Privacy Policy

Your privacy and health data security are our top priorities. This policy explains how we collect, use, and protect your information.

Last updated: January 2024

1. Information We Collect

Health Information (Protected Health Information - PHI)

  • Blood glucose readings and patterns
  • Medication information and dosages
  • Food intake and carbohydrate data
  • Exercise and activity levels
  • Sleep patterns and stress levels
  • Diabetes type and management history

Personal Information

  • Name, email address, and contact information
  • Date of birth and demographic information
  • Account credentials and preferences
  • Device information and usage data

Technical Information

  • IP address and device identifiers
  • App usage patterns and interactions
  • Error logs and performance data
  • Location data (if enabled)
2. How We Use Your Information

Primary Uses (Treatment, Payment, Operations)

  • Provide AI-powered glucose predictions and insights
  • Generate personalized diabetes management recommendations
  • Send medication and testing reminders
  • Create reports for healthcare providers (with your consent)
  • Improve our AI algorithms and service quality

Secondary Uses (With Your Consent)

  • Research to improve diabetes care (de-identified data only)
  • Marketing communications about relevant features
  • Integration with third-party health apps and devices
3. Information Sharing and Disclosure

We never sell your health information. Your PHI is only shared in limited circumstances as described below.

With Your Authorization

  • Healthcare providers you designate
  • Family members or caregivers you specify
  • Third-party health apps you connect

Without Authorization (As Permitted by Law)

  • Emergency situations to prevent serious harm
  • Legal proceedings when required by court order
  • Public health authorities for disease prevention
  • Business associates who help us operate (under strict agreements)
4. Your Privacy Rights

Under HIPAA and applicable privacy laws, you have the right to:

Access & Control

  • Access your health information
  • Request corrections to your data
  • Download your data
  • Delete your account and data

Privacy Controls

  • Restrict certain uses of your information
  • Request confidential communications
  • Revoke authorizations
  • File privacy complaints

To exercise your rights: Contact our Privacy Officer at privacy@mayaai.com or use the privacy controls in your account settings.

5. Data Security and Protection

We implement comprehensive security measures to protect your health information:

Technical Safeguards

  • End-to-end encryption for data transmission
  • AES-256 encryption for data storage
  • Multi-factor authentication
  • Regular security audits and penetration testing
  • Secure cloud infrastructure (SOC 2 compliant)

Administrative Safeguards

  • HIPAA compliance training for all staff
  • Role-based access controls
  • Regular privacy and security assessments
  • Incident response procedures

Physical Safeguards

  • Secure data centers with 24/7 monitoring
  • Biometric access controls
  • Environmental controls and backup systems
6. Data Retention

We retain your information for different periods based on type and purpose:

Active health dataWhile account is active + 7 years
Account informationWhile account is active + 3 years
De-identified research dataIndefinitely (cannot be linked to you)
Marketing dataUntil you opt out

You can request earlier deletion of your data, subject to legal and regulatory requirements.

7. International Data Transfers

Maya AI operates primarily in the United States. If you're located outside the US, your information may be transferred to and processed in the US, which may have different privacy laws.

We ensure appropriate safeguards are in place for international transfers, including:

  • Standard contractual clauses approved by relevant authorities
  • Adequacy decisions where applicable
  • Your explicit consent for transfers
8. Children's Privacy

Maya AI is not intended for children under 13. We do not knowingly collect personal information from children under 13 without parental consent.

For users aged 13-17, we require parental consent before collecting health information. Parents have the right to:

  • Review their child's information
  • Request deletion of their child's data
  • Refuse further collection of their child's information
9. Changes to This Privacy Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. We will:

  • Notify you of material changes via email or app notification
  • Post the updated policy on our website
  • Provide a 30-day notice period for significant changes
  • Obtain your consent for changes that expand our use of your PHI
10. Contact Us

If you have questions about this privacy policy or want to exercise your privacy rights:

Privacy Officer

Email: privacy@mayaai.com

Phone: 1-800-MAYA-AI1

Mailing Address

Maya AI Privacy Department
123 Health Tech Blvd
San Francisco, CA 94105

File a Complaint

You have the right to file a complaint with us or with the Department of Health and Human Services if you believe your privacy rights have been violated. We will not retaliate against you for filing a complaint.

© 2024 Maya AI. All rights reserved.

This privacy policy is effective as of January 1, 2024.

Terms of ServiceHIPAA NoticeMedical Disclaimer