Statement on use of Data and Privacy
Maya is an ethical data-driven enterprise.
As part of our commitment to this, Maya will continually stay abreast of, and adhere to data ethics best practices like those outlined by DataEthics.eu. These commitments include – but are not limited to – principles such as Maya never selling the personally identifying information or personal health information of our users. In addition, Maya’s de-identified, aggregated, and anonymized data will only be used for research purposes and will never be used for marketing purposes.
Beyond this, here are five key ways we attempt to maintain your privacy and operate as an ethical data driven business:
Learn what we do with your information
When you register and use our platform, we collect personal information such as your name, email address, and web behavior information (including your IP address). We collect personal health information and health outcome information through your intake forms, treatment information, and survey responses you, or your practitioner provides.
How We Protect Your Identity
Maya makes use of aggregate information for conducting our research and delivering collective insights to the community and our practitioner customers. Aggregate information is data that has been amalgamated from multiple participants and is not linked to any specific individual. In addition, we will offer the ability to use Maya entirely pseudonymously, further protecting your privacy by removing the need to provide any personally identifiable information during registration.
How We Store Your Information
This personally identifiable information and all registration information will be stored separately from any aggregate information used for research purposes to minimize any possibility of identities being discovered from our research data.
Third Party Technologies We Use
The information that our users (Practitioners and Clients) provide us with, as well as any passively collected data from interactions with our platforms, is used to communicate with our customers, optimize our services, conduct research, and deliver collective insights and benchmarks to our users. We will never sell or lease your personal data, and aggregate data will never be used for marketing purposes.
Your Data, Your Choice
Learn more about how we use data for good
Through your account preferences, users are provided with controls over how their data is used within the Maya ecosystem. Users have the ability to opt-out of each individual way their data is used within our Services, including but not limited to, choosing whether to share your data in Maya’s aggregate data, to participate in any research activities, as well as choosing how Maya and our partners communicate with you and on what topics.You can regularly reassess and change the settings around how your information is stored, used, and shared at any time in your account preferences or by contacting email@example.com directly.
Right to be anonymous
Maya will provide users with the option to register entirely pseudonymously fully protecting their identity. Users who elect to do this will not have any limitations put on their experience apart from features being disabled to protect their identities (e.g. calendar sync).
Right to be forgotten
Maya complies with all GDPR and CCPA legislation. As such, a GDPR "right to be forgotten" request, can be sent to firstname.lastname@example.org. A sample letter for such a request can be found here. Please note that it takes up to 30 days to process such requests.
Research With Consent
Learn more about research with consent
Maya’s research consists of analyzing aggregate information, conducting research surveys, and working with selected third-parties to support their research goals. You can opt out of any or all of these at any time. You can regularly revoke, reassess, and change the settings regarding how your information is stored, used, and shared at any time in your account settings or by contacting email@example.com directly.
How We Protect Your Identity In Our Research
Our research makes use of aggregate information. Aggregate information is data that has been amalgamated from multiple participants and is not linked to any specific individual. When your data is compiled into aggregated information, all personally identifiable information is removed and combined with other participants' data so that no individual can reasonably be identified.
People who have chosen to participate in studies that involve the treatment of specific conditions may be asked to provide additional consent forms for researchers to reference their de-identified, individual-level information for ongoing research. As with everything, this is your choice.
Choose To (Or Not To) Participate In Third Party Research
The de-identified and aggregated data gathered may also contribute to the research of selected third-party institutions working with Maya. These third-parties may also field research studies via our network to you. It will always be your choice to take part in these studies via an explicit opt-in.
Data For Good
Learn more about how we use data for good
Maya uses aggregate information to develop collective insights to help further the collective understanding and knowledge of psychedelic medicines, protocols, efficacy, and approaches. This insight is available within the Maya Practitioner platform to help practitioners better understand how their approaches compare to the cross-practice benchmarks we develop using this information. This in turn helps to identify areas for improvement and helps our practitioner customers to improve their health outcomes.
How Maya Handles Data For Use In Collective Insights
We collect your individual-level information into what is called aggregate information. All Personally Identifiable Information has been removed in aggregated information. We use and share this aggregated information with selected third parties in order to conduct our own research, develop research reports, educate our users, and improve our services.
Access To Your Data
Maya will never sell or lease the personally identifying information or personal health information of our users. We will actively prevent your individual-level information from being viewable, downloadable, or exportable from our systems. In addition, Maya’s de-identified, aggregated, and anonymized data will only be used for research purposes and will never be used for marketing purposes.
Zero Trust Security
Learn how we protect your information
We limit data access to authorized personnel, based on job function and role. Maya access controls include multi-factor authentication, and strict least-privileged authorization policy. All access to services deployed by Maya are authenticated, authorized, and encrypted.
Standards and Procedures
Our practices include, but are not limited to, the following areas:
Zero-trust is a security principle believing that organizations should not inherently trust anything inside or outside of their perimeters and instead should verify anything trying to connect to their systems (without using a VPN).
Zero-Trust Cloud Networks at Maya
With a secured Zero-Trust architecture as outlined above (based on BeyondCorp), we can build layered security on top of applications and resources without the need for a VPN, while still centrally managing access. This can even extend beyond GCP to applications hosted in other cloud platforms like AWS and Azure.
ISO/IEC 27001:2013 certification
Our information security management system, which protects Maya systems, has been certified under the ISO/IEC 27001:2013 standard. View or download our certification here.
Maya uses industry-standard security measures to encrypt patient data both at rest and in transit in compliance with HIPAA standards.
While our engineering team periodically reviews and improves our security measures to ensure compliance with best privacy practices, no digital system is one hundred percent secure and it is impossible to guarantee security of any such system.