As part of our commitment to this, Maya will continually stay abreast of, and adhere to data ethics best practices like those outlined by DataEthics.eu. These commitments include – but are not limited to – principles such as Maya never selling the personally identifying information or personal health information of our users. In addition, Maya’s de-identified, aggregated, and anonymized data will only be used for research purposes and will never be used for marketing purposes.
Beyond this, here are five key ways we ensure your privacy and operate as an ethical data driven business:
Privacy is of the utmost priority for Maya. In designing our product, we kept privacy at the forefront of this process. You can learn about what information we collect, how we protect your identity, how we store your information, and what we do with your information below.
When you register and use our platform, we collect personal information such as your name, credit card, email address, and web behavior information (including your IP address). We collect personal health information and health outcome information through your intake forms, treatment information, and survey responses you, or your practitioner provides.
Maya makes use of aggregate information for conducting our research and delivering collective insights to the community and our practitioner customers. Aggregate information is data that has been amalgamated from multiple participants and is not linked to any specific individual.
In addition, we will offer the ability to use Maya entirely pseudonymously, further protecting your privacy by removing the need to provide any personally identifiable information during registration.
This personally identifiable information and all registration information will be stored separately from any aggregate information used for research purposes to minimize any possibility of identities being discovered from our research data.
The information that our users (Practitioners and Clients) provide us with, as well as any passively collected data from interactions with our platforms, is used to communicate with our customers, optimize our services, conduct research, and deliver collective insights and benchmarks to our users. We will never sell or lease your personal data, and aggregate data will never be used for marketing purposes.
Maya wants you to decide how we use your health information and where it travels. We give you the ability to choose how your data is used and with whom it is shared. You can learn more about your right to choose, your right to be anonymous, and your right to be forgotten below.
Through your account preferences, users are provided with controls over how their data is used within the Maya ecosystem. Users have the ability to opt-out of each individual way their data is used within our Services, including but not limited to, choosing whether to share your data in Maya’s aggregate data, to participate in any research activities, as well as choosing how Maya and our partners communicate with you and on what topics.
You can regularly reassess and change the settings around how your information is stored, used, and shared at any time in your account preferences or by contacting email@example.com directly.
Maya will provide users with the option to register entirely pseudonymously fully protecting their identity. Users who elect to do this will not have any limitations put on their experience apart from features being disabled to protect their identities (e.g. calendar sync).
Maya complies with all GDPR and CCPA legislation. As such, a GDPR "right to be forgotten" request, can be sent to firstname.lastname@example.org. A sample letter for such a request can be found here. Please note that it takes up to 30 days to process such requests.
Part of Maya’s mission is to contribute to ongoing research and insights on the efficacy of psychedelic-assisted therapy. In order to successfully carry out our mission, Maya supports research through a combination of analyzing our aggregate data, and direct market research activities. You can learn more about our opt-in/out policy, how we protect your identity, and the details of how we support third party research below.
Maya’s research consists of analyzing aggregate information, conducting research surveys, and working with selected third-parties to support their research goals. You can opt out of any or all of these at any time. You can regularly revoke, reassess, and change the settings regarding how your information is stored, used, and shared at any time in your account settings or by contacting email@example.com directly.
Our research makes use of aggregate information. Aggregate information is data that has been amalgamated from multiple participants and is not linked to any specific individual. When your data is compiled into aggregated information, all personally identifiable information is removed and combined with other participants' data so that no individual can reasonably be identified.
People who have chosen to participate in studies that involve the treatment of specific conditions may be asked to provide additional consent forms for researchers to reference their de-identified, individual-level information for ongoing research. As with everything, this is your choice.
The de-identified and aggregated data gathered may also contribute to the research of selected third-party institutions working with Maya. These third-parties may also field research studies via our network to you. It will always be your choice to take part in these studies via an explicit opt-in.
Part of Maya’s core mission is to help accelerate the rate of acceptance of psychedelic medicine. We believe that in order to do this, the world of psychedelic medicine needs better data to surface safe, effective practices for scale. For this reason, gathering collective insights from across our user base is of the highest priority. We believe that by amalgamating our aggregate data, we can help impact the rate of acceptance of this revolutionary approach to healing. You can learn more about how collective insights improve health outcomes, how your data is handled, and who has access to your data below.
Maya uses aggregate information to develop collective insights to help further the collective understanding and knowledge of psychedelic medicines, protocols, efficacy, and approaches. This insight is available within the Maya Practitioner platform to help practitioners better understand how their approaches compare to the cross-practice benchmarks we develop using this information. This in turn helps to identify areas for improvement and helps our practitioner customers to improve their health outcomes.
We collect your individual-level information into what is called aggregate information. All Personally Identifiable Information has been removed in aggregated information. We use and share this aggregated information with selected third parties in order to conduct our own research, develop research reports, educate our users, and improve our services.
Maya will never sell or lease the personally identifying information or personal health information of our users. We will actively prevent your individual-level information from being viewable, downloadable, or exportable from our systems. In addition, Maya’s de-identified, aggregated, and anonymized data will only be used for research purposes and will never be used for marketing purposes.
Maya believes that your health information requires the highest level of security. Please read below to understand how we protect your information. You can learn more about user access and how our standards to secure and encrypt your information below.
We limit data access to authorized personnel, based on job function and role. Maya access controls include multi-factor authentication, and strict least-privileged authorization policy. All access to services deployed by Maya are authenticated, authorized, and encrypted.
Our practices include, but are not limited to, the following areas:
Zero-trust is a security principle believing that organizations should not inherently trust anything inside or outside of their perimeters and instead should verify anything trying to connect to their systems (without using a VPN).
With a secured Zero-Trust architecture as outlined above (based on BeyondCorp), we can build layered security on top of applications and resources without the need for a VPN, while still centrally managing access. This can even extend beyond GCP to applications hosted in other cloud platforms like AWS and Azure.
ISO/IEC 27001:2013 certification
Our information security management system, which protects Maya systems, has been certified under the ISO/IEC 27001:2013 standard. View or download our certification here.
Maya uses industry-standard security measures to encrypt patient data both at rest and in transit in compliance with HIPAA standards.
While our engineering team periodically reviews and improves our security measures to ensure compliance with best privacy practices, no digital system is one hundred percent secure and it is impossible to guarantee security of any such system.
As we value our users' opinions, experience, and observations, we encourage you to provide feedback and contribute to ongoing best practices by contacting us at firstname.lastname@example.org.
Last Updated: October 14, 2020