The Maia Method Privacy Policy

Last updated: October 15, 2024

Quick Summary

  • What we collect: Your email, optional demographic details, and wellness information you choose to share (e.g., stress, sleep, health goals). We also collect limited system data (e.g., device type, error logs) to keep the app running smoothly.
  • Why we collect it: To provide personalised health insights, track your progress, and improve The Maia Method's services. Without your email, you can't create an account. Without wellness information, The Maia Method can't provide tailored recommendations.
  • Your rights: You can access, correct, or delete your data at any time. You can withdraw consent for optional uses like analytics or model evaluation.
  • How we protect it: Data is encrypted in transit and at rest, with strict access controls, regular security testing, and breach response procedures.
  • Who we share with: Trusted service providers who host or process data (e.g., Supabase, Pinecone, Vercel). We don't sell your personal information.
  • Overseas transfers: Your data may be stored in the US, Germany, or Singapore. We remain accountable under Australian law for their handling.
  • Contact us: If you have any privacy questions or complaints, you can contact our Privacy Officer at privacy@maiamethod.ai.

1. About This Policy

This Privacy Policy explains how The Maia Method ("we", "our", "us") manages personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

We have implemented practices, procedures, and systems to ensure compliance with the APPs, including:

  • Internal governance frameworks and staff training on privacy obligations.
  • Procedures for handling privacy inquiries and complaints.
  • Security and risk management programs aligned with OAIC guidance.

Where we are bound by any registered APP codes, we comply with those codes.

2. Your Choice to Remain Anonymous

Where lawful and practicable, you may interact with us anonymously or using a pseudonym. However, services such as creating a wellness profile and receiving personalised insights require identifiable information.

3. What Information We Collect and Why

3.1 Account Information

  • Email address (required for login)
  • Optional demographic information (e.g., age range, wellness goals)
  • Marketing preferences (if you choose)

3.2 Wellness Profile

  • Health goals and objectives
  • Current wellness concerns
  • User-provided medical history and lifestyle information

3.3 Daily Interactions

  • Conversations with the AI assistant
  • Wellness entries (stress, mood, sleep, energy)
  • File uploads (documents, images)
  • Usage patterns and preferences

3.4 System Data

  • AI response patterns
  • Engagement metrics
  • Performance and error logs
  • Device/browser details

3.5 Collection from Third Parties

Where you authorise integrations (e.g., wearables, health apps), we may collect information from those services.

3.6 Lawful Basis for Collection

Collection is reasonably necessary for The Maia Method's functions as an AI wellness companion, specifically to:

  • Provide personalised health insights.
  • Track wellness progress.
  • Deliver the services you have requested.

For sensitive health information, we generally rely on your express consent, unless another lawful basis applies.

Examples:

  • Without your health information, we cannot provide personalised recommendations.
  • Without your email, you cannot create an account or receive important service updates.

4. Notification of Collection

At or before the time we collect your information (or as soon as practicable afterwards), we will notify you of:

  • The purposes of collection.
  • Whether collection is required or authorised by law (not currently applicable).
  • The consequences if you do not provide information (see examples above).
  • Whether we are likely to disclose information to law enforcement or regulators (only where legally required).
  • That we disclose information to overseas recipients (see Section 8).
  • How you may access, correct, or complain about our handling of your information.

5. Sensitive Health Information

We treat your wellness data as sensitive information under the Privacy Act. We will only collect and use this information with your express consent, or where otherwise permitted by law.

You may withdraw consent at any time through your account settings.

6. How We Use Your Information

Primary Purpose

  • Deliver personalised wellness support.
  • Track your progress and goals.

Secondary Purposes

We may also use your information for purposes related to the primary purpose.

Examples include:

  • Improving AI accuracy.
  • Troubleshooting technical issues.
  • Developing new wellness features.
  • Ensuring platform security.

For sensitive health information, directly related secondary purposes may include:

  • Refining health recommendation algorithms.
  • Conducting safety assessments.

Direct Marketing

  • We may use your email for updates about The Maia Method.
  • You may opt out at any time.
  • We will never use sensitive health information for direct marketing.

7. AI Processing Transparency

The Maia Method uses automated processing to provide recommendations. We take steps to ensure accuracy, fairness, and transparency, including:

  • Regular testing for bias and accuracy.
  • Evaluation processes before changes are deployed.
  • AI models trained on de-identified data sets that do not include your personal conversations unless you have specifically consented.
  • Transparency features ("Why this suggestion?").
  • Human oversight over significant changes.

We do not make legally binding or high-risk decisions about you.

AI Transparency and Responsible Use

The Maia Method uses artificial intelligence to provide wellness insights and recommendations. To ensure fairness, accuracy, and accountability, we apply the following safeguards:

  • Training data: Our AI models are trained on large, de-identified datasets. Your personal conversations are not used to train models unless you have provided specific consent.
  • Bias and accuracy checks: We regularly evaluate outputs for accuracy, potential bias, and consistency across demographic groups.
  • Human oversight: New model updates are reviewed by our wellness and technical teams before release.
  • Explainability: Our "Why this suggestion?" feature gives you transparency about how recommendations are generated.
  • User choice: You may opt out of de-identified analytics or model evaluation at any time through your account settings.

8. Cross-Border Disclosures

Your information may be disclosed to service providers located in the United States (Supabase, Pinecone, Vercel) and Germany and Singapore (where our cloud providers operate).

If we transfer data to additional countries in the future, we will update this policy or notify you.

We take reasonable steps to ensure overseas recipients handle your information consistently with the APPs, including contractual safeguards.

Accountability Statement:

We remain accountable for any acts or practices of overseas recipients that would breach the APPs if done by us in Australia. If an overseas recipient breaches the APPs in handling your information, you may seek redress from us as if we had committed the breach ourselves.

Third-Party Service Providers

We use a small number of trusted third-party processors to operate The Maia Method. These providers are contractually required to handle your data in line with the APPs:

  • Supabase (US/Germany/Singapore): Secure database and authentication services for user accounts and wellness data.
  • Pinecone (US): Vector database hosting conversation embeddings to provide personalised AI responses.
  • Vercel (US/Germany/Singapore): Cloud hosting for our web application infrastructure.
  • Analytics providers (where consent is given): De-identified usage and performance metrics to help us improve The Maia Method.

We will update this policy (or notify you where required) if we add new providers or transfer data to additional countries.

9. Data Retention

We retain your information only as long as necessary:

Data TypeRetention Period
Account detailsLife of account + 90 days
Wellness profileLife of account, archived after 12 months of inactivity
Conversations12 months (configurable by you)
Embeddings12 months or until deletion
File uploads6 months
Logs/metrics30–90 days

You can export or delete your data at any time.

10. Security of Personal Information

We implement technical and organisational measures to protect your information, including:

  • Encryption in transit and at rest.
  • Role-based access controls.
  • Staff training and background checks.
  • Regular security assessments and penetration testing.
  • Incident response procedures.
  • Access logging and monitoring.
  • Data loss prevention measures.

11. Notifiable Data Breaches

If an eligible data breach occurs:

  • We will immediately conduct an assessment.
  • If serious harm is likely, we will notify affected individuals and the OAIC within 30 days of becoming aware that the breach is likely to result in serious harm.
  • We will provide recommendations to reduce risk.

12. Your Rights

You have the right to access and correct your personal information.

  • We will respond within 30 days, extendable by a further 30 days in complex cases.
  • Access may be refused where it would:
    • pose a serious threat to safety,
    • interfere with law enforcement activities,
    • breach legal professional privilege, or
    • reveal commercially sensitive information about our AI systems.
  • Access is free unless significant administrative costs apply.
  • Where access is refused, we will provide written reasons.

13. Complaints Handling

If you believe we have breached the APPs:

  • Contact our Privacy Officer.
  • We will acknowledge your complaint within 7 days.
  • We will aim to resolve it within 30 days.
  • If you are not satisfied, you may contact the Office of the Australian Information Commissioner (OAIC).

14. Children's Privacy

  • The Maia Method is not directed to children under 18.
  • We implement age verification checks at sign-up.
  • If we discover a user is under 18, we will delete their information.
  • If children's information is inadvertently collected, we may contact their parent/guardian to confirm consent or arrange deletion.

15. De-Identification & Data Portability

  • Where we use data for analytics or AI improvement, we apply de-identification standards consistent with OAIC guidance.
  • You may request a portable copy of your data in a structured, commonly used format.

16. Automated Decision-Making

The Maia Method uses AI to provide insights and recommendations. While these are automated, they are not binding decisions. We provide:

  • Information about the logic used.
  • Explanations for why a suggestion was made.
  • The ability to opt out of automated analysis by deleting your account.

17. Future-Proofing and Regulatory Developments

We monitor regulatory developments and may update our practices to reflect new requirements, including upcoming changes to children's privacy protections and AI governance standards.

As privacy laws evolve, we may implement additional rights and protections consistent with regulatory guidance and best practice.

18. Changes to This Policy

We may update this Privacy Policy to reflect changes in law, technology, or our practices. Updates will be posted here, and material changes will be notified to you directly.

19. Contact Us

If you have questions about this privacy policy, please contact:

Email: privacy@maiamethod.ai

If you are not satisfied with our response, you may contact the OAIC (www.oaic.gov.au).