Participant Services Privacy Policy

Maya, PBC (referred to as Maya, us, or we) provides web apps and any related offerings ("Services") pursuant to our SaaS End User License and Services Agreement ("License") with you. This Privacy Policy (“Policy”) is a disclosure of Maya’s privacy practices. More specifically, this policy outlines the data we collect, how we use this information, and in what circumstances we may share this information to third parties.

Use of www.mayahealth.com or other Maya websites and Maya’s Research Surveys (www.mayahealth.com/research/privacy) are governed by their own privacy policies. Please contact privacy@mayahealth.com if you have any questions.

Your healthcare provider (Provider) has a contract with Maya to use our software platform to manage, measure, and illustrate health outcomes. Maya’s services to you are offered as a component of Maya’s services to your Provider.

BY USING THE SOFTWARE AND SERVICES, YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM, DO NOT USE THE SOFTWARE OR SERVICES.

Data We Collect

Maya’s Services are used to collect and create multiple types of data, which include:

Participant-Identified Data means data stored within Maya's Services which is uniquely associated with you, the Participant, and can include information about the past, present, or future health status, health care, or payment for health care, or any other individually-identifiable information about you, the Participant.
De-Identified Data means data, derived from Participant-Identified Data, which has been deidentified using a process approved under the HIPAA Privacy RuleMaya collects information you willfully provide. For example, any forms you fill out with personally identifiable information, such as your name, email address, phone number or other information will be stored. Your Provider may ask you to complete health histories, health outcome surveys, or other questionnaires related to your health, all of which are stored.

When you use our Services, we also collect non-personally identifying information, including the browser type, language preference, referring site, and the date and time of each visit. This information is used by Maya to understand how users interact with and in optimization of our Services.

Maya also collects potentially personally identifiable information like Internet Protocol (IP) addresses for users that log into our Services.

Maya collects other data relating to the provision, use and performance of various aspects of the Services and related systems and technologies, for example, the features and functions of the system that you use, and the speed of system processing.

Use of Data

Maya may communicate with you if you have provided us the means to do so. For example, if you have given us your email address, we may send you emails on behalf of Maya related to promotions, product updates, as well as general brand information, or email you about your use of the Services. Also, we may receive a confirmation when you open an email from us. This confirmation helps us improve our communications with you. If you do not want to receive communications from us, please indicate your preference by sending an email to unsubscribe@mayahealth.com.

Maya’s uses of data collected include: (i) Maya uses information collected to improve and enhance the Services and for other development, diagnostic and corrective purposes in connection with the Services and other Maya offerings, (ii) Maya uses Participant-Identified Data to create De-Identified Data, (iii) Maya uses De-Identified Data in connection with its business, including to deliver services to other customers (iv) Maya uses information collected for clinical research and other outcomes studies.

Sharing of Data

Any disclosures of any Participant-Identified Data, which may include Protected Health Information as defined by HIPAA, are strictly limited and performed only in accordance with law, including the HIPAA regulations and the terms and conditions of the HIPAA Business Associate Agreement between Maya and your Provider. Maya always provides the opportunity for users to Opt-Out or revoke the permissions granted at a later date.

Maya may disclose De-Identified Data as follows: (i) Maya may discloses De-Identified Data in connection with its business, including to deliver services to other customers, (iii) Maya may sell or share De-Identified Data with third parties, and (iv) Maya may release high-level findings based on and including the De-Identified Data publicly, including to the press, media, and public websites. Maya offers Opt-Out provisions for certain sharing of De-Identified data as detailed in the Participant SaaS End User License and Services Agreement.

Third Party Technologies We Use

Maya uses multiple third-party technologies as part of delivery of our Services. These third-parties include:

Google Cloud Platform Primary cloud application and data service which hosts the Maya api, databases and related data infrastructure, and web applications.

Auth0Primary authentication and authorization platform that secures Maya’s web application and provides SSO to 3rd party services.

SendbirdA SaaS company that provides electronic messaging services to the Maya Platform.

SendGridAn email SaaS company that provides a programmable email API and email delivery for the Maya Platform communications.

Stitch DataA data SaaS company providing an ELT service that can ingest data from multiple data sources into a traditional data warehouse.Zoho One

Zoho One is an online CRM software that Maya uses to manages our sales, marketing and support in one CRM platform. Zoho Desk is used for our support ticketing system.

Google Cloud Platform
Primary cloud application and data service which hosts the Maya api, databases and related data infrastructure, and web applications.
Auth0
Primary authentication and authorization platform that secures Maya’s web application and provides SSO to 3rd party services.
Sendbird
A SaaS company that provides electronic messaging services to the Maya Platform.
SendGrid
An email SaaS company that provides a programmable email API and email delivery for the Maya Platform communications.
Stitch Data
A data SaaS company providing an ELT service that can ingest data from multiple data sources into a traditional data warehouse.
Zoho One
Zoho One is an online CRM software that Maya uses to manages our sales, marketing and support in one CRM platform. Zoho Desk is used for our support ticketing system.

Disclosures to law enforcement, judicial bodies, and regulatory authorities

Under certain circumstances, the information that you have provided can be subject to disclosure to law enforcement agencies, for compliance with a judicial or another government subpoena, warrant or order, or in response to requirements of regulatory or other governmental authorities. If this occurs and there is no specific obligation that prevents us from doing so, we will notify you of the disclosure.

Please note, after response to a subpoena there is always a risk that the disclosed data could be accessed by the requesting party. Maya cannot provide any further protection against this.

Insurance company & employer requests. Maya will not provide any person's data (PHI, PII, or non-PII) to an insurance company or employer. We are supporters of legislative efforts intended to prevent discrimination and to safeguard individuals' privacy.

Security

The security of your Personal Information is important to us, but some security weaknesses could exist. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.

Our practices include, but are not limited to, the use of the following security controls:

Security certifications. All data is stored only using hosting services that have complied with rigorous security certifications including HITRUST, ISO 27001, SOC 2 and others.
Segregation of Data. Sensitive data such a Participant-Identified Data is stored separately from less sensitive data, to reduce the possibility that non-authorized individuals could access the sensitive data.
Encryption. Maya uses industry-standard security measures to encrypt patient data both at rest and in transit.
Limited access to essential Maya personnel. Access to data is strictly limited to authorized personnel based on a need-to-know.

While our engineering team periodically reviews and improves our security measures to ensure compliance with best security practices, it is impossible to guarantee that breaches in security will not occur. As we value our users' opinions, we encourage you to provide feedback and contribute to ongoing best practices by contacting us at privacy@mayahealth.com.

Links to External Sites

Maya’s website may include links to external websites that are not controlled nor operated by Maya. By clicking on a third party link, you will be redirected to that website. Please review the Privacy Policy and terms of conditions on their website for further information.

Maya uses cookies and similar tracking technologies when you visit our Services to improve your experience of using our Services. Cookies are text files that contain small amounts of information that are downloaded to your computer/mobile device/tablet when you use an application. This information includes personal preferences (such as language or login information). Cookies keep track of which browsing device has visited a certain application before.

There are two types of cookies: session cookies and persistent cookies. A session cookie collects information while a browser has an application open. This information is automatically deleted when you close your browser. A persistent cookie is information that remains until you or your browser deletes the cookies.

There are also first- and third-party cookies. First party cookies are set by our application. These cookies provide Maya with analytics. Third party cookies are set by external parties and can recognize your device while you are on our application and when you use other websites. These third-party cookies can be collected when you click on an external website link. We encourage you to review all third-party privacy policies and cookie policies as we are not liable for their policies once you leave our application.

Users who do not wish for Maya to collect or use cookies should set their browsers to refuse cookies before using our applications. Please note that certain features on the application may not be available without the aid of cookies.

State Law & Privacy Rights

California Residents Rights

Under California Civil Code Sections 1798.83-1798.84, some California residents have specific rights regarding their personal information. These rights are subject to certain exceptions that can be found here. Further, if you are a current, former, or prospective employee or if we have collected or processed your personal information in connection with our business with a company, partnership, sole proprietorship, nonprofit or government agency, and you are an employee, owner, director, officer, or contractor of that entity, rights 1-3 below are not available to you until at least January 1, 2021.

Right to Disclosure of Information: You have the right to request that we disclose certain information regarding our practices with respect to personal information.
Right to Delete Personal Information: You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.
Right to Opt out of Sales of Your Personal Information: You have the right to direct a business that sells your personal information to third parties not to sell your personal information. This right is referred to as “the right to opt-out.”
Right to Non-Discrimination: You may exercise your rights under the CCPA without discrimination.
Direct Marketing and Do Not Track Signals: Under California’s “Shine the Light” law, California residents may request and obtain a notice once a year about the personal information we shared with other businesses for their own direct marketing purposes.

In order to submit such requests, please contact us at legal@mayahealth.com

Nevada Resident Rights

If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Information to third parties who intend to license or sell that Personal Information. You can exercise this right by contacting us at privacy@mayahealth.com with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your Personal Information as sales are defined in Nevada Revised Statutes Chapter 603A.

Please note that Maya has the right to change its Privacy Policies from time to time. Maya thus encourages its users to continue to review our privacy policies regularly to ensure it is compliant with their preferences.
If you have any questions about this privacy policy, please contact us at privacy@mayahealth.com

Last Updated: August 5, 2021