We Value Your Privacy
This document here is the Privacy Policy of Mannki Health Service Private Limited (referred as "Mannki", "we", "us" or "our" hereafter) outlining the data security and privacy practices followed by Mannki while carrying out research and development. We are committed to maintaining privacy and confidentiality of the information provided by the User (referred as "user", "you", "your", "they", "their" or similar references hereafter) while using our Platform (referring here to our mobile application (or app), our website and related Services). Please read this Privacy Policy carefully.
It is recommended that you do not use our Platform or related Services if our Privacy Policy terms are not in accordance with applicable laws of your country.
There are two sections here. Part A covers the practices followed by Mannki and Part B covers the AWS guidelines on data security and privacy.
Part A: Data security and privacy guidelines followed by Mannki
Information collected
We collect the following different types of data through our Platform.
Account data: When a user registers to receive our Services we collect Personal Information that you submit through our mobile application, including your email address, age, gender, occupation and any other Personal Information you voluntarily submit through the online registration form.
Clinician assessment data: We collect Personal Information and health information that you voluntarily provide to us, through assessments by psychologists or psychiatrists, including information about your personal goals and health circumstances.
Mobile data: When you use our mobile application and its related Services we automatically collect information about your web browser, mobile device, and how and when you use our mobile application, including the manufacturer and model of the device, unique device identifiers, and IP address.
Website data: We track your visits to our website and its webpages and use visitor logs to compile anonymous aggregate statistics, (e.g., information such as your web requests, browser type, browser language, domain names, referring and exit pages and URLs, platform type, pages viewed and the paths you took on our website, and IP Addresses).
Active data: When a user responds to our surveys and health questionnaires, provide in-app inputs or feedback, we may collect the information you voluntarily provide in your responses as well inferred health status for specific conditions and survey alerts.
Passive data: We collect information as below from the following sensors in the smartphone of the user.
Phone sensor: gyroscope, magnetometer, accelerometer, step count, phone light, battery level, relative location, phone usage, app usage
Telephony: count of phone call picked/missed
Audio: Processed audio (mfcc coefficients, pitch and amplitude)
3rd party API: weather
Purpose of collected data
We will use the collected data for the following purposes:
Account data to manage your account, communicate with you in relation to your account, and deliver and monitor the performance of our services;
Clinician assessment data to help you, your coach, clinician, or healthcare provider understand your personal objectives and circumstances, help you develop and execute strategies to overcome your challenges, achieve your goals, deliver appropriate care, evaluate the quality and progress of our program, and optimize delivery of services;
Mobile data to monitor and enhance the performance of the mobile application, analyze trends, usage and activities in connection with the app, and ensure its technological compatibility with users;
Website data to analyze trends, administer our website, improve the website design, and otherwise enhance our websites and services we provide;
Active data to better understand your health status, provide feedback, and to provide proactive alerts.
Passive data to compute behavioral markers for a user to help them understand their mental health objectively.
Aggregate data:
We create statistical, aggregated data relating to our users and the Service for analytical purposes. Aggregated data includes data derived from Personal Information and obtained by Mannki from other sources in aggregated, anonymous form. Aggregate data cannot reasonably be used to identify any individual. We use Aggregate data to understand our customer base, market our Services, and improve and enhance our site and services.
User consent and permissions
We collect data only after obtaining consent from a user, after making them aware of Privacy Policy adopted by us.
Depending on the user's specific device, Mannki may request certain permissions that allow it to access the user's Mobile data as described above. By default, these permissions must be granted by the user before the respective information can be accessed. Once the permission has been given, it can be revoked by the user at any time. In order to revoke these permissions, users may refer to the device settings or contact Mannki for support at the contact details provided in the present document. The exact procedure for controlling app permissions may be dependent on the user's device and software.
Please note that the revoking of such permissions might impact the proper functioning of Mannki's mobile application.
Data storage
Mannki platform uses Amazon Web Services for the technical and data infrastructure. We secure information using industry standard administrative, physical, and technical safeguards including encryption of information that is stored and transmitted. Your data is stored on our cloud servers which are safeguarded by state of the art firewalls. User’s privacy will be protected. We are only recording the user's email address during login and is masked using a hash function and hence cannot be decrypted by anyone outside our development team. We may also record device id for backend communications. We are not making any 3rd Party API calls which carry PII. Hence, for our analyses, user’s Personal Information will be fully anonymized and there is no data leakage. Data collected will be stored on a secure AWS cloud with state of the art firewalls. The migration of data from the app to the cloud server will be done using a kafka cluster and a rest proxy, both are AWS managed services and fully secure. Both raw and processed data will be removed after 5 years unless a User requests to remove their data earlier, in that case the raw data will be removed accordingly.
Access to data
Your data is secure on our servers. The data scientist and backend developers of the Mannki team will have access to the data.
Mode and place of processing the data
Mannki takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the data. The data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to Mannki data science team, in some cases, the data may be accessible to certain types of persons in charge, involved with the operation of Mannki (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by Mannki. The updated list of these parties may be requested from Mannki at any time.
The rights of Users
Users may exercise certain rights regarding their data processed by Mannki.
In particular, users have the right to do the following:
Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Information.
Object to processing of their data. Users have the right to object to the processing of their data if the processing is carried out on a legal basis other than consent.
Access their data. Users have the right to learn if data is being processed by Mannki, obtain disclosure regarding certain aspects of the processing and obtain a copy of the data undergoing processing.
Verify and seek rectification. Users have the right to verify the accuracy of their data and ask for it to be updated or corrected.
Restrict the processing of their data. Users have the right, under certain circumstances, to restrict the processing of their data. In this case, Mannki will not process their data for any purpose other than storing it.
Have their Personal Information and related data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their data from Mannki.
Receive their data and have it transferred to another controller. Users have the right to receive their data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the data is processed by automated means and that the processing is based on the user's consent, on a contract which the user is part of or on pre-contractual obligations thereof.
Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.
User can place a request to support@mannki.app in case of any of the above.
Indemnity
Mannki will indemnify, defend and hold user harmless from and against any third-party claims, liabilities, damages and expenses arising out of or in any way connected with any claim or action brought against user to the extent that it is based upon a claim that the Mannki Platform, as provided by Mannki to user under this Policy, infringes any Intellectual Property Rights of a third party. Meanwhile, Users indemnify Mannki for any breach in confidentiality of the user’s Personal Information.
3rd Party Disclosure
Mannki does not sell or trade your Personal Information with any third party. If we decide to do so we will inform the user in advance.
Changes to the Policy
Mannki reserves the right to update or remove any part of this Privacy Policy without notifying or being liable to any third party. In cases where there are significant changes made to the process in which we use your Personal Information or in the Privacy Policy, we may display, but in no way obligated, a notice on our Platform but the website or on our Platform.
Part B: Data security and privacy guidelines followed by AWS
AWS’ data centers are state of the art, utilizing innovative architectural and engineering approaches. AWS has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
AWS only provides data center access and information to employees and contractors who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical access to data centers by AWS employees is logged and audited routinely.
Please read to the documents below to know more about AWS guidelines on data security and privacy