Privacy Policy

1. Introduction

Welcome to MyKaya ("we," "us," or "our"). We operate the website https://mykaya.app (the "Service"). Your privacy is important to us. This Privacy Policy explains how we collect and use information when you log in using Google SSO. By using our Service, you agree to the practices described here.

2. Information We Collect

A. Information You Provide

When you use our Service, we may collect information you provide directly, such as:

• Name
• Email address

B. Information Collected via Google OAuth (SSO)

When you log in with your Google account, we collect only the information necessary to create and manage your account:

• Basic profile info: Name, email address, profile picture

Important: We do not access your emails, Google Drive, Calendar, or any other personal data.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Create and manage your MyKaya account
• Allow you to log in securely without creating a new password
• Personalize your account (e.g., display your name and profile picture)
• Improve website performance and user experience through analytics
• Communicate with you about service updates

Third-Party Service Providers

We work with trusted third-party providers to deliver our services:

• Vercel: Website hosting and analytics
• Stack Auth: Authentication infrastructure provider (configured with Google SSO)
• Google: Authentication services

We do not use this information for marketing purposes or share it with third parties, except as required by law or for technical support providers who maintain confidentiality.

4. Data Shared with Meta (Facebook)

We use Meta (Facebook) Pixel and Conversions API to measure the effectiveness of our advertising and improve our services.

Purpose

Advertising measurement, conversion tracking, and audience targeting.

Automatically Collected (Browser-Side)

When you visit our website, Meta automatically collects:

• Page URLs visited on MyKaya Health
• Device information: Browser type, operating system, screen resolution
• IP address (approximate location)
• Cookies: _fbp (Facebook browser ID), _fbc (Facebook click ID from ads)
• Referrer URL (where you came from)
• Timestamp of page visits

User Information Shared (Hashed Before Sending)

When you create an account or provide information, we share the following in hashed (encrypted) form:

• Email address (SHA-256 hashed)
• Phone number (SHA-256 hashed, digits only)
• First name (SHA-256 hashed, if provided)
• Last name (SHA-256 hashed, if provided)

Note: Hashing is a one-way encryption - Meta receives scrambled versions they can match to their database, but cannot reverse to see your actual email/phone.

Events Tracked

• PageView: When you visit pages
• CompleteRegistration: When you complete signup
• Custom events: When you save your mobile number

What's NOT Shared

We do not share any patient health information, clinical data, or therapy session content with Meta. Specifically:

• Patient/client data (names, session notes, transcripts)
• Audio recordings
• Clinical information
• Payment details
• Passwords or authentication tokens

Data Retention

Meta retains this data according to their Business Tools Terms and Data Policy.

Your Rights

You can:

• Opt out of personalized ads via Facebook Ad Preferences
• Request deletion of your data through Meta's privacy tools

For more information about how Meta uses this data, please review Meta's Data Policy.

5. Data Security

MyKaya implements reasonable security measures to safeguard your personal and confidential information from unauthorized access, disclosure, or misuse. These measures include, but are not limited to, access controls and data storage practices. However, please note that no online platform, server, or transmission over the internet is completely secure. While we strive to protect your information, MyKaya cannot guarantee absolute security of data transmitted or stored through our systems. For additional information regarding user responsibilities, limitations of liability, and general conditions of use, please review our Terms & Conditions.

6. Data Retention and Deletion

We retain personal data only as long as necessary for the purposes outlined in this policy:

• Account data: Until you delete your account or request deletion
• Analytics data: Aggregated and anonymized data may be retained for service improvement

We retain personal data only as long as necessary. You can request deletion of your account and associated data by emailing team@mykaya.app with the subject "Data Deletion Request."

7. Children's Privacy

The Service is not intended for children under 13, and we do not knowingly collect information from them.

8. Changes to This Privacy Policy

MyKaya reserves the right to modify, update, or change this Privacy Policy at any time at our sole discretion without prior notice. Changes will be posted on this page with an updated effective date. Your continued use of the platform after any such changes constitutes your acceptance of the updated Privacy Policy.

9. Contact Us

For questions about this policy or your data, email us at team@mykaya.app.