Skip to content

Data Privacy, Security & Trust

Your Data Is Your Client's Trust. We Treat It That Way.

Because the MyZoneMindset (MZM) app is central to IAPCF certification and ongoing practice, IAPCF and its technology partners are committed to the highest standards of data privacy, security, and transparency.

What Data Is Collected

  • Practitioner data: Name, credentials, contact information, practicum progress, and exercise-issuance logs used for certification and Global Registry listing.
  • Client data: Responses to assigned exercises (written reflections, self-assessment ratings, comments). Collected only when the client voluntarily completes an exercise.
  • Aggregate data: De-identified, aggregated engagement statistics for research and programme improvement. No individual client can be identified.

Who Can See What

  • Practitioners can view only the responses of their own clients.
  • Clients can view their own submissions and exercise history at any time.
  • The IAPCF Certification Board can access practicum completion data for certification decisions but does not routinely access individual client responses.
  • IAPCF staff and technology partners access data only as needed for platform operation and security.

Security & Infrastructure

  • All data encrypted in transit (TLS 1.2+) and at rest.
  • Access to production systems restricted to authorised personnel using multi-factor authentication.
  • Regular security reviews and vulnerability assessments.
  • Hosted on commercially reputable cloud infrastructure with industry-standard uptime.

Regulatory Compliance

IAPCF is headquartered in Singapore and operates under the Singapore Personal Data Protection Act (PDPA). Practitioners and clients in the EU are also protected under GDPR. Where other jurisdictions apply, IAPCF will comply with applicable local requirements.

Data Portability & Deletion

  • Practitioners can export their own practice data from the MZM app at any time.
  • Clients may request access to, correction of, or deletion of personal data by contacting membership@iapcf.org.
  • Deletion requests processed within 30 days, subject to legal retention obligations.
  • Upon credential lapse, certification records are retained; personal practice data may be deleted upon request.

Informed Consent

Before using the MZM app with clients, practitioners must obtain informed consent explaining what data will be collected, how it will be used, and who will have access. Template consent forms will be provided. Clients may withdraw consent at any time without penalty.

Platform Continuity

IAPCF maintains independent certification records separate from the MZM app. In the event of a platform transition, IAPCF will ensure continuity of all records and provide reasonable migration support.

Questions or Concerns

For data protection enquiries, access requests, or concerns, contact IAPCF at membership@iapcf.org. We will acknowledge all enquiries within 14 business days.

Data Protection Enquiries

Contact us at membership@iapcf.org for any data-related questions.

Contact Us