Version 1.0 – Effective Date: 25 October 2024
Mai ("we," "us," or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data when you use our scheduling AI assistant service ("Mai") and visit our website.
This Privacy Policy applies to all users of Mai, regardless of their location. However, as a company registered in the United Kingdom, we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. For users located in the European Union (EU), we also comply with the EU General Data Protection Regulation (GDPR). For users in the United States, we comply with applicable state laws, including the California Consumer Privacy Act (CCPA).
By using Mai, you agree to the terms of this Privacy Policy. If you do not agree, please do not use our service.
Controller
Mai is operated by Maical Ltd, a company registered in the United Kingdom. We are the data controller responsible for your personal data.
Contact Details
If you have any questions about this Privacy Policy or how we handle your personal data, please contact us.
International Users
If you are located outside the United Kingdom, please note that your personal data will be processed in accordance with this Privacy Policy and applicable laws in your jurisdiction. For users in the EU, we comply with GDPR. For users in the United States, we comply with applicable state laws, including the CCPA.
Right to Complain
If you are located in the UK or EU, you have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk), or your local data protection authority in the EU. However, we would appreciate the chance to address your concerns before you approach a regulator, so please contact us first.
We may collect, use, store, and transfer different kinds of personal data about you, which we have grouped as follows:
We do not collect any Special Categories of Personal Data (e.g., health data, biometric data) or data about criminal convictions and offences.
Aggregated Data
We may also collect, use, and share Aggregated Data (e.g., statistical or demographic data) for any purpose. Aggregated Data is derived from your personal data but is anonymised so that it cannot directly or indirectly identify you. For example, we may aggregate usage data to calculate the percentage of users accessing a specific feature. Once anonymised, Aggregated Data is no longer considered personal data under applicable laws.
We collect personal data in the following ways:
We will only use your personal data when the law allows us to. Most commonly, we will use your data in the following circumstances:
Opting Out of Marketing Communications
You can opt out of marketing emails at any time by clicking the unsubscribe link in our emails or contacting us.
We do not engage in automated decision-making or profiling.
Depending on your location, we rely on the following lawful bases for processing your personal data:
We use cookies and similar tracking technologies to:
For more information about the cookies we use and how you can manage your preferences, please see our Cookie Policy (https://www.maical.com/cookie-policy).
We may share your personal data with the following third parties:
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes.
Use of Google Workspace APIs
We explicitly affirm that Google Workspace APIs are not used to develop, improve, or train generalized AI and/or machine learning models. Your data processed through these APIs is solely used for providing the services described in this Privacy Policy.
As a UK-based company, we primarily process and store your data within the United Kingdom. However, if you are located outside the UK, your data may be transferred internationally to provide our services. For example:
We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way. Your data is stored securely on Google Cloud, which uses industry-standard encryption and access controls.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. Specifically:
Our services are not directed to children under the age of 16, and we do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will delete it immediately.
Depending on your location, you may have the following rights under applicable data protection laws:
- UK and EU Users (GDPR)::
- Right to access, correct, erase, restrict processing, object to processing, and data portability.
- Right to withdraw consent at any time.
- California Users (CCPA):
- Right to know what personal data we collect, request deletion, and opt out of the sale of personal data.
To exercise your rights, please contact us.
We keep our privacy policy under regular review. Any updates will be posted on this page with a revised "Effective Date."