Privacy Policy

Last updated: December 2024

HIPAA Compliance & Data Protection

Mamsa Health Technologies is fully HIPAA compliant and employs enterprise-grade security measures to protect your personal health information. Your privacy and data security are our highest priorities.

1. Introduction and Commitment

At Mamsa Health Technologies ("Mamsa," "we," "us," or "our"), we are committed to protecting your privacy and maintaining the confidentiality of your personal health information. This Privacy Policy explains how we collect, use, protect, and share your information when you use our voice health screening platform.

We understand that your health information is highly sensitive and personal. Our privacy practices are designed to give you control over your information while enabling us to provide you with valuable health insights through voice biomarker analysis.

Our Promise: We will never sell your personal health information to third parties or use your voice data to train AI models without your explicit consent.

2. Information We Collect

Voice and Audio Data:

  • 45-second voice recordings for analysis
  • Audio quality metrics and technical parameters
  • Voice biomarker measurements and patterns
  • Uploaded audio files (when using file upload feature)

Personal Information:

  • Name and email address (for results delivery)
  • Age range and basic demographic information
  • Health interests and screening preferences
  • Account creation and login information

Technical Information:

  • Device type, browser, and operating system
  • IP address and general location (country/region)
  • Usage patterns and feature interactions
  • Performance metrics and error logs

Health Screening Results:

  • Voice analysis results and health indicators
  • Risk assessments and screening outcomes
  • Historical analysis data and trends
  • Recommendations and follow-up suggestions
3. How We Use Your Information

Primary Uses:

  • Analyze voice biomarkers for health screening
  • Generate personalized health insights and reports
  • Deliver analysis results via email
  • Provide customer support and technical assistance
  • Improve service quality and user experience

Research and Development:

  • Aggregate, anonymized data for research purposes
  • Algorithm improvement and validation studies
  • Clinical research and peer-reviewed publications
  • Technology advancement and innovation

Important: We only use anonymized, aggregated data for research. Individual voice recordings are never used to train AI models without explicit consent.

Legal and Compliance:

  • Comply with healthcare regulations (HIPAA, GDPR)
  • Respond to legal requests and court orders
  • Protect against fraud and security threats
  • Maintain audit trails for compliance purposes
4. Data Security and Protection

Encryption and Storage:

  • AES-256 encryption for all data at rest
  • TLS 1.3 encryption for data in transit
  • Secure cloud infrastructure with AWS/Azure
  • Encrypted database storage with access controls

Access Controls:

  • Multi-factor authentication for all staff
  • Role-based access permissions
  • Regular access reviews and audits
  • Principle of least privilege enforcement

Security Monitoring:

  • 24/7 security monitoring and threat detection
  • Regular penetration testing and vulnerability assessments
  • Incident response procedures and breach protocols
  • Annual third-party security audits
HIPAA Compliance Features:
  • Business Associate Agreements with all vendors
  • Comprehensive audit logging
  • Data breach notification procedures
  • Employee privacy training and certification
5. Data Sharing and Disclosure

We DO NOT Share:

  • Individual voice recordings with third parties
  • Personal health information for marketing purposes
  • Identifiable data with researchers or partners
  • Information with data brokers or advertisers

Limited Sharing Scenarios:

  • Service Providers: Encrypted data with HIPAA-compliant cloud providers for storage and processing
  • Legal Requirements: When required by law, court order, or regulatory authority
  • Emergency Situations: To protect health and safety in urgent circumstances
  • Business Transfers: In case of merger or acquisition (with continued privacy protection)

Research Collaboration:

We may share anonymized, aggregated data with academic institutions and research partners for advancing voice biomarker science. This data cannot be traced back to individual users.

6. Your Rights and Choices

Access and Control:

  • Request copies of your personal data and analysis results
  • Update or correct your personal information
  • Download your data in a portable format
  • Request deletion of your account and data

Privacy Preferences:

  • Opt out of research data inclusion
  • Control email communications and notifications
  • Manage data retention preferences
  • Set consent preferences for future features

GDPR Rights (EU Residents):

  • Right to be forgotten (data erasure)
  • Right to data portability
  • Right to restrict processing
  • Right to object to processing

How to Exercise Your Rights: Contact us at privacy@mamsacare.com or support@mamsacare.com to make requests regarding your personal data.

7. Data Retention and Deletion

Retention Periods:

  • Voice Recordings: Stored for 7 years for medical record purposes, then securely deleted
  • Analysis Results: Retained for 10 years to support longitudinal health tracking
  • Account Information: Kept while account is active, plus 3 years after closure
  • Technical Logs: Retained for 1 year for security and performance monitoring

Secure Deletion:

When data is deleted, we use secure deletion methods that make recovery impossible. This includes overwriting data multiple times and destroying encryption keys.

Legal Holds:

In some cases, we may need to retain data longer due to legal requirements, ongoing investigations, or regulatory obligations.

8. International Data Transfers

Our primary data processing occurs in the United States using HIPAA-compliant infrastructure. For international users, we ensure appropriate safeguards are in place:

Transfer Safeguards:

  • Standard Contractual Clauses (SCCs) for EU data transfers
  • Adequacy decisions where applicable
  • Additional security measures for sensitive health data
  • Regular compliance reviews and updates

Data Localization:

Where required by local laws, we maintain data processing within specific geographic regions and comply with local data protection requirements.

9. Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.

If we become aware that we have collected personal information from a child under 18, we will take immediate steps to delete such information from our systems.

Parents or guardians who believe their child has provided personal information to us should contact us immediately at privacy@mamsacare.com.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors.

Notification of Changes:

  • Email notification for significant changes
  • Prominent notice on our website
  • Updated "Last Modified" date at the top of this policy
  • 30-day notice period for material changes

Continued use of our Service after changes constitutes acceptance of the updated Privacy Policy. If you do not agree to changes, please discontinue use and contact us about data deletion.

11. Contact Information and Data Protection Officer

If you have questions about this Privacy Policy, want to exercise your privacy rights, or have concerns about our data practices, please contact us:

Mamsa Health Technologies

Privacy Officer: privacy@mamsacare.com

General Support: support@mamsacare.com

Data Protection Requests: dpo@mamsacare.com

Response Time: We respond to privacy requests within 30 days (or as required by applicable law)

Regulatory Contacts:

EU residents may also contact their local data protection authority if they have concerns about our data practices that we cannot resolve directly.