Version Effective Date: October 3, 2023

Mahana Health Data Consent & Product Privacy Notice

Health Data Consent

By using the Mahana program, I acknowledge and consent to the following:

  • I consent to the use of my email and/or SMS to receive reminder therapy emails and other product-related communications. I confirm that the mobile number provided is my own and I authorize communications, which may be automated and are optional. Charges may apply.
  • I understand that Mahana collects Personal Data as well as Sensitive Data related to my health and the provision of health services. I consent to the collection of my Personal Data and Sensitive Data for the uses described in this Notice or I will not proceed further with this product.
  • I understand and consent to Mahana sharing with my health care provider information regarding my treatment, including without limit,  progress milestones for prescription health programs, status of my prescription, whether I fulfilled a prescription or started a Mahana program, my progress through the therapy, how often I use a Mahana program, and aggregated outcomes data (e.g., assessment scores). I understand that I can work through the Mahana program at  my own pace within the total time allotted.
  • I understand that Mahana products are not emergency programs. If I am feeling very distressed or need immediate help, I will contact friends or family who can help, or my doctor, or I will refer to the Help section of the app, which outlines more information. If I am having a mental health crisis, I will text the Crisis Text Line at 741741 or I will call the National Suicide Prevention Lifeline at 1-800-273-8255. If I am having a mental health or medical emergency and I need immediate help, I will contact 911.

By clicking or tapping on the button for the intake screen, you acknowledge that you agree to this Mahana Health Data Consent & Product Privacy Notice. Information on exercising your privacy rights (including withdrawing consent) is described in the Product Privacy Notice below. To exercise your privacy right, see Mahana’s Data Subject Portal.

Product Privacy Notice Overview

This digital health product is provided by Mahana Therapeutics, Inc. in the United States (Mahana US, collectively known as ‘Mahana’).

This Privacy Policy describes how Mahana collects, receives, uses, retains, and discloses Personal Data and Sensitive Personal Data of users (also ‘you,’ ‘your’ or ‘patient’). Personal Data includes information about you that is personally identifying such as your name, email address, and phone number and which is not otherwise publicly available, as well as information that can be used to directly identify you, or information that is maintained together with information that can be used to directly identify you. Sensitive Personal Data includes information about your health and medical care. Only the legal definition of Personal Data and Sensitive Personal Data (collectively ‘Personal Data’) that applies to your location will apply to you under this Privacy Notice.

Mahana works with hospitals, clinics, practices, or other medical groups, healthcare providers (including telehealth providers), pharmacies, and healthcare systems to prescribe and/or, with your consent, monitor progress for digital health products by their respective patient populations (‘Clinical Partners’). For US users of prescription digital products, Personal Data collected in connection with your use of Mahana products may be shared with your health plan and ePharmacy to dispense and reimburse for the product and/or associated services.

What Personal Data or information will Mahana collect?

The Mahana programs are provided through a website or mobile applications. To use the application (or ‘app’), you will need to register for an account.

This means that we also may ask for the following Personal Data during the sign-up process:

  • Your full name
  • Your email address
  • Your date of birth
  • Your location
  • Your telephone number
  • Your mobile number to receive SMS messages (optional)
  • Your demographic information
  • Your condition-related or general clinical information

We may additionally collect insurance information, such as your insurance ID number.

To help you understand if Mahana products are right for you, or to monitor your health and how you are doing on a program, Mahana will have you complete self-reported questionnaires about your health and other diagnostic information. There are also interactive tasks within Mahana, where you may record personal notes. The type of information collected is dependent on the information  you provide to answer the associated questions.

Additionally, if you contact us by email at support@mahana.com, mahanacare@mahana.com, or any other Mahana email address, we will collect your name, contact information, recording of the call (with your consent), or the content of your message.

What additional Personal Data is collected automatically?

When you use Mahana programs or websites, we or our third-party service providers may automatically receive and record certain data. For example, this may include your device’s IP address, user-agent string, or internet activity; commercial data, such as records of services procured and information about how you use Mahana products or services during your current session and over time (including tracking to the pages you view and the files you download), the date and time of your visit, the length of time spent logged into Mahana products or services, the number and types of sessions completed, the links you click, searches you conduct, a view into the websites you may have visited before navigating to Mahana products and services, your software and hardware attributes (including browser and operating system type and version, device type, and device identifiers), your email address, and your general location inferred from IP address. To obtain such data, we or our third-party service providers may use the following technologies to recognize your device and collect usage data:

  • Server logs. When you use Mahana products and services, we automatically receive and record certain data from your computer (or other device) and your browser. To obtain such data, we may use server logs or applications that recognize your device and gather data about its online activity.
  • Cookies. We also use essential, performance, functional, and targeting Cookies when engaging with Mahana programs.
  • Web beacons, tags, pixels, and similar technologies. Mahana programs or the emails that you receive from us may use an application known as a 'web beacon' (also known as a 'tag' or 'pixel') and similar technologies. Web beacons are small strings of code that provide a method for delivering a graphic image on a web page or in an email message for the purpose of transferring data. For example, it may allow an email sender to determine whether a user has opened a particular email.

For more information on Mahana’s tracking practices, follow this link to view our Cookie Policy.

How does Mahana use my Personal Data?

Mahana and its service providers use your Personal Data for the following purposes, including to:

  • Create a user profile that is the basis of personalizing the therapy experience to you and to provide requested products and services.
  • Communicate with you as you progress through the onboarding and therapy and respond to your questions and requests for technical assistance.
  • Allow you to participate in interactive features of the prescription digital application when you choose to do so.
  • Notify you about changes to our products and services.
  • Aggregate (de-identified) data for purposes of analytics, research, product development, study publications, product utility materials, and regulatory reporting.
  • Facilitate remote monitoring of your therapy progress by your healthcare provider.
  • Respond to your request for information or comments.
  • Conduct audits, quality assurance, product/service improvement, or debugging activities.
  • Detection of security events.
  • For legal purposes as applicable by law.

With whom does Mahana share Personal Data?

We share Personal Data with third parties for a variety of reasons related to providing the digital therapeutic service, including as follows:

Clinical Partners and health plans. Your Personal Data may be accessed by Clinical Partners (as defined above) such as your healthcare providers, in order to prescribe, manage and provide you with health care services. Your Personal Data may also be shared with your health plan to manage reimbursement.

Mahana. Mahana may access Personal Data to deliver therapeutic services, technical support, or troubleshoot your account.

Mahana Care. Personal Data that we collect from you in connection with your access to and use of MahanaCare™, our optional, web-based therapeutic monitoring platform (collectively, the ‘Digital Platform’). We collect information from you both when you provide it voluntarily and automatically when you access or use Mahana’s products. We may use communication support systems, such as ActiveCampaign, to facilitate the initial participation inquiries. We may also collect personal information from your employer, health plan, and care team, which may consist of physicians and other healthcare professionals, and support personnel, including:

  • Account Registration Information. This is the Personal Data that is provided by your or collected by us to enable you to login and access your account and Mahana programs. This may include your name, address, email address, phone number, date of birth, gender, and health information. If you consent to receiving texts, you will also provide your mobile number. In addition to the uses listed in this section above, this information is used to determine your eligibility to use digital therapeutics; perform other duties as required by law; and to gather analysis, assess trends, and aggregate therapy outcomes data to your healthcare provider(s).
  • Protected Health Information. The Digital Platform may access and process PHI submitted by your care team. Our collection, use, and disclosure of PHI are governed by separate terms and conditions between Mahana and your employer, healthcare provider or health plan (‘Customers’). Your healthcare provider or health plan also must abide by its  HIPAA Notice of Privacy Practices. PHI should only be submitted through the Digital Platform as permitted or required for use of a particular digital therapeutic. The PHI we may collect may include: medical insurance details; information about physical health conditions and diagnoses; treatments for medical conditions; symptom severity details; and medications, including the dosage, timing, and frequency. PHI is collected and shared with Customers to determine your eligibility to use our products; to provide, maintain, personalize, and improve the Digital Platform; to create, maintain, and personalize your Mahana/Mahana Care accounts; to provide treatment and services to you and information about your treatment (including, without limit, details about your treatment, how often you use a Mahana program, whether you fulfilled a prescription or started a Mahana program, reports of your assessment scores, et. al.); and to aggregate (de-identify) for purposes of research, product and service development, and study publications about the benefits of our products/services.
  • Feedback. We may collect Personal Data you provide when you contact us with questions, feedback, or otherwise correspond with us online to (i) communicate with you through the Digital Platform and/or our mobile applications; (ii) respond to your questions and requests; (iii) provide customer support; and (iv) aggregate (de-identify) to share with our Customers, such as self-reported symptom severity scores of their patients during a specific time period.
  • Usage information. We collect certain usage information about you by automated means when you are using our products and this may include: information about your interactions with a Mahana product, which includes the data and time of any information you enter into and the progress through the digital application; and user content you post to the Digital Platform including messages you send and/or receive and your interactions with our customer service team. In additional to the uses listed above, this data used to optimize the display of the Digital Platform on your device; create, maintain, and personalize your account with us; provide, maintain, personalize, and improve the Digital Platform; monitor your usage of the Mahana app (which we share with your healthcare provider); allow you to participate in interactive features of the Digital Platform when you choose to do so, and help maintain the safety, security, and integrity of the Platform.

Select 3rd party vendors. Your Personal Data may also be stored and/or processed by service providers under contract with Mahana and strictly adhering to the principles of confidentiality, integrity, and accessibility. For example, Mahana uses Amazon Web Services (AWS) and Google Workspace to host and store our data, and ZenDesk to send you secure email communications in response to your questions or requests for technical assistance. Mahana also uses third parties to assist with operational and security support for the Mahana platform.

From time to time, Mahana may provide your Personal Data to select vendors for the purpose of data processing or specific functionality (e.g. analytics, operational support, or messaging like email or push notifications). Mahana only provides Personal Data to vendors that demonstrate a commitment to compliance with privacy and security laws, regulations and requirements under (as applicable) a data protection agreement and/or, for facilitating US prescriptions and insurance coverage, a business associate agreement as required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Such agreements assure that our vendors must process your Sensitive Data with the same obligations (confidentiality, integrity, accessibility) that apply to Mahana US as a data processor/importer (for UK/EU Personal Data), a business associate (for data regulated under HIPAA), or a personal health records vendor (for data regulated under US Federal Trade Commission or state privacy laws). Otherwise, and if identifiable data is not needed for a particular purpose, vendors are allowed only to process data that is pseudonymised or de-identified and aggregated, so that your identity is not disclosed.

Legal purposes. We also may use or provide your Personal Data to third parties when we believe that doing so is necessary to:

  • comply with applicable law or a court order, subpoena, or other legal process.
  • investigate, prevent, or take action regarding illegal or prohibited activities, suspected fraud, violations of our terms and conditions, or situations involving threats to our property or the property or physical safety of any person or third party.
  • establish, protect, or exercise our legal rights or defend against legal claims.
  • facilitate the financing, securitization, insuring, sale, assignment, bankruptcy, or other disposal of all or part of our business or assets.

With consent. Mahana may use your Personal Data for purposes other than those described in this Notice with your written consent, such as for text communications or marketing and advertising. However, communications with you for treatment delivery as requested by you, to inform you of similar products and services, allowing you to opt out of future communications, or other legitimate purposes, do not require consent.

External Websites. The Mahana platform may include links to other websites or resources over which Mahana does not have control (‘External Websites’). Such links do not constitute an endorsement by Mahana of those External Websites. You acknowledge that Mahana is providing these links to you only as a convenience, and further agree that Mahana is not responsible for the content of such External Websites. Your use of External Websites is subject to the terms of use and privacy policies located on those External Websites. We encourage you to read the privacy notice of any website that you visit before you provide any information to the operator of that website.

Additional information regarding collection, use, and/or sharing of my data.

In addition to any (i) Personal Data or information collected under this Notice, (ii) uses of Personal Data or information described in this Notice, or (iii) third parties with whom Mahana may share such Personal Data or information described in this Notice, Mahana may also collect, use and/or share any Personal Data or other information as described in the Mahana Website Privacy Policy. The collection, use, and/or sharing of any Personal Data or other information described in the Mahana Website Privacy Policy shall not be construed to limit any collection, use, and/or sharing of any Personal Data or other information covered by this Notice and vice versa.

Who can see what I write in Mahana programs?

Mahana will not view the content of your entries in program journals, except for the following scenarios: technical support or troubleshooting, making product improvements, or other legally required or permissible scenarios.

Where is my Personal Data kept?

Data collected via (i) the Mahana platform is held in a database managed by Mahana US and hosted by Amazon Web Services (AWS); and (ii) Customer Support is hosted by ZenDesk, both in centers located in the US and subject to appropriate data protection agreements. For further questions you may have about that, contact privacy@mahana.com. In addition, here are links to Amazon’s privacy policy and ZenDesk’s privacy notice, which you are encouraged to review.

What are my rights regarding my Personal Data?

Your Personal Data will be processed in accordance with your rights under the applicable data protection legislation. For more information on your rights and how to exercise them, including for residents in California, Colorado, Connecticut, Utah, and Virginia, see Mahana’s Website Privacy Notice. Mahana does not sell Personal Data to third parties, nor do we have any arrangement involving an exchange of value (‘consideration’) between Mahana and a third party for Personal Data obtained from users. To exercise your privacy rights, including information access and data correction and deletion, please see Mahana’s Data Subject Portal.

How can I delete my account?

For those who have created user accounts, you can request that your account be deleted either through the mobile app (Under ‘Manage Your Account’ in ‘Settings’) or by contacting Mahana Care (mahana@mahanacare.com or 1.844.624.2620). Note that, once your account is deleted, you will no longer have access to any product content or tools.

How is my Personal Data secured?

We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place commercially reasonable physical, electronic, and managerial procedures to safeguard and secure the information we collect online, such as secure server software (SSL), firewalls, multi-factor authentication, and end-to-end encryption. However, no security program is 100% secure, and thus we cannot guarantee the absolute security of your information.

Mahana’s digital health services are provided to you through your smartphone. Thus, there are steps that you should take to protect your device from unauthorized access. You can find more tips for staying safe online at National Cybersecurity Alliance and Cybersecurity and Infrastructure Security Agency.

Children

Our programs or services are not intended for children. If you believe a child who is under age 13 has provided information to Mahana, please contact us using the information provided below.

Changes to this Policy

This Privacy Notice may change from time to time, so please check back periodically to check the most recent modification date to ensure that you are aware of any changes in our processing of your Personal Data. Your continued use of Mahana products and services after any changes signifies your express, explicit, voluntary, and unambiguous consent to any such changes. If you do not agree to such changes, you must immediately stop using Mahana products and services.

Contact us about Complaints, Questions, or Notices related to this Privacy Notice

Mahana digital health programs are created by Mahana Therapeutics, Inc., on behalf of itself. You can contact us at:

Mahana Therapeutics, Inc., a Delaware corporation (6703171)

505 Montgomery St.
11th Floor
San Francisco, CA 94111
1.844.624.2620
privacy@mahana.com
support@mahana.com
mahanacare@mahana.com

You can also submit named or anonymous complaints via our Data Subject Portal. If your issue is not resolved, you can report to the applicable supervisory authority (such as the California Office of Attorney General, California Privacy Protection Agency, or Federal Trade Commission.)

Right to withdraw consent

In relation to our products, you may have given consent for Mahana to contact you by certain means as part of our digital therapy (e.g., text reminders), to send marketing materials, or to share your Personal Data with Clinical Partners. You have the right to withdraw any consent you may have previously given us at any time. If you withdraw your consent, this will not affect the lawfulness of our collecting, using and sharing of your Personal Data or Sensitive Data as contemplated up to the point in time that you withdraw your consent. Even if you withdraw your consent, we may still use your information that (i) has been fully anonymized and does not personally identify you; or (ii) that has been collected under a legal basis other than consent, to the extent such use continues to be necessary for that other purpose. If you would like to withdraw consent for further processing your Personal Data, please submit a written request to Mahana’s Data Subject Portal. For more information on other types of consents, please see Mahana’s Website Privacy Notice.

Agreement

This Health Care Data Consent & Product Privacy Notice, as well as the Mahana’s Terms of Use, comprise an agreement which takes priority over other conflicting terms, understandings, or agreements you may have or have had with regard to the subject matter covered by the combined terms. However, that being said, any terms of a later consent form signed by you will take priority over conflicting terms of consent which may reside in these combined terms.

© Copyright 2023. Mahana Therapeutics, Inc. All Rights Reserved

Mahana logoGet Mahana IBSGet Mahana Tinnitus

Programs

Company

News

mahanacare@mahana.com
Terms & Conditions
Privacy Policy
Code of Ethics & Conduct
Declaration of Compliance

© Copyright 2024. Mahana Therapeutics, Inc.  All Rights Reserved.