Privacy Policy

Your use of Maya’s website, www.mayahealth.com, Maya’s apps and other websites, and any related offerings ("Services") is subject to the Terms and Conditions ("Terms") set forth in www.mayahealth.com/terms and our Privacy Policy (“Policy”).

Herein lies Maya PBC’s privacy policy regarding the use of our website and the data collected while users are on this website. More specifically, this policy outlines how we use this information, and in what circumstances we may share this information to third parties. Use of other Maya Services, including but not limited to the Maya Practitioner Platform, and Maya’s Research Surveys and Services are governed by their own Privacy Policies which supersede this one. Please contact privacy@mayahealth.com if you have any questions.
Data We Collect
When you use our website, www.mayahealth.com, we collect non-personally identifying information, including the browser type, language preference, referring site, and the date and time of each visit. This information is used by Maya to understand how users interact with our website and to optimize our services.

Maya also collects potentially personally-identifiable information like Internet Protocol (IP) addresses for users that log into our website and leave comments on our blog posts. Maya also collects any information you willfully provide. For example, any forms you fill out with personally identifiable information, such as your name, organization name, email address and phone number will be stored.

Please note that Maya Practitioner Platform users (Practitioners or Clients) retain all rights to their individual data. Proprietary Information of Practitioner includes non-public data provided by Practitioner to Company to enable the provision of the Services including any data related to Clients, but in all cases excluding the De-Identified Data (as defined below) (collectively “Practitioner Data”). Proprietary Information of Client includes non-public data provided by Client to Company to enable the provision of the Services including any Personal Health Information and Health Outcomes, but in all cases excluding the De-Identified Data (as defined below).

You must be at least 18 years old to have our permission to use this site. Our policy is that we do not knowingly collect, use or disclose Personally Identifiable Information about visitors that are under 18 years of age. In compliance with the U.S. Children’s Online Privacy Protection Act (COPPA), our services and products are not directed to users under 18 years of age, unless accessed under the careful supervision and consent of a parent or legal guardian.  Any use by someone under this age is strictly prohibited and will be terminated immediately upon discovery. Further, any personally identifiable information provided by someone under 13 or that identifies someone under this age, will be deleted immediately upon discovery if in violation of this restriction.
Use of Data
Maya may communicate with you if you’ve provided us the means to do so. For example, if you’ve given us your email address, we may send you emails on behalf of Maya related to promotions, product updates, as well as general brand information, or email you about your use of the Services.  Also, we may receive a confirmation when you open an email from us. This confirmation helps us make our communications with you more interesting and improve our services. If you do not want to receive communications from us, please indicate your preference by sending an email to unsubscribe@mayahealth.com.

Maya shall have the right to collect and analyze data and other information relating to the provision, use and performance of various aspects of the Services and related systems and technologies (including, without limitation, information concerning Practitioner Data and data derived therefrom), and Maya will be free (during and after the term hereof) to (i) use such information and data to improve and enhance the Services and for other development, diagnostic and corrective purposes in connection with the Services and other Company offerings, (ii) disclose and use such data solely in aggregate or other de-identified form that does not contain personally identifiable information (“De-Identified Data”) in connection with its business, including without limitation to deliver services to other customers, (iii) Company may sell or share this De-Identified Data with third parties, and (iv) Company may release high-level findings based on and including the De-Identified Data on Company website, and share findings with press and media. No rights or licenses are granted except as expressly set forth herein.
Sharing of Data
Maya will not share any personally-identifying information with any third party unless you specifically provide us with permission to do so by opting into such an activity, service, or program. Maya always provides the opportunity for users to Opt-Out or revoke the permissions granted at a later date.

Maya may provide non-personally identifiable aggregate information to third parties (de-identified data). Aggregate information is data that has been amalgamated from multiple participants and is not linked to any specific individual. When your data is compiled into aggregated information, all personally identifiable information is removed and combined with other users’ data so that no individual can reasonably be identified.
Third Party Technologies We Use
Law Enforcement Requests
Under certain circumstances, the information that you have provided can be subject to be disclosed in the event of a judicial or another government subpoena, warrant or order, or in coordination with regulatory authorities. If this occurs and there is no specific request that prevents us from doing so, we will notify all affected individuals as we are legally obliged to comply with valid governmental requests.

Maya is unable to decrypt your personally identifiable information without your involvement. However as part of a subpoena there is always a risk that the disclosed encrypted data could be decrypted by the requesting party. Maya cannot provide any further protection against this. If this is a concern to you, we recommend using the pseudonymous account registration options.
Insurance Company & Employer Requests
Maya will not provide any person's data (PII or non-PII) to an insurance company or employer. We are supporters of legislative efforts intended to prevent discrimination and to safeguard individuals' privacy.
Right to Choose
Maya operates on “your data, your choice” principles. Maya provides opportunities to opt-out of all aspects of data sharing within our Services on an individual basis.

Maya operates on “your data, your choice” principles.

Right to opt-out: Maya provides opportunities to Opt-Out of all aspects of data sharing within our Services on an individual item basis.

Right to be anonymous: Maya will provide users with the option to register entirely pseudonymously fully protecting their identity. Users who elect to do this will not have any limitations put on their experience apart from features being disabled to protect their identities (e.g. calendar sync).

Right to be forgotten: Maya complies with all GDPR and CCPA legislation. As such, a GDPR "right to be forgotten" request, can be sent to security@mayahealth.com. A sample letter for such a request can be found here. Please note that it takes up to 30 days to process such requests.
Security
The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.

Our practices include, but are not limited to, the following areas:
  • ISO/IEC 27001:2013 certification. Our information security management system, which protects Maya systems, has been certified under the ISO/IEC 27001:2013 standard. View or download our certification here.

  • Encryption. Maya uses industry-standard security measures to encrypt patient data both at rest and in transit. All personally identifiable information is session-level encrypted. Furthermore, this information cannot be decrypted by the Maya software nor by any of our employees without the participants' consent and involvement.

  • Limited access to essential Maya personnel:We limit data access to authorized personnel, based on job function and role. Maya access controls include multi-factor authentication, and strict least-privileged authorization policy. All access to services deployed by Maya are authenticated, authorized, and encrypted.

While our engineering team periodically reviews and improves our security measures to ensure compliance with best privacy practices, it is impossible to guarantee that breaches in security will not occur. As we value our users' opinions, we encourage you to provide feedback and contribute to ongoing best practices by contacting us at privacy@mayahealth.com.
Aggregated Statistics
Maya may collect statistics about the behavior of visitors on our website, including how much time someone spends on our website, and which pages on our website are visited most frequently. This allows us to understand what parts of our website are most interesting to visitors. Maya may disclose this information publicly or share it with third parties. However, Maya does not disclose any personally-identifiable information.
Cookies
Maya uses cookies and similar tracking technologies when you visit our website in order to best enrich your experience on our website. Cookies are text files that contain small amounts of information that are downloaded to your computer/mobile device/tablet when you use a website. This information includes appropriate advertising materials and also personal preferences (such as language or login information). Cookies keep track of which browsing device has visited a certain website before.

There are two types of cookies; session cookies and persistent cookies. A session cookie collects information while a browser has a website open. This information is automatically deleted when you close your browser. A persistent cookie is information that remains until you or your browser deletes the cookies.

There are also first and third party cookies. First party cookies are set by our website. These cookies provide Maya with analytics regarding marketing and advertising. Third party cookies are set by external parties and can recognize your device while you are on our website and when you use other websites. These third party cookies can be collected when you click on an external website link. We encourage you to review all third party privacy policies and cookie policies as we are not liable for their policies once you leave our website.

Users who do not wish for Maya to collect or use cookies should set their browsers to refuse cookies before using our website. Please note that certain features on the website will not be available without the aid of cookies.
State Law & Privacy Rights
California Residents Rights
Under California Civil Code Sections 1798.83-1798.84, some California residents have specific rights regarding their personal information.  These rights are subject to certain exceptions that can be found here.  Further, if you are a current, former, or prospective employee or if we have collected or processed your personal information in connection with our business with a company, partnership, sole proprietorship, nonprofit or government agency, and you are an employee, owner, director, officer, or contractor of that entity, rights 1-3 below are not available to you until at least January 1, 2021.
  1. Right to Disclosure of Information: You have the right to request that we disclose certain information regarding our practices with respect to personal information.

  2. Right to Delete Personal Information: You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.

  3. Right to Opt out of Sales of Your Personal Information: You have the right to direct a business that sells your personal information to third parties not to sell your personal information.  This right is referred to as “the right to opt-out.”

  4. Right to Non-Discrimination: You may exercise your rights under the CCPA without discrimination.

  5. Direct Marketing and Do Not Track Signals: Under California’s “Shine the Light” law, California residents may request and obtain a notice once a year about the personal information we shared with other businesses for their own direct marketing purposes.

In order to submit such requests, please contact us at legal@mayahealth.com
Nevada Resident Rights
If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Information to third parties who intend to license or sell that Personal Information. You can exercise this right by contacting us at privacy@mayahealth.com with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your Personal Information as sales are defined in Nevada Revised Statutes Chapter 603A.
Privacy Policy Changes
Please note that Maya has the right to change its Privacy Policy from time to time. These changes are likely only minor changes. Maya thus encourages its users to continue to review our privacy policy regularly to ensure it is compliant with their preferences.

If you have any questions about this privacy policy please contact us at privacy@mayahealth.com. by mail:
Attn: Data Protection Officer
Maya PBC
1312 17th St., Suite 775
Denver, CO. 80202-1508
Last Updated: December 24, 2020