Maya also collects potentially personally-identifiable information like Internet Protocol (IP) addresses for users that log into our website and leave comments on our blog posts. Maya also collects any information you willfully provide. For example, any forms you fill out with personally identifiable information, such as your name, organization name, email address and phone number will be stored.
Please note that Maya Practitioner Platform users (Practitioners or Clients) retain all rights to their individual data. Proprietary Information of Practitioner includes non-public data provided by Practitioner to Company to enable the provision of the Services including any data related to Clients, but in all cases excluding the De-Identified Data (as defined below) (collectively “Practitioner Data”). Proprietary Information of Client includes non-public data provided by Client to Company to enable the provision of the Services including any Personal Health Information and Health Outcomes, but in all cases excluding the De-Identified Data (as defined below).
You must be at least 18 years old to have our permission to use this site. Our policy is that we do not knowingly collect, use or disclose Personally Identifiable Information about visitors that are under 18 years of age. In compliance with the U.S. Children’s Online Privacy Protection Act (COPPA), our services and products are not directed to users under 18 years of age, unless accessed under the careful supervision and consent of a parent or legal guardian. Any use by someone under this age is strictly prohibited and will be terminated immediately upon discovery. Further, any personally identifiable information provided by someone under 13 or that identifies someone under this age, will be deleted immediately upon discovery if in violation of this restriction.
Maya shall have the right to collect and analyze data and other information relating to the provision, use and performance of various aspects of the Services and related systems and technologies (including, without limitation, information concerning Practitioner Data and data derived therefrom), and Maya will be free (during and after the term hereof) to (i) use such information and data to improve and enhance the Services and for other development, diagnostic and corrective purposes in connection with the Services and other Company offerings, (ii) disclose and use such data solely in aggregate or other de-identified form that does not contain personally identifiable information (“De-Identified Data”) in connection with its business, including without limitation to deliver services to other customers, (iii) Company may sell or share this De-Identified Data with third parties, and (iv) Company may release high-level findings based on and including the De-Identified Data on Company website, and share findings with press and media. No rights or licenses are granted except as expressly set forth herein.
Maya is unable to decrypt your personally identifiable information without your involvement. However as part of a subpoena there is always a risk that the disclosed encrypted data could be decrypted by the requesting party. Maya cannot provide any further protection against this. If this is a concern to you, we recommend using the pseudonymous account registration options.
Maya operates on “your data, your choice” principles.
Right to opt-out: Maya provides opportunities to Opt-Out of all aspects of data sharing within our Services on an individual item basis.
Right to be anonymous: Maya will provide users with the option to register entirely pseudonymously fully protecting their identity. Users who elect to do this will not have any limitations put on their experience apart from features being disabled to protect their identities (e.g. calendar sync).
Right to be forgotten: Maya complies with all GDPR and CCPA legislation. As such, a GDPR "right to be forgotten" request, can be sent to firstname.lastname@example.org. A sample letter for such a request can be found here. Please note that it takes up to 30 days to process such requests.
Our practices include, but are not limited to, the following areas:
ISO/IEC 27001:2013 certification. Our information security management system, which protects Maya systems, has been certified under the ISO/IEC 27001:2013 standard. View or download our certification here.
Encryption. Maya uses industry-standard security measures to encrypt patient data both at rest and in transit. All personally identifiable information is session-level encrypted. Furthermore, this information cannot be decrypted by the Maya software nor by any of our employees without the participants' consent and involvement.
Limited access to essential Maya personnel:We limit data access to authorized personnel, based on job function and role. Maya access controls include multi-factor authentication, and strict least-privileged authorization policy. All access to services deployed by Maya are authenticated, authorized, and encrypted.
Right to Disclosure of Information: You have the right to request that we disclose certain information regarding our practices with respect to personal information.
Right to Delete Personal Information: You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.
Right to Opt out of Sales of Your Personal Information: You have the right to direct a business that sells your personal information to third parties not to sell your personal information. This right is referred to as “the right to opt-out.”
Right to Non-Discrimination: You may exercise your rights under the CCPA without discrimination.
Direct Marketing and Do Not Track Signals: Under California’s “Shine the Light” law, California residents may request and obtain a notice once a year about the personal information we shared with other businesses for their own direct marketing purposes.
Attn: Data Protection Officer
1312 17th St., Suite 775
Denver, CO. 80202-1508