Privacy Policy

At NahMo, we are committed to maintaining the accuracy, confidentiality, and security of your personally identifiable information ("Personal Information"). As part of this commitment, our privacy policy governs our actions as they relate to the collection, use, and disclosure of Personal Information. Our privacy policy is based upon the values set by the Federal Trade Commission.

 

1. Introduction

We are responsible for maintaining and protecting the Personal Information under our control. We have designated an individual or individuals who is/are responsible for compliance with our privacy policy. We may update this privacy policy from time to time to keep it up to date. We will notify you viain-app notifications and on our website when we make any changes to the Privacy Policy.

2. Identifying Purposes

When you access our services via NahMo app, we collect, use, and disclose Personal Information to provide you with the product or service you have requested and to offer you additional products and services we believe you might be interested in. The purposes for which

we collect Personal Information will be identified before or at the time we collect the information. In certain circumstances, the purposes for which information is collected may be clear, and consent may be implied, such as where your name, address and payment information are

provided as part of the order process. What you write via the AI chat function with NahMo, the transcripts of your conversations are

never shared with any third-party without your express consent, except to ensure your safety and those of your loved ones. We never sell or share your data with advertisers. We may automatically log the standard usage data provided by your device. These data may

include your device’s internet protocol (IP) address, your device type and version, your activitywithin the app, time and date, and other details. Additionally, when you encounter certain errors while using the app, we automatically collect data about the error and the circumstances surrounding its occurrence. These data may include technical details about your device, what you were trying to do when the error occurred, and other technical information that may have contributed to the problem.

3. Consent

Knowledge and consent are required for the collection, use or disclosure of Personal Information except where required or permitted by law. Providing us with your Personal

Information is always your choice. However, your decision not to provide certain information may limit our ability to provide you with our products or services. We will not require you to consent to the collection, use, or disclosure of information as a condition to the supply of a

product or service, except as required to be able to supply the product or service.

4. Personal Data Collection

Our collection of your personal data is always purpose-driven. We will use it for another reason, only if compatible with the original purpose. We may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data. We may

process your personal data without your knowledge and consent, where this is required or permitted by law. The following table lists the data processing that we perform when you use the AI chat function, digital self-care tools, and services purchased from our website. The primary basis of data collection is to uphold our contract with you. As an end-user, our contract is your agreement to the Terms of Services and this Privacy Policy.

With your consent, we may collect Personal Information from you in person, over the telephone or by corresponding with you via mail, facsimile, or the Internet.

5. Data sharing with the third party

NahMo use third-party service providers to store and process your data. The security and privacy protocols of these service providers have been thoroughly assessed by us. We require that they meet the industry and legal standards of confidentiality and non-disclosure obligations. We also require that their providers (fourth parties) comply to the standards and legal requirements, and only access your data to the extent necessary to perform functions on our behalf. The following third-party service providers are used by NahMo

 

Data Types

Source

Processing Purpose

Android or Apple identifier (app-device identifier)

Collected from your device

To recognize you as a new or existing user. To create a random user identifier. Perform deletion of identifier before sharing data for analytic purposes. To associate users to their provided data to provide uninterrupted App and services. To migrate your data to a new device. To process subscription-related requests. To administer your account. To process for addressing your data rights. To comply with applicable law or regulation.

Random user identifier

Created by NahMo

To recognize you as a new or existing user. To provide App and services. To create a random truncated identifier to provide minimal data for internal analytics. To provide additional security during data transfers. To administer your account. To process your data rights.

Access or referral code

Created by NahMo and entered by you.

To send deep links to directly access the App and Institutional Services. To register you as an Institution user. To authorize access to Institution-agreed services. To provide customized App and services for referred and Institution users. To aggregate data at Institution or cohort or user level for analytics purposes. To administer your account. To process your data rights.

Nickname

Provided by you.

To personalize content on the App and services. To administer your account.

Device data (Operating system, OS version, device make and model, time-zone)

Collected from your device

To detect and prevent fraudulent use of or abuse of the service. To resolve issues. To improve App experience and use. To provide service-related information. To remind users of upcoming sessions and events.

Conversation data (free text messages, accidental identifiers submitted, Clinical questionnaires/assessment and scores, wellness data, voluntary SOS data)

(Clinical questionnaires are a proven way to track progress of your mental well-being. You have the option to not respond to these assessments)

(Wellness data include voluntarily provided special category health data. You have the option to not share any sensitive physical or mental health-related data.)

Voluntarily provided by you.

To apply our AI algorithms to wellness data to derive new data to indicate mood and emotional state. To detect context and ensure continuity in conversation. To detect medical or emergency terms to ensure safe conversations. To provide the right tool, technique and content. To provide and process the CBT Programs, the preventative programs and send program use reports back to your Institution. To detect any SOS or self-harm triggers in messages and to signpost to safety resources. To improve AI algorithm safety. To improve product and service quality and customer experience. To anonymize reports. To anonymize research and analytics data. To share app use reports back to your Institution.

Inadvertent submitted personal identifiers (names, location, contacts, email identifiers)

Voluntarily provided by you.

To take reasonable steps using third party tools, to detect and anonymize personal identifiers in end-user text messages..

Event Data (text button events, app screen events, tool events)

Events created during your use of App

To share anonymized event data with 3rd party providers for analytics purposes. To obscure the event data to not reveal sensitive information. To analyze app event data for improving product and service quality.

Communication Information (name, email Identifier, email messages, subscription receipts, feedback messages)

Voluntarily provided by you.

To respond to your inquiries, requests and feedback. To troubleshoot your issues. To provide and improve customer support services. To improve App and Services quality, safety and performance based on your feedback.

Other personal information (age-range, gender, pronouns)

Voluntarily provided by you.

To provide age, gender-appropriate content, tools and techniques. To analyze and understand age, gender/pronoun specific trends, challenges to provide appropriate support and services. To deliver content with proper pronoun endings. Where applicable, to provide gendered languages. To identify children entering the system. To inform children to read and agree to NahMo Terms and Privacy Policy with their parents or legal guardian

Network Data (Internet protocol address)

Collected from your device by NahMo’s Content Delivery Networks (CDN)

To store in the CDN database and network logs. To enable access to all images, media and tools provided within the App during use. To enable secured access to both the app and website.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Service Providers

Purpose

Square

We use Square to process payment when you purchase from through NahMo app. Use of the Payment providers is governed by their terms of use and privacy policy. NahMo does not collect and store your credit card related information. We may collect your name, email, and phone number to send you confirmations and for operational purposes.

Twilio

Twilio verifies your identity by generating one-time passcode when you log on to the app. This is done using their web service APIs. Data is transferred and stored in Twilio servers in the USA region. Twilio encrypts all communication.. Here, you can read more on their privacyterms of service and security. We have a DPA with UK IDTA and SCCs and BAA.

Open AI

Data: Accidental personal identifiers provided by you within conversation text messages with the NahMo AI chat.
Purpose: To detect, anonymize, and replace entities of personal information accidentally shared by end user. The Service runs on NahMo’s cloud servers, and hence your text messages are never transferred to Open AI. Read more about Private AI Privacy Policy and Terms of use

 

6. Limiting Use, Disclosure, Retention, and Deletion Policy

Personal Information may only be used or disclosed for the purpose for which it was collected unless you have otherwise consented, or when it is required or permitted by law. Personal Information will only be retained for the time required to fulfill the purpose for which we collected it or as may be required by law.

We may retain one copy of your data even after your subscription ends or Institution contract ends if it is reasonably necessary. This could be in any of the following situations:

•   to comply with applicable legal and statutory requirements;

•   at the request of a returning subscriber;

•   to respond to your requests

•   in our backup for a time-bound period;

•   to fulfill processing that is in our legitimate interest.

Where not specified we retain your data for a maximum of 5 years since the last update and as per our internal information retention policies.

7. Accuracy

Personal Information will be maintained in as accurate, complete, and up-to-date form as is necessary to fulfill the purposes for which it is to be used.

8. Safeguarding Customer Information

Personal Information will be protected by security safeguards that are appropriate to the sensitivity level of the information. We take all reasonable precautions to protect your Personal Information from any loss or unauthorized use, access, or disclosure.

Customer data are stored at the MapleBrains servers which are associated with HostGator located in Canada. The MapleBrains servers are HIPAA-certified.

The following are security protocols to safeguard customer information.

1.  Safe Communication with SSL

2.  Access Control

3.  Secure Logins

4.  Audits and Monitoring

5.  Data Minimization

6.  Software Updates for Safety

7.  Secure Development

8.  Firewall Protection

9.  Data Backups and Recovery

10. Regulatory Compliance


 

8. Openness

We will make information available to you about our policies and practices with respect to the management of your Personal Information.

 

9. Customer Access

Upon request, you will be informed of the existence, use and disclosure of your Personal Information, and will be given access to it. You may verify the accuracy and completeness of your Personal Information, and may request that it be amended, if appropriate. However, in certain circumstances permitted by law, we will not disclose certain information to you. For example, we may not disclose information relating to you if other individuals are referenced or if there are legal, security or commercial proprietary restrictions.

 

10. Handling Customer Inquiries, Complaints, and Suggestions

You may direct any questions or enquiries with respect to our privacy policy or our practices by contacting:

NahMo

9450 SW Gemini Dr

PMB 57763

Beaverton, OR 97008-7105

Email : support@nahmo.org

 

Additional Information

 

Cookies

A cookie is a small computer file or piece of information that may be stored in your computer's hard drive when you visit our websites. We may use cookies to improve our website’s functionality and, in some cases, to provide visitors with a customized online experience.

Cookies are widely used, and most web browsers are configured initially to accept cookies automatically. You may change your Internet browser settings to prevent your computer from accepting cookies or to notify you when you receive a cookie so that you may decline its acceptance. Please note, however, if you disable cookies, you may not experience optimal performance of our website.