Privacy Policy

Effective Date: December 5, 2025

Last updated: June 26, 2026

1. Introduction

Welcome to MyKaya ("we," "us," or "our"). We operate the website https://mykaya.app (the "Service"). Your privacy is important to us. This Privacy Policy explains how we collect, use, and protect information across our website and the MyKaya product, including the session data practitioners process through the service. By using our Service, you agree to the practices described here.

2. Information We Collect

A. Information You Provide

When you use our Service, we may collect information you provide directly, such as:

  • Name
  • Email address

B. Information Collected via Google OAuth (SSO)

When you log in with your Google account, we collect only the information necessary to create and manage your account:

  • Basic profile info: Name, email address, profile picture

Important: Through Google sign-in, we do not access your Gmail, Google Drive, Calendar, or other Google services beyond the basic profile above.

C. Clinical & Session Data

When a practitioner uses MyKaya to record and document sessions, we process the session audio, transcripts, and notes generated from them on the practitioner's behalf and on their instructions, to provide and operate the service. For this data, MyKaya acts as a Data Processor and the practitioner is the controller. We never sell this data, and we never share clinical session content with advertisers or data marketplaces.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Create and manage your MyKaya account
  • Allow you to log in securely without creating a new password
  • Personalize your account (e.g., display your name and profile picture)
  • Improve website performance and user experience through analytics
  • Communicate with you about service updates

Third-Party Service Providers

We work with trusted third-party providers to deliver our services:

  • Vercel: Website hosting and analytics
  • Stack Auth: Authentication infrastructure provider (configured with Google SSO)
  • Google: Authentication services

We do not use this information for marketing purposes or share it with third parties, except as required by law or for technical support providers who maintain confidentiality.

4. Data Shared with Meta (Facebook)

We use Meta (Facebook) Pixel and Conversions API to measure the effectiveness of our advertising and improve our services.

Purpose

Advertising measurement, conversion tracking, and audience targeting.

Automatically Collected (Browser-Side)

When you visit our website, Meta automatically collects:

  • Page URLs visited on MyKaya Health
  • Device information: Browser type, operating system, screen resolution
  • IP address (approximate location)
  • Cookies: _fbp (Facebook browser ID), _fbc (Facebook click ID from ads)
  • Referrer URL (where you came from)
  • Timestamp of page visits

User Information Shared (Hashed Before Sending)

When you create an account or provide information, we share the following in hashed (encrypted) form:

  • Email address (SHA-256 hashed)
  • Phone number (SHA-256 hashed, digits only)
  • First name (SHA-256 hashed, if provided)
  • Last name (SHA-256 hashed, if provided)

Note: Hashing is a one-way encryption - Meta receives scrambled versions they can match to their database, but cannot reverse to see your actual email/phone.

Events Tracked

  • PageView: When you visit pages
  • CompleteRegistration: When you complete signup
  • Custom events: When you save your mobile number

What's NOT Shared

We do not share any patient health information, clinical data, or therapy session content with Meta. Specifically:

  • Patient/client data (names, session notes, transcripts)
  • Audio recordings
  • Clinical information
  • Payment details
  • Passwords or authentication tokens

Data Retention

Meta retains this data according to their Business Tools Terms and Data Policy.

Your Rights

You can:

For more information about how Meta uses this data, please review Meta's Data Policy.

We never sell, rent, or trade your data or your clients' data. The advertising measurement described above uses only limited hashed account identifiers (such as name, email, and phone) and never clinical or session data.

5. Data Security

MyKaya implements reasonable security measures to safeguard your personal and confidential information from unauthorized access, disclosure, or misuse. These measures include, but are not limited to, access controls and data storage practices. However, please note that no online platform, server, or transmission over the internet is completely secure. While we strive to protect your information, MyKaya cannot guarantee absolute security of data transmitted or stored through our systems. For additional information regarding user responsibilities, limitations of liability, and general conditions of use, please review our Terms & Conditions.

6. Data Retention and Deletion

We retain personal data only as long as necessary for the purposes outlined in this policy:

  • Account data: Until you delete your account or request deletion
  • Session data: Retained on the practitioner's instructions and deleted on account deletion or verified request, subject to any retention required by law
  • Analytics data: Aggregated and anonymized data may be retained for service improvement

We retain personal data only as long as necessary. You can request deletion of your account and associated data by emailing team@mykaya.app with the subject "Data Deletion Request."

7. Your Rights & Grievance Officer

Depending on where you live and the laws that apply (including India's Digital Personal Data Protection Act, 2023), you may have the right to:

  • Access a summary of the personal data we hold about you
  • Request correction or completion of inaccurate or incomplete data
  • Request deletion of your personal data, subject to legal retention requirements
  • Withdraw consent you have previously given
  • Raise a grievance about how your data is handled

Where MyKaya processes session data on a practitioner's behalf as a Data Processor, requests relating to a client's session data are directed to the practitioner, who controls that data; we will assist the practitioner in responding. For account data that we control, you can exercise these rights with us directly.

Grievance Officer: You can reach our Grievance Officer for any question, request, or complaint about your personal data by emailing grievance@mykaya.app with the subject "Data Grievance."

8. Children's Privacy

The Service is not intended for children under 13, and we do not knowingly collect information from them.

9. Changes to This Privacy Policy

MyKaya reserves the right to modify, update, or change this Privacy Policy at any time at our sole discretion without prior notice. Changes will be posted on this page with an updated effective date. Your continued use of the platform after any such changes constitutes your acceptance of the updated Privacy Policy.

10. Contact Us

For questions about this policy or your data, email us at team@mykaya.app.