Privacy Policy

  1. About MSP Well

MSP Well is a not-for-profit organization based in Ontario, Canada. Our mission is to support mental health and wellness within the information technology and cybersecurity community through education, outreach, community events, resources and shared support. Because we work in a space where individuals may voluntarily share sensitive or personal experiences about stress or wellness, we maintain a strong commitment to privacy, dignity and responsible data management.

MSP Well is developing and operating a Privacy Information Management System aligned to ISO IEC 27701, the international privacy governance standard. This Privacy Policy explains how we collect, use, protect and disclose personal information.

  1. We Do Not Provide Health Care or Crisis Services

MSP Well does not provide clinical mental health care, diagnosis, crisis counseling, therapy or any form of regulated professional health service.

If you or someone else is in immediate danger or experiencing a mental health emergency, call 911 or your local emergency number immediately.
If you are outside North America, contact your local emergency services or the nearest crisis hotline in your region.

Any wellness related information shared with MSP Well is voluntary and nonclinical. It is never a substitute for professional mental health or medical care.

  1. Scope of This Privacy Policy

This Privacy Policy applies to personal information collected through:

  • MSP Well websites and digital platforms
  • Email newsletters
  • Event registrations and attendance
  • Online community platforms such as Facebook Groups, LinkedIn Groups, Discord or similar
  • Donation processing through authorized partners including Zeffy.com
  • Communications and inquiries from community members, volunteers, donors and partners
  • User account creation and online login systems

This Policy does not apply to:

  • Regulated health care services
  • Clinical intake forms
  • Diagnostic or therapeutic records
  • Personal health information governed under health specific legislation

MSP Well does not request or retain clinical information.

  1. Consent

By using our website, subscribing to communications, registering for events, donating, joining our online communities or creating a user account, you consent to the practices described in this Privacy Policy. You may withdraw consent at any time, subject to legal and contractual limitations.

  1. Global Jurisdiction and Applicable Law

MSP Well welcomes members from all over the world. Regardless of where you reside, MSP Well applies privacy principles modeled on ISO IEC 27701 to ensure consistent safeguards.

MSP Well operates under:

  • The privacy laws of Ontario
  • The Personal Information Protection and Electronic Documents Act (PIPEDA)


Where legally required, MSP Well extends supplemental protections under:

  • GDPR for individuals in the European Union
  • CCPA for residents of California
  • Other jurisdiction‑specific protections when they apply


When personal information is transferred across borders, MSP Well applies contractual, technical and organizational safeguards to protect the information.

  1. Personal Information We Collect

Identification and Contact Information

  • Name
  • Email address
  • Login credentials
  • City, province or state, country
  • Company and role

Engagement and Interaction Information

  • Event registrations and attendance history
  • Newsletter subscription details
  • Community group participation
  • Website usage analytics
  • Donation activity through third parties including Zeffy.com
  • Communications sent to MSP Well

Voluntary Wellness Related Information

You may choose to share nonclinical information about stress, burnout or your experiences in the IT community. This is entirely voluntary. Such information is treated as sensitive and is handled responsibly. We do not request or store clinical mental health records. 

  1. How We Use Personal Information

We use personal information to:

  • Operate and maintain our website and community programs
  • Communicate updates, newsletters and educational content
  • Facilitate event registration and attendance
  • Manage user accounts
  • Encourage community participation
  • Process donations through third parties including Zeffy.com
  • Respond to questions and requests
  • Support organizational governance and reporting
  • Prevent fraud, misuse or harm

We do not sell personal information.

  1. Sensitive Information and Responsible Handling

If you share nonclinical wellness information with MSP Well, we:

  • Use it only for the purpose you intended
  • Limit access to individuals required to support that purpose
  • Treat it as sensitive information
  • Avoid storing it longer than necessary
  • Never share it without your explicit consent unless legally required
  • Encourage you to seek professional care when appropriate

  1. Cookies and Digital Analytics


Our website uses cookies and related technologies to:

  • Support core website functionality
  • Improve user experience
  • Understand visitor engagement
  • Analyze trends and performance


You may manage cookies through your browser settings.

  1. Third Party Service Providers


MSP Well uses reputable service providers for:

  • Website hosting
  • Email newsletter management
  • Event platforms
  • Donation processing via third parties including Zeffy.com
  • Online community platforms
  • Analytics and engagement tools


These providers handle personal information according to their own privacy policies and are expected to maintain strong security practices.

We do not control how third-party social platforms use information you provide directly to them.

  1. Data Handling and Retention Schedule

MSP Well follows a structured Data Lifecycle Management process aligned to ISO IEC 27701. The following retention schedule applies:

Information Category

Examples

Retention

Purpose

Account Information

Email, login credentials, profile details

Active membership plus three years

Supports account continuity and security

Newsletter Records

Subscription data, engagement

Until unsubscribed plus two years

Consent tracking and communication history

Event Registrations

Attendance records, registration data

Seven years

Program evaluation and compliance

Donation Information
(via third parties)

Donor name, amount

Seven years or CRA requirement

Not for profit auditing and financial reporting

Community Engagement

Posts, activity logs, group membership

Duration of community membership plus one year

Safety, continuity and governance

Website Analytics

Cookies, IP, browsing data

Fourteen months

Usage analysis and service improvement

Partner and Vendor Data

Contact information

Duration of relationship plus seven years

Contract management

Voluntary Wellness Information

Any voluntarily shared nonclinical details

Purpose fulfilled plus one year

Treated as sensitive, minimized and securely destroyed

All data is securely deleted or anonymized at the end of its retention period.

  1. Security and ISO 27701 Alignment


MSP Well uses administrative, technical and physical safeguards to protect information, including:

  • Role based access control
  • Encryption for data in transit where applicable
  • Use of secure platforms
  • Privacy governance under ISO IEC 27701 principles
  • Vendor assessments
  • Confidentiality obligations for volunteers, advisors and board members

  1. Your Privacy Rights


Depending on your jurisdiction, you may have the right to:

  • Access your personal information
  • Correct inaccuracies
  • Withdraw consent
  • Request deletion
  • Request data portability
  • Restrict processing


MSP Well will respond to valid rights requests in accordance with applicable law.

  1. Children and Youth


MSP Well is intended for adults. We do not knowingly collect personal information from children under 13.

  1. Volunteer and Advisor Confidentiality Addendum


All volunteers, advisors, board members and facilitators agree to:

  • Maintain strict confidentiality regarding any personal information encountered
  • Use information only for authorized MSP Well purposes
  • Avoid storing or sharing information outside approved systems
  • Report suspected privacy breaches immediately
  • Respect confidentiality obligations indefinitely, even after their role ends


Access is granted only on a need-to-know basis.

  1. Contact Us


MSP Well Privacy Office
Email: privacy@mspwell.com
Website: https://www.mspwell.com

  1. Updates to This Policy


We may update this Policy periodically. When changes occur, the new version will be posted with an updated effective date.

Continued use of MSP Well services constitutes acceptance of the updated Policy

Help Us Change
the Culture.

The IT channel moves fast and the pressure is real. When we work together, we can build a culture that values mental wellness, supports open conversation and lifts the people behind the technology we all rely on.

Join the Community