mai

Privacy Policy for Mai

Version 1.0 – Effective Date: 25 October 2024

Mai ("we," "us," or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data when you use our scheduling AI assistant service ("Mai") and visit our website.

This Privacy Policy applies to all users of Mai, regardless of their location. However, as a company registered in the United Kingdom, we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. For users located in the European Union (EU), we also comply with the EU General Data Protection Regulation (GDPR). For users in the United States, we comply with applicable state laws, including the California Consumer Privacy Act (CCPA).

By using Mai, you agree to the terms of this Privacy Policy. If you do not agree, please do not use our service.

1. Important Information and Who We Are

Controller

Mai is operated by Maical Ltd, a company registered in the United Kingdom. We are the data controller responsible for your personal data.

Contact Details

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us.

International Users

If you are located outside the United Kingdom, please note that your personal data will be processed in accordance with this Privacy Policy and applicable laws in your jurisdiction. For users in the EU, we comply with GDPR. For users in the United States, we comply with applicable state laws, including the CCPA.

Right to Complain

If you are located in the UK or EU, you have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk), or your local data protection authority in the EU. However, we would appreciate the chance to address your concerns before you approach a regulator, so please contact us first.

2. The Data We Collect About You

We may collect, use, store, and transfer different kinds of personal data about you, which we have grouped as follows:

  1. Identity Data: Includes your name.
  2. Contact Data: Includes your email address.
  3. Calendar Data: Includes details of events you ask Mai to create, such as meeting titles, dates, times, and video call links (e.g., Zoom, Google Meet).
  4. Technical Data: Includes cookies and similar technologies used when you visit our website.

We do not collect any Special Categories of Personal Data (e.g., health data, biometric data) or data about criminal convictions and offences.

Aggregated Data

We may also collect, use, and share Aggregated Data (e.g., statistical or demographic data) for any purpose. Aggregated Data is derived from your personal data but is anonymised so that it cannot directly or indirectly identify you. For example, we may aggregate usage data to calculate the percentage of users accessing a specific feature. Once anonymised, Aggregated Data is no longer considered personal data under applicable laws.

3. How is Your Personal Data Collected?

We collect personal data in the following ways:

  1. Information You Provide:
  2. When you forward or cc/bcc emails to Mai to create calendar events.
  3. When you sign in to customise your preferences (e.g., video call links).
  4. Automated Technologies:
  5. When you visit our website, we collect Technical Data using cookies and similar technologies.
  6. Third Parties:
  7. We may receive personal data about you from third-party services, such as email providers (e.g., Gmail) or analytics providers.

4. How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your data in the following circumstances:

  1. To Provide the Service:
  2. Create calendar events and send invites based on your preferences.
  3. To Improve Our Service:
  4. Analysing usage patterns to enhance functionality and user experience.
  5. To Communicate with You:
  6. Responding to customer support inquiries.
  7. For Marketing (with Your Consent):
  8. Sending you updates or promotional materials about our service.

Opting Out of Marketing Communications

You can opt out of marketing emails at any time by clicking the unsubscribe link in our emails or contacting us.

We do not engage in automated decision-making or profiling.

5. Lawful Basis for Processing

Depending on your location, we rely on the following lawful bases for processing your personal data:

  1. UK and EU Users:
  2. Consent: When you register for Mai and agree to our terms.
  3. Performance of a Contract: To provide the scheduling services you request.
  4. California Users (CCPA):
  5. We process your personal data as a "business" under the CCPA. You have the right to opt out of the "sale" of your personal data (though we do not sell personal data).

6. Cookies and Tracking

We use cookies and similar tracking technologies to:

  1. Analyse website traffic and usage patterns.
  2. Remember your preferences for a better user experience.

For more information about the cookies we use and how you can manage your preferences, please see our  Cookie Policy (https://www.maical.com/cookie-policy).

7. Disclosures of Your Personal Data

We may share your personal data with the following third parties:

  1. AI Platforms: To process calendar event creation.
  2. Google Cloud: For secure data storage. (Google Cloud’s Privacy Policy can be found here).

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes.

Use of Google Workspace APIs

We explicitly affirm that Google Workspace APIs are not used to develop, improve, or train generalized AI and/or machine learning models. Your data processed through these APIs is solely used for providing the services described in this Privacy Policy.

8. International Transfers

As a UK-based company, we primarily process and store your data within the United Kingdom. However, if you are located outside the UK, your data may be transferred internationally to provide our services. For example:

  1. EU Users: We comply with GDPR requirements for international data transfers, including the use of Standard Contractual Clauses (SCCs) or similar legal frameworks approved under GDPR.
  2. US Users: We comply with applicable US data protection laws.

9. Data Security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way. Your data is stored securely on Google Cloud, which uses industry-standard encryption and access controls.

10. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. Specifically:

  1. Calendar Data: Deleted immediately after the event is created.
  2. Account Data: Retained until you delete your account or request erasure.

11. Children’s Privacy

Our services are not directed to children under the age of 16, and we do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will delete it immediately.

12. Your Legal Rights

Depending on your location, you may have the following rights under applicable data protection laws:

- UK and EU Users (GDPR)::

- Right to access, correct, erase, restrict processing, object to processing, and data portability.

- Right to withdraw consent at any time.

- California Users (CCPA):

- Right to know what personal data we collect, request deletion, and opt out of the sale of personal data.

To exercise your rights, please contact us.

13. Changes to This Privacy Policy

We keep our privacy policy under regular review. Any updates will be posted on this page with a revised "Effective Date."