Privacy Policy

Last updated :

June 2025

Maunda Privacy Notice (2025 Edition)

This Privacy Notice for Maunda ("we," "us," or "our") describes how and why we collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including but not limited to:

The Maunda mobile application (the "App")
Our websites, portals, or associated digital services
Counseling, coaching, or wellness services accessed through our platform
Any communication, interaction, or content submission involving Maunda

By using our Services, you agree to the terms of this Privacy Notice. If you do not agree with our policies and practices, you should not use our Services.

If you have any questions or concerns about how your data is handled, please contact us at: Email: info@maunda.com
Phone: (804) 617-2498
Mail: 1228 Providence Knoll Drive, North Chesterfield, VA 23236, USA

Summary of Key Points

This summary highlights important details from our full Privacy Notice. For complete information, refer to the Table of Contents or follow the relevant links.

What personal information do we process? We collect personal, wellness, and clinical information depending on how you interact with our Services. [Learn more about what we collect.]
Do we process any sensitive personal information? Yes. We process health-related data (Protected Health Information or PHI) for users engaging in counseling or coaching. [Learn more about sensitive data.]
Do we receive any information from third parties? Yes. We may receive information from integrated services like GetHealthie, Stripe, Firebase, or social platforms. [Learn more about third-party sources.]
How do we process your information? We use your information to deliver services, maintain security, personalize content, manage clinical workflows, and fulfill legal obligations. [Learn more about how we use your data.]
When and with whom do we share your information? We share data only as necessary—with licensed providers, payment processors, integrated service platforms, and in legal circumstances. [Learn more about data sharing.]
What are your rights? Depending on your location, you may have rights such as access, correction, deletion, and restriction of your personal information. [Learn more about your rights.]
How do you exercise your rights? You can submit a data access or deletion request at any time by contacting info@maunda.com. We will review all requests in accordance with applicable laws.

Want to learn more about how we handle your information? Continue reading the full Privacy Notice below.

Maunda Privacy Policy – Table of Contents

Introduction
What Information We Collect
How We Collect Information
How We Use Your Information
Legal Grounds and Regulatory Compliance
How We Share Information
Your Rights and Choices
How We Protect Your Information
Data Retention
Children’s Privacy
Cookies and Analytics
AI Use and Automated Processing
Third-Party Links and Embedded Content
Biometric and Sensitive Data (if applicable)
Data Breach Notification Policy
International Users
Changes to This Privacy Policy
Contact Us

1. Introduction

Welcome to Maunda. Your privacy is important to us, and we are committed to safeguarding your personal information with transparency, integrity, and care. This Privacy Policy explains how Maunda (“we,” “us,” or “our”) collects, uses, stores, shares, and protects your information when you interact with our Services.

Our Services include, but are not limited to:

The Maunda mobile application (“App”)
Our websites and associated digital platforms
Integrated wellness tools (e.g., affirmations, journaling, meditation)
Community-based features (e.g., Uplift feed, messaging, supporter system)
Counseling and coaching services accessed through our integration with GetHealthie
Any content, communication, or data you voluntarily provide while using the platform

This Privacy Policy applies to all users, including clients, providers, instructors, guests, and administrators who engage with Maunda.

1.1 Purpose of This Policy

The purpose of this Privacy Policy is to inform you about:

What types of data we collect (personal, wellness, clinical, technical)
How and why that data is processed
With whom the data may be shared
Your legal rights regarding your personal information
How you can manage, correct, or delete your data

We encourage you to read this policy carefully. If you have questions or concerns, you can contact us at info@maunda.com.

1.2 Applicability and Scope

This Privacy Policy applies globally, including in jurisdictions with enhanced privacy protections such as the United States (including HIPAA and CCPA), the European Economic Area (GDPR), Canada (PIPEDA), and other applicable laws. Specific rights and obligations may vary depending on your location and the nature of your engagement with the platform (e.g., client vs. provider).

1.3 Consent and Acceptance

By accessing or using Maunda’s Services, you consent to the collection and processing of your personal data as described in this Privacy Policy. If you do not agree with our practices, you should not use the Services.

Minors under the age of 18 may only use Maunda under the supervision and consent of a parent or legal guardian. If you are a parent or guardian allowing a minor to use the platform, you agree to this policy on their behalf.

2. What Information We Collect

Maunda collects a variety of information to provide a personalized, secure, and compliant experience for all users. The type and amount of data we collect depends on how you interact with the platform, your account type, and the features you use.

We collect the following categories of information:

2.1 Personal Information

Information that can directly identify you, including:

Full name
Email address
Phone number
Date of birth
Username or display name
Profile photo and bio
Device ID and IP address
Location data (if enabled)

2.2 Health and Clinical Information

When you access counseling, coaching, or wellness services, we may collect health-related data (“Protected Health Information” or PHI), including:

Intake forms and assessments
Session notes and treatment plans
Insurance information and billing data
Communication with providers
Appointment history and provider preferences
Mental health status, goals, and progress indicators

This information is stored and managed through our HIPAA-compliant partner platform, GetHealthie.

2.3 Wellness and Engagement Data

To support personalized wellness experiences, we may collect:

Mood entries and check-ins
Journal entries and reflection responses
Goal tracking and habit progress
Daily affirmation responses
Engagement with meditations, articles, or prompts
Feedback or survey responses

This information is used to power your personalized dashboard and improve platform recommendations.

2.4 User-Generated Content

If you post, share, or interact socially on the platform (e.g., Uplift feed, comments, messaging), we collect:

Shared posts, captions, and media (photos/videos)
Replies, likes, and interaction history
Direct messages with other users or supporters
Supporter connections and invitation data

2.5 Technical and Usage Data

To improve functionality and ensure performance, we may automatically collect:

Device type, operating system, and browser type
App version and feature usage
Session duration, crash logs, and error reports
Navigation behavior within the App
Referral source or install channel

2.6 Information from Third Parties

We may also receive information from:

GetHealthie (clinical and intake data)
Stripe (payment and transaction data)
Firebase or analytics tools (usage metrics)
Social platforms (if you use integrated sharing features)
Public databases or partner networks (with consent or legal basis)

All information collected is handled in accordance with our Privacy Policy and applicable data protection laws. You can control or limit many types of data collection through your device settings, in-app preferences, or by contacting info@maunda.com.

3. How We Collect Information

Maunda collects information from you in multiple ways—some directly, some automatically through your use of the platform, and some via third-party integrations. This section outlines the methods and touchpoints through which data is gathered.

3.1 Information You Provide Directly

We collect information when you:

Create or update your Maunda account
Fill out your profile, intake forms, or assessments
Schedule or attend a session with a provider
Submit journal entries, mood check-ins, or wellness goals
Post content to the Uplift feed or message other users
Request support or contact us directly (e.g., email or in-app support)
Respond to surveys, feedback forms, or participate in promotions

This information is voluntary but may be required to access specific features or services.

3.2 Information Collected Automatically

We automatically collect certain technical and usage information when you interact with the App or our website, such as:

Device type, operating system, and IP address
App version, screen views, and button clicks
Crash logs, error reports, and session durations
Behavioral patterns such as time of use, navigation flows, and engagement with content
Location data (if permissions are granted)

This is done using cookies, SDKs, analytics tools (e.g., Firebase), and server logs to help us improve platform performance and user experience.

3.3 Information from Counseling or Coaching Services

If you engage with Maunda’s integrated mental health services via GetHealthie, we collect:

Your intake and consent documentation
Session data, provider notes, and treatment history
Communication with your provider (e.g., secure messages, shared documents)
Billing and insurance information submitted through the client portal

This information is protected under HIPAA and only accessible to authorized clinical staff and supervisors.

3.4 Information from Third-Party Tools and Services

We may receive information from third parties, including:

GetHealthie (clinical data and scheduling information)
Stripe (billing, payment, and refund data)
Firebase or Mixpanel (analytics and device data)
Social login providers (e.g., if you sign in using Google or Apple)
External health or wellness partners (only with consent)

These sources help us enhance functionality, personalize your experience, and ensure secure service delivery.

You can manage or restrict data collection through device permissions, in-app settings, or by contacting us at info@maunda.com.

4. How We Use Your Information

Maunda uses the information we collect to deliver safe, personalized, and effective wellness and mental health services. We process your information only when we have a valid legal basis, as outlined in Section 5. Below are the primary purposes for which we use your information:

4.1 To Provide and Maintain the Services

We use your information to:

Create and manage your account
Facilitate access to wellness tools and community features
Deliver personalized experiences, including daily affirmations, mood prompts, and content suggestions
Schedule, deliver, and document therapy or coaching sessions
Maintain clinical records in compliance with HIPAA and relevant licensing laws

4.2 To Facilitate Secure Counseling and Coaching

For users engaging in therapeutic or coaching services, we use your information to:

Complete intake and consent documentation
Match you with a suitable provider or supervisee
Track session attendance, treatment progress, and care coordination
Send appointment confirmations, reminders, and post-session follow-ups
Ensure that clinical supervision and oversight are appropriately documented

4.3 To Improve the Platform and User Experience

We analyze anonymized and aggregated usage data to:

Understand feature engagement and user behavior
Identify technical issues and monitor system performance
Improve existing features and develop new tools
Conduct internal audits and quality assurance reviews
Ensure accessibility and performance across devices and user groups

4.4 To Communicate With You

We may use your contact and engagement information to:

Send essential account notifications, reminders, or updates
Respond to support requests or questions
Deliver educational materials, announcements, or feedback surveys
Notify you about platform changes, feature launches, or legal updates
Deliver personalized messages like mood insights or goal reminders

You may opt out of non-essential communications at any time through your settings or by emailing info@maunda.com.

4.5 For Security, Safety, and Fraud Prevention

We use technical and behavioral data to:

Detect, investigate, and prevent fraudulent activity or policy violations
Monitor platform integrity and enforce Community Standards
Protect user data, prevent account compromise, and manage access control
Respond to reports of harmful content, harassment, or threats

4.6 To Comply with Legal Obligations

We may use or disclose your information when legally required, including to:

Respond to valid court orders, subpoenas, or law enforcement requests
Fulfill obligations under HIPAA, GDPR, CCPA, and similar regulations
Maintain proper clinical documentation and retention standards
Investigate suspected abuse or safety risks

4.7 With Your Consent

In limited cases, we may process your information based on explicit consent, such as:

Publishing testimonials or spotlight stories
Sharing select de-identified data for research or product development
Participating in beta features or external integrations

You may withdraw your consent at any time.

5. Legal Grounds and Regulatory Compliance

Maunda processes your personal information only when we have a valid legal basis to do so, in accordance with applicable data protection and healthcare privacy laws. These laws include, but are not limited to, the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and similar global and state-level frameworks.

5.1 Legal Bases for Processing (GDPR-Compliant)

If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction that requires a lawful basis for processing, we rely on the following legal grounds:

Consent – When you voluntarily provide data, such as affirmations or journal entries, or opt in to optional features
Contractual Necessity – To provide services you request, such as therapy sessions, profile management, or communication features
Legal Obligation – To comply with regulations including HIPAA (e.g., clinical recordkeeping, supervision documentation)
Legitimate Interests – For non-intrusive activities such as platform analytics, app improvements, and fraud detection
Vital Interests – To protect your life or safety in a crisis or emergency situation

5.2 HIPAA Compliance (U.S. Users)

If you use Maunda to access counseling or coaching services, your health information is protected under HIPAA. This means:

Your data is stored and transmitted through HIPAA-compliant systems (e.g., GetHealthie)
Only authorized clinicians and supervisors can access your clinical data
Your health information is not shared without your consent, except when legally required or in an emergency
You may request access to your clinical records in accordance with HIPAA procedures

5.3 CCPA Compliance (California Residents)

If you reside in California, you have additional rights under the California Consumer Privacy Act, including the right to:

Know what personal information we collect and why
Request a copy of your data (access)
Request deletion of your data, subject to legal limitations
Opt out of certain types of data sharing
Receive equal service even if you exercise your privacy rights

Maunda does not sell personal information and only shares data with service providers for necessary business operations.

5.4 Cross-Border Data Transfers

Our Services may be operated from servers in the United States and other locations. By using Maunda, you consent to your information being transferred to and processed in countries outside of your own, including the U.S., which may have different data protection standards than your home jurisdiction.

We ensure that appropriate safeguards are in place for international transfers, including standard contractual clauses when required.

6. How We Share Information

Maunda respects your privacy and shares your information only when necessary to operate our Services, fulfill legal obligations, or with your explicit consent. We do not sell your personal information under any circumstances.

6.1 Sharing with Licensed Providers and Supervisors

If you engage in counseling or coaching through Maunda, we may share relevant information with:

Your assigned therapist, coach, or supervised provider
Licensed clinical supervisors for oversight and documentation review
Maunda’s clinical operations team to coordinate care and ensure quality

This information is limited to what is necessary for treatment and is stored securely via HIPAA-compliant platforms.

6.2 Sharing with Third-Party Service Providers

We work with trusted third-party partners who help us deliver and improve our Services. These include:

GetHealthie – for clinical documentation, scheduling, and telehealth delivery
Stripe – for secure payment processing
Firebase, Mixpanel, or similar tools – for performance monitoring and analytics
Communication vendors – for email, SMS, and push notifications

Each provider is contractually required to protect your data and use it only for the purpose of delivering their services to Maunda.

6.3 Sharing in Legal or Emergency Situations

We may share your information when required to:

Comply with applicable laws, court orders, or subpoenas
Cooperate with law enforcement or regulatory bodies
Respond to threats of harm, abuse, or safety concerns (e.g., risk to self or others)
Protect the legal rights, safety, or property of Maunda, its users, or the public

In emergency situations, we prioritize user safety and act swiftly to involve the appropriate authorities or support systems.

6.4 Sharing Aggregated or De-Identified Data

We may share anonymized, aggregated, or de-identified data for purposes such as:

Platform performance and user behavior analysis
Research, reporting, and public health insights
Developing or enhancing features based on user trends

This data does not include personally identifiable information and cannot be linked back to any individual user.

6.5 Sharing with Your Consent

We may share your information for other purposes if you give us explicit consent, such as:

Publishing a user testimonial
Collaborating on wellness or research initiatives
Integrating with a third-party app or wearable you authorize

You may withdraw consent at any time by contacting info@maunda.com.

7. Your Rights and Choices

We believe you should have control over your personal information. Depending on your location, your relationship to Maunda, and applicable laws (such as GDPR, CCPA, or HIPAA), you may have the following rights regarding your data:

7.1 Right to Access

You have the right to request access to the personal data we hold about you. This includes clinical records, account information, and usage history, where applicable.

7.2 Right to Correct or Update

You can request that we correct or update any inaccurate or incomplete information in your account or health record.

Profile information can be updated directly in the app
Clinical or session-related data must be corrected through your provider or support team

7.3 Right to Delete (Right to Be Forgotten)

You may request deletion of your data at any time, subject to the following limitations:

Clinical records may be retained for the legally required period (e.g., 7 years under HIPAA)
Some data may be retained for fraud prevention, legal compliance, or essential platform functionality
If you delete your account, some anonymized usage data may still be retained for system integrity

To initiate deletion, contact info@maunda.com.

7.4 Right to Object or Restrict Processing

You can object to or request limits on how we use your data, particularly for:

Direct marketing
Data analytics
Cross-platform usage tracking

Note: Exercising this right may limit some app functionality.

7.5 Right to Data Portability

You may request a copy of your personal data in a machine-readable format for transfer to another service, subject to applicable laws and security checks.

7.6 Right to Withdraw Consent

If we rely on your consent to process certain data, you may withdraw that consent at any time. This will not affect prior lawful processing.

7.7 Right to Non-Discrimination (CCPA)

Exercising your privacy rights will not result in denial of service, increased pricing, or reduced app functionality—unless the functionality itself depends on that data (e.g., removing access to health services if clinical data is deleted).

7.8 How to Exercise Your Rights

To make any of the requests outlined above, you can:

Submit a request via email: info@maunda.com
Use any in-app privacy or settings features available
Request help through your provider or the support team

We will verify your identity before processing your request and respond within a legally required timeframe (usually within 30 days).

8. Data Retention

Maunda retains your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with legal obligations, resolve disputes, enforce agreements, and maintain the integrity of our Services.

8.1 General Retention Periods

We retain different categories of data for varying lengths of time based on their purpose and legal requirements:

Account Data: Retained while your account is active and for up to 3 years after deactivation, unless you request deletion earlier.
Wellness & Engagement Data: Retained for up to 2 years from last activity to support personalized experiences and service continuity.
Technical Data: Retained as long as necessary for diagnostics, performance monitoring, and security (usually no longer than 12–18 months).
Support Interactions: Retained for at least 12 months for audit and customer service records.

8.2 Clinical and Health Record Retention (HIPAA)

For users who engage in counseling or clinical services via Maunda:

Protected Health Information (PHI) is retained in compliance with HIPAA, state regulations, and professional guidelines.
In most states, clinical records are retained for a minimum of 7 years after the last session (or longer for minors).
Requests for copies or transfers of clinical records must be submitted in writing and are subject to verification.

Clinical data is stored securely through our HIPAA-compliant platform partner, GetHealthie, and only accessible to authorized providers, supervisors, and operations staff.

8.3 Data Deletion and Anonymization

When retention periods expire, or when you request deletion (as permitted by law), we:

Delete or de-identify your data from active systems
Anonymize any data used for research or analytics
Remove access to deleted records from all interfaces
Retain minimal backup copies for legal or audit purposes, encrypted and access-controlled

If you have questions about how long a specific type of data is retained or want to request deletion, please contact us at info@maunda.com.

9. Data Security

Maunda is committed to protecting the privacy and security of your information through robust administrative, technical, and physical safeguards. While no system is entirely immune to risk, we take industry-standard measures to reduce the likelihood of unauthorized access, loss, or misuse of your data.

9.1 Security Measures We Use

We implement the following safeguards:

HIPAA-Compliant Infrastructure: Clinical and health data is stored through GetHealthie, a fully HIPAA-compliant platform.
End-to-End Encryption: Sensitive data in transit and at rest is encrypted using TLS 1.2+ and AES-256 protocols.
Access Controls: Data access is role-based and limited to authorized personnel only.
Secure Authentication: Passwords are encrypted and optionally protected by two-factor authentication (2FA) when available.
Regular Security Testing: We conduct internal audits, vulnerability assessments, and penetration testing on a regular basis.
Monitoring and Alerts: We use automated tools to detect suspicious activity and alert our security team of anomalies.
Secure Data Backups: Encrypted backups are created regularly and stored in isolated environments to ensure recovery if needed.

9.2 User Responsibilities

While we prioritize security on our end, you also play a role in protecting your data:

Use a strong and unique password for your Maunda account
Do not share your login credentials with others
Log out of your account when using shared devices
Notify us immediately at info@maunda.com if you suspect unauthorized access

9.3 Security Breaches and Notifications

In the unlikely event of a data breach involving your personal information:

We will notify you promptly via in-app message, email, or other required means
We will provide details about the nature of the breach, what data was affected, and what steps you can take
We will comply with breach notification laws, including those mandated by HIPAA, GDPR, and applicable state or national laws

We take data protection seriously and continually work to improve our safeguards. If you have questions or concerns about security, reach out at info@maunda.com.

10. Children’s Privacy

Maunda is committed to protecting the privacy of children and complying with all applicable laws, including the Children’s Online Privacy Protection Act (COPPA) in the U.S. and similar international regulations.

10.1 Minimum Age Requirement

Our Services are intended for users who are at least 13 years old. Users under 18 must have the consent and supervision of a parent or legal guardian to use the platform. No user under 13 may create an account or submit personal information unless authorized under a verified parental or educational exception.

10.2 Parental or Guardian Consent

If a user is between the ages of 13 and 17, we may collect and process personal information only if:

A parent or legal guardian has provided verifiable consent
The consent was obtained through a supervised onboarding process
The use of clinical or coaching services is done with oversight from a licensed adult provider

Parents or guardians may request to review, update, or delete the child’s data by contacting us at info@maunda.com.

10.3 Limited Data Collection for Minors

For any minor user (under 18), we limit data collection to only what is necessary to provide the Services. This may include:

Name or nickname
Age or birth year
Parent/guardian contact information
Mood tracking, journaling, and goal-setting data
Communication history with their provider or support staff

We do not knowingly collect biometric, geolocation, or payment data from users under 13.

10.4 If We Learn of Unauthorized Use

If we become aware that we’ve collected personal data from a child under 13 without verified consent:

We will promptly delete the information from our records
We will notify the parent/guardian (if identifiable)
We will investigate how the data was submitted and strengthen protections as needed

Maunda takes children’s privacy seriously. If you believe we have collected data from a child inappropriately, please contact us immediately at info@maunda.com.

11. Cookies and Analytics

Maunda uses cookies and similar technologies to enhance user experience, analyze platform usage, and improve service performance. We are committed to transparency about how and why we use these tools.

11.1 What Are Cookies?

Cookies are small data files stored on your device when you visit or interact with our Services. They allow us to remember your preferences, maintain session states, and gather information about user interactions for analytics purposes.

Types of cookies we may use include:

Essential Cookies: Required for core functionality (e.g., login, session management)
Performance Cookies: Help us understand how users engage with the app and identify technical issues
Preference Cookies: Store your settings like theme, language, and notification preferences
Analytics Cookies: Used by tools like Google Analytics or Mixpanel to track usage trends
Security Cookies: Help detect fraud and protect your account

11.2 Mobile Identifiers and App Tracking

In addition to cookies, Maunda may use mobile identifiers (e.g., Apple’s IDFA or Android’s AAID) and software development kits (SDKs) to analyze behavior within the mobile app. These help us:

Track app installations and engagement
Understand feature usage
Detect crashes or errors
Monitor marketing campaign effectiveness

You may control app tracking settings through your mobile device preferences.

11.3 Third-Party Analytics and Tools

We may use third-party services such as:

Google Analytics
Mixpanel
Firebase Analytics

These tools help us understand aggregated usage patterns but do not identify individuals unless explicitly linked with user actions (e.g., through login or survey data). All third parties are contractually obligated to protect your information.

11.4 How to Manage Your Preferences

You can manage your cookie and tracking preferences by:

Adjusting settings in your web browser (for web-based services)
Updating tracking permissions in your mobile device settings
Using in-app toggles (where available) to opt out of specific types of tracking
Emailing info@maunda.com with a request to restrict data use

Please note: Disabling certain cookies may impact the functionality of some features.

12. AI Use and Automated Processing

Maunda uses artificial intelligence (AI) and limited forms of automated processing to enhance your experience, support wellness features, and improve platform efficiency. We are committed to transparency, fairness, and responsible AI practices.

12.1 How AI Is Used on the Platform

AI technologies may support the following features:

Wellness Chatbot: A non-diagnostic, supportive chatbot for encouragement, journaling prompts, and wellness reflection
Content Personalization: Recommending affirmations, mindful questions, or community posts based on your usage trends and mood tracking
Mood Insights: Surface patterns in your self-reported emotional states over time to support awareness and goal setting
Usage Optimization: AI tools may help identify drop-off points, app performance issues, or preferred user flows

No AI tool used by Maunda provides medical diagnoses, clinical decision-making, or therapeutic advice.

12.2 Human Oversight and Safeguards

All AI-generated interactions are clearly marked and never substitute for licensed care. Users are given the option to:

Exit the chatbot and request human support
Turn off personalized suggestions
Provide feedback or flag inappropriate AI behavior

AI tools are reviewed and refined by Maunda’s human wellness and technology teams.

12.3 Automated Decision-Making

Maunda does not engage in automated decisions that have legal or similarly significant effects on users, such as:

Eligibility for care
Provider matching without input
Behavioral predictions leading to suspension or restriction

All critical decisions are made or verified by a human.

12.4 Data Used for AI

AI features are trained or tuned using:

Anonymized usage data (e.g., mood trends, feature use)
Aggregated system data
Optional inputs you provide (e.g., journaling, responses to prompts)

No biometric, financial, or clinical records are used to train AI models unless explicitly consented to and de-identified.

12.5 User Controls and Opt-Out

You may opt out of non-essential AI features by:

Adjusting your settings in the app
Contacting us at info@maunda.com
Disabling suggestions or muting the chatbot when available

We are continually refining our AI systems to ensure ethical, human-centered use that prioritizes your autonomy and privacy.

13. International Users and Data Transfers

Maunda is based in the United States, but we welcome users from around the world. If you access our Services from outside the U.S., you acknowledge and agree that your information may be transferred to, stored in, and processed in jurisdictions—including the United States—where data protection laws may differ from those in your home country.

13.1 Cross-Border Data Transfers

When you use our Services, your personal information may be transferred to servers and third-party service providers located in countries such as:

The United States (primary data storage and hosting)
Countries where our subprocessors operate (e.g., for analytics or communication tools)

We take reasonable measures to ensure your data remains protected, including:

Standard Contractual Clauses (SCCs) for data transfers governed by the GDPR
Data Processing Agreements (DPAs) with all service providers
Technical and organizational safeguards (encryption, limited access, audits)

13.2 Users in the European Economic Area (EEA), United Kingdom, and Switzerland

If you are located in the EEA, UK, or Switzerland, we ensure that:

Your personal data is processed in accordance with applicable data protection laws (e.g., GDPR, UK GDPR)
Your rights as a data subject are respected
Transfers to the U.S. or other non-EEA countries are conducted using legally approved mechanisms

You may contact info@maunda.com to request more details about our cross-border safeguards.

13.3 Users in Other Jurisdictions

Maunda strives to comply with regional privacy frameworks, including:

PIPEDA (Canada)
LGPD (Brazil)
Australian Privacy Act
Other national or provincial laws where applicable

We will honor valid requests to access, correct, or delete your data according to local law, and will continue adapting our practices as privacy regulations evolve globally.

If you are an international user and have questions or concerns about how your data is handled, please email us at info@maunda.com.

14. Third-Party Services and Links

Maunda may contain links to or integrate with third-party services, tools, and platforms that are not operated or controlled by Maunda. These may include clinical service tools, payment processors, meditation content partners, or external community resources.

14.1 Third-Party Platforms We Use

We may share your data with or allow access to certain third-party services that are essential to delivering the Maunda experience, such as:

GetHealthie – for clinical documentation, telehealth, and health record management
Stripe – for secure payment processing
Firebase and Mixpanel – for app performance analytics
OpenAI – for AI-based chatbot functionality (non-clinical)

Each of these vendors has its own privacy policy and terms of service. We encourage you to review them if you interact with those services through Maunda.

14.2 External Links

Our platform may contain links to third-party websites, mobile apps, or resources for:

Mental health education
Community events or wellness tools
Crisis support or external providers

Clicking on a third-party link will take you outside the Maunda platform. We are not responsible for the content, policies, or practices of third-party sites and disclaim liability for any issues that arise from their use.

14.3 Responsibility and Data Sharing

When you engage with third-party services via Maunda, your information may be shared with them to complete the requested action (e.g., booking a session, making a payment, accessing support). These third parties are only permitted to use your information as needed to provide their service and are contractually obligated to maintain security and confidentiality.

We do not endorse or accept responsibility for third-party content or outcomes beyond the scope of our platform.

15. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our Services, technologies, legal obligations, or privacy practices. We are committed to keeping you informed and maintaining transparency in how your information is handled.

15.1 How We Notify You of Changes

When we make material changes to this Privacy Policy, we will provide clear notice to you, which may include:

In-app notifications
Email updates to your registered address
An updated date at the top of the Privacy Policy

15.2 Your Continued Use Means Consent

By continuing to use Maunda after an update is posted, you are agreeing to the revised Privacy Policy. If you do not agree with the updated terms, you should discontinue use of the Services and may request account deactivation or data deletion by contacting us.

15.3 Reviewing Previous Versions

Upon request, we will provide you with access to archived or previous versions of this Privacy Policy so you can review how your data was used at any time in the past.

To receive a copy of a prior version, please email info@maunda.com.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, your personal data, or your rights under applicable law, you may contact us at any time. We are committed to addressing inquiries promptly, transparently, and in alignment with legal requirements.

You can reach us by:

Email:
info@maunda.com

Phone:
+1 (804) 617-2498

Mailing Address:
Maunda
1228 Providence Knoll Drive
North Chesterfield, VA 23236 United States

If you are contacting us with a data request (e.g., access, correction, deletion), please include enough information for us to verify your identity and process your request securely.

This concludes the Maunda Privacy Policy. Let me know if you'd like a full compiled version, formatting assistance, or a version tailored for web or mobile display.

17. Biometric and Sensitive Data

Maunda takes the protection of sensitive data seriously and does not collect or store biometric information unless explicitly stated, legally required, and consented to by the user.

17.1 Biometric Data

As of this policy’s effective date, Maunda does not collect, use, or store any biometric identifiers or biometric information (e.g., facial recognition, fingerprints, voiceprints, or health biometrics) through its app or platform.

If future features introduce biometric capabilities (e.g., wellness tracking through wearables), we will:

Provide a clear explanation of what is collected
Obtain written informed consent before activation
Ensure compliance with all applicable biometric privacy laws, including the Illinois Biometric Information Privacy Act (BIPA) and similar regulations

17.2 Sensitive Personal Information

We do not collect sensitive categories of personal information by default. However, if you choose to share the following through journaling, goal setting, or therapy-related features, it may be stored securely:

Racial or ethnic origin
Religious or philosophical beliefs
Sexual orientation or gender identity
Health or mental health conditions
Information about your emotional well-being
Information provided during therapy or coaching sessions

Such data is:

Encrypted at rest and in transit
Accessed only by authorized personnel under HIPAA or supervisory guidelines
Never sold, profiled for advertising, or used without your active engagement

17.3 Consent and Control

If you interact with any feature that may involve sensitive or special category data, you have the right to:

Opt out of providing such data
Request that it be deleted
Ask how it is being used or stored
Revoke consent at any time

For questions about how sensitive data is handled, please contact us at info@maunda.com.

Let me know when you're ready to continue with the final section: Section 18: Data Breach Notification Policy.

18. Data Breach Notification Policy

Maunda is committed to safeguarding your information and maintaining transparency in the event of a data breach. While we implement strong security measures, we have a clear protocol in place to notify affected individuals and regulatory bodies if a breach occurs.

18.1 What Constitutes a Breach

A data breach includes unauthorized access, disclosure, alteration, or destruction of personal data. This may involve:

Loss or theft of devices containing user data
Unauthorized access to health or account information
Malware, phishing, or system compromise leading to exposure
Accidental data sharing due to technical or human error

18.2 Notification Timeline

In accordance with applicable laws (e.g., HIPAA, GDPR, and state-level privacy acts), Maunda will:

Notify affected individuals without unreasonable delay, and no later than required by law (e.g., within 72 hours under GDPR, 60 days under HIPAA)
Notify regulators or authorities where legally required
Describe the nature and extent of the breach, including what information was involved

18.3 Notification Method

We will notify you through:

Email (to your registered address)
In-app notification (if feasible)
Additional public notice if contact information is unavailable

18.4 What We’ll Include

Our breach notification will explain:

What happened and when
What data was affected
What we are doing in response
What steps you should take
How to contact us for support

18.5 Post-Breach Support

If affected, you may:

Request a full account of your data that may have been compromised
Access identity protection resources (if provided)
Contact info@maunda.com for updates, support, or to request deletion of your data

Maunda’s internal breach response team conducts root cause analysis, remediation, and future risk mitigation in all cases. We also log all breach events for legal and auditing purposes.

Terms and Conditions