Privacy Policy

Last updated Jul 17, 2026

Template policy. Review with legal counsel and complete the controller legal identity and registered address before public launch.

1. Who we are

My Admin Platform is operated by Miceli Works. For anything in this policy, or to exercise any of your rights, write to support@myadminplatform.com.

2. Two roles, clearly divided

For subscriber accounts (your name, email, and billing records) we act as the data controller. For the data each subscriber's practice holds about its own clients (appointments, client records, messages), the subscriber is the controller and we are the processor: we process that data solely to operate their website, on their instructions, and never for our own purposes.

3. What we collect, and why

  • Account details (name, email, password): to operate your account. Passwords are stored hashed, never in readable form.
  • Billing records (subscription history, invoices): to charge for the service. Payment cards are handled entirely by Stripe and never touch our servers.
  • Domain registration contacts, when you purchase a domain: passed to the registrar as ICANN requires.
  • Practice data (your clients' appointments, records, messages): stored in your practice's own isolated database, processed only to run your website.
  • Operational logs and audit trails: to keep the service secure, diagnose faults, and give you an account history you can review.

We use essential cookies only: session and security cookies that sign you in and protect forms. There are no advertising or cross-site tracking cookies, and we do not sell personal data.

4. Sub-processors

We use a small number of service providers, each processing only what its function requires: Stripe (payments), SendGrid (email delivery), GO Malta (SMS delivery), Google (calendar sync and sign-in, only where a practice enables them), our domain registrar (domains you purchase), and our hosting provider. Where a provider processes personal data outside the EEA, we rely on recognised transfer safeguards such as standard contractual clauses.

5. Security

Every practice's application data lives in a dedicated, isolated database with its own credentials; data is never mixed between practices. All traffic is encrypted in transit, access is logged in an audit trail, and backups are taken daily.

6. Retention

Practice data follows the published cancellation schedule: after cancellation it remains intact and exportable for 30 days, is then archived for a further 90 days, and is then permanently deleted (see the billing guide and the terms). Subscriber billing records are retained for as long as tax law requires. Data-export downloads expire and are deleted automatically after a few days.

7. Your rights

Subscribers can export their practice's complete data from the dashboard at any time, and can ask us to correct or delete their account data. Clients of a practice exercise their rights (access, export, erasure) directly with that practice, whose website includes the tooling to honour them; erasure removes a person's identity while preserving the practice's lawful business records. If you believe we have not handled your data properly, you can complain to your data-protection supervisory authority.

8. The directory

Directory listings are opt-in and contain only the text the practice chooses to publish. Unpublishing removes the listing immediately.

9. Changes to this policy

We may update this policy from time to time with reasonable notice to subscribers. The date at the top always tells you when it last changed.