close your account
Note: We may retain certain information as required by law or for legitimate business purposes (e.g., to complete transactions, comply with legal obligations, resolve disputes).
8.4 Objection and Restriction
You have the right to:
Object to processing of your personal information for certain purposes
Restrict how we process your information
Opt out of marketing communications
8.5 Withdraw Consent
If we process your information based on consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before consent was withdrawn.
8.6 Data Protection Authority
If you are in the EEA or UK, you have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.
8.7 California Privacy Rights
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
Right to know what personal information is collected, used, shared, or sold
Right to delete personal information (subject to exceptions)
Right to opt out of the sale of personal information (we do not sell personal information)
Right to non-discrimination for exercising your rights
8.8 How to Exercise Your Rights
To exercise any of these rights, please contact us at:
We will respond to your request within the timeframe required by applicable law (typically 30-45 days).
8.9 Cookie Management
See our Cookie Policy for information about managing cookies and tracking technologies.
8.10 Marketing Communications
To opt out of marketing emails:
Click "unsubscribe" in any marketing email
Update your email preferences in your account settings
Contact us at hello@psychedelicsafety.institute
9. Children's Privacy
Our Services are not directed to children under 13 years of age (or the applicable age of digital consent in your jurisdiction, which may be 14-16 in some countries).
We do not knowingly collect personal information from children under the applicable age. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we learn we have collected information from a child under the applicable age without parental consent, we will take steps to delete that information.
10. International Data Transfers
We are based in the United States, and your information will be collected, processed, and stored in the United States and potentially other countries where our service providers operate.
Data Protection Standards: If you are located in the EEA, UK, Switzerland, or other jurisdictions with data transfer restrictions, please be aware that the United States and other countries may not have the same data protection laws as your jurisdiction.
We take steps to ensure appropriate safeguards are in place when transferring data internationally, including:
Standard Contractual Clauses approved by the European Commission
Adequacy decisions by relevant authorities
Other lawful transfer mechanisms
By using our Services, you consent to the transfer of your information to countries outside your country of residence.
11. Third-Party Links and Services
Our Services may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to those third-party services.
We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services before providing them with your information.
Third-party services we may link to or integrate with include:
Social media platforms
Payment processors
Research databases
Educational resources
Partner organizations
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.
When we make changes:
We will update the "Last Updated" date at the top
For material changes, we may provide additional notice (banner on our website, email notification, or prominent notice in our Services)
We encourage you to review this Privacy Policy periodically
Your continued use of our Services after changes become effective constitutes acceptance of the revised Privacy Policy. If you do not agree to the updated policy, you should discontinue use of our Services.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Psychedelic Safety Institute Attention: Privacy Officer Email: hello@psychedelicsafety.insitute
We will respond to your inquiry within a reasonable timeframe.
Additional Information for Specific Jurisdictions
For California Residents (CCPA/CPRA)
Categories of Personal Information Collected: See Section 2 for detailed information.
Business or Commercial Purposes: See Section 3 for detailed information.
Categories of Third Parties with Whom Information is Shared: See Section 5 for detailed information.
Sale of Personal Information: We do not sell personal information as defined by the CCPA.
Right to Opt Out: While we do not sell personal information, you can limit the use of cookies and tracking technologies through the options described in our Cookie Policy.
Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
Authorized Agent: You may designate an authorized agent to submit requests on your behalf. We may require proof of authorization.
For Nevada Residents
Nevada law gives consumers the right to opt out of the sale of their personal information. We do not sell personal information as defined by Nevada law. If you have questions, contact us at hello@psychedelicsafety.institute.
For EEA/UK Residents (GDPR)
Data Controller: Psychedelic Safety Institute. Email: hello@psychedelicsafety.institute.
Legal Bases for Processing: See Section 4.
Data Protection Authority: You have the right to lodge a complaint with your supervisory authority. Contact information for EEA data protection authorities can be found at: https://edpb.europa.eu/about-edpb/board/members_en
Data Retention: See Section 6.
Your Rights: See Section 8, which includes rights to access, rectification, erasure, restriction, portability, objection, and rights related to automated decision-making.
For Canadian Residents (PIPEDA)
We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). If you have questions about our privacy practices or wish to exercise your rights under PIPEDA, please contact us at hello@psychedelicsafety.institute.
Office of the Privacy Commissioner of Canada: https://www.priv.gc.ca/
This Privacy Policy should be read in conjunction with our Terms of Service and Cookie Policy.
