Your privacy is our priority. My Village Wellness Intelligence Inc., operating as My Village ("My Village," "we," "us," or "our"), is committed to protecting your personal information and being transparent about how we handle your data.
Introduction
My Village is an AI-powered wellness platform designed to support women navigating perimenopause, menopause, and post-menopause. We help you track your wellness holistically, uncover actionable insights, and understand your health patterns. We respect your privacy and handle your information with care, transparency, and in accordance with applicable law.
Important: My Village is a wellness and informational platform. We are not a healthcare provider, medical device, diagnostic service, or substitute for professional medical care. Our AI-powered coaching provides educational insights and wellness support only. Always consult qualified healthcare professionals regarding medical concerns, diagnosis, or treatment decisions.
Understanding Your Health Data and Our Legal Obligations
We collect health-related information from you, but we are NOT covered by HIPAA. This is important for you to understand:
What This Means:
- The information you share with us about your health, symptoms, and wellness is consumer health data, not Protected Health Information (PHI) under HIPAA
- We are not a healthcare provider, health plan, or healthcare clearinghouse
- We are not bound by HIPAA's privacy and security rules
- However, we are subject to other federal and state laws governing consumer health data, including FTC regulations and state consumer health data privacy laws
Why This Matters to You:
- You should understand that the health information you share with us does not have the same legal protections as information you share with your doctor
- We take the security and privacy of your health data very seriously and implement protections that meet or exceed industry standards
- We are transparent about how we collect, use, and protect your health information
- We give you control over your health data
Our Commitment: Even though we are not required to comply with HIPAA, we commit to handling your health information with a high level of care, security, and respect.
The Scope of This Privacy Policy
This Privacy Policy describes how My Village collects, uses, discloses, and protects your personal information when you use our website (meetmyvillage.com, our "Site"), mobile application, and related services (collectively, our "Services"). This policy applies to our services in the United States and Canada.
By using our Services, you consent to the information practices described in this Privacy Policy. For health-related information, we obtain your explicit consent before collection and processing.
1. What Personal Information We Collect
1.1 Information You Provide Directly
Account Information:
- Full name, email address, phone number
- Date of birth and age
- Username and password
- Profile preferences and settings
Health and Wellness Information You Voluntarily Share:
We collect health-related information that you voluntarily provide, including symptom tracking, wellness patterns (sleep, energy, mood, stress), lifestyle habits, menstrual cycle information (if you choose to track this), wellness goals, and any other health context you share with our AI coach. We obtain your explicit consent before collecting this information.
We do NOT collect medical records, lab results, prescriptions, insurance information, genetic data, or information from your healthcare providers.
Communications:
- Messages with our AI wellness coach
- Customer support inquiries
- Survey responses and feedback
1.2 Information We Collect Automatically
Usage Data: How you interact with our Services, including features used, pages viewed, and time spent.
Device and Technical Information: Device type, operating system, browser type, IP address, approximate location (city/region level), device identifiers, and technical data such as log files and performance metrics.
Cookies and Similar Technologies: We use cookies and similar technologies for authentication, preferences, and analytics.
2. Your Consent for Health Data
We obtain your explicit consent before collecting health data. During account creation, we explain what health data we collect and require your affirmative opt-in.
Your consent covers:
- Collection and use of health data to provide AI-powered wellness insights
- Analysis and storage of your health data as described in this policy
Withdrawing consent: You can withdraw consent at any time by deleting your account or contacting us at privacy@meetmyvillage.com. If you withdraw consent, we will stop collecting health data and delete your existing health data within the timeframes required by applicable law.
3. How We Use Your Personal Information
We use your Personal Information only for the purposes described below. We will never sell your health data to third parties.
To Provide Our Services: Deliver AI-powered wellness coaching and personalized insights, help you recognize patterns in your wellness data, track your progress toward your wellness goals, and provide customer support. Our insights are designed for general wellness and educational purposes and are not intended for medical diagnosis or treatment.
To Improve Our Services: Enhance our AI algorithms and user experience, conduct research and development, and monitor performance and reliability.
To Communicate With You: Send important account updates and service notifications, provide wellness tips and educational content (with your consent for marketing), and respond to your inquiries.
For Security and Legal Compliance: Maintain security and integrity of our Services, detect and prevent fraud, abuse, and security incidents, and comply with applicable laws and respond to valid legal requests.
For Research (De-identified Data Only): We may de-identify your health data by removing all identifiers so it cannot reasonably be used to identify you. De-identified data may be used internally or shared with third parties for research, analytics, or other legitimate purposes. We prohibit any attempt to re-identify this data.
Important: Our Services provide wellness insights and educational information only. We do NOT provide medical advice, diagnosis, or treatment recommendations, and are not a substitute for healthcare professionals.
4. When and How We Share Your Personal Information
We share your personal information only in the limited circumstances described below. We do not and will never sell your health data to anyone for any purpose.
Service Providers: We share information with trusted third-party service providers who help us operate our Services (cloud hosting, analytics, customer support, email communications, security, and payment processing). Service providers sign data processing agreements with strict confidentiality obligations and may only use your information to provide services to us.
Legal Requirements: We may disclose your Personal Information when required by law or to comply with legal obligations, enforce our Terms of Service, protect rights and safety, or respond to fraud or security issues. We will make reasonable efforts to notify you before disclosing your information in response to legal process unless prohibited by law.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your Personal Information may be transferred to a successor organization. We will provide advance notice and obtain your consent where required by applicable law.
With Your Consent: We may share your Personal Information with third parties when you explicitly direct us to do so or provide specific consent.
De-identified Data: We may share aggregated or de-identified data that cannot reasonably be used to identify you with third parties for research, analytics, or other legitimate purposes.
5. AI Services and Data Processing
My Village uses trusted third-party artificial intelligence (AI) services to provide insights and analysis features. When you use AI-powered features, certain data you enter into the app may be processed by third-party AI providers to generate responses and insights. For document uploads, files you choose to upload may be securely transmitted to our AI service providers for processing. These documents may contain personal or health-related information. Other app features use anonymized data before processing.
Our AI service providers include: OpenAI (United States). These providers process data solely to generate requested insights and responses. Data is not sold or used for advertising. We take reasonable steps to protect your information and only share data necessary to provide requested features.
6. Your Privacy Rights and Choices
We believe you should have control over your personal information. Depending on where you live, you have some or all of the following rights:
6.1 Access Your Information
You have the right to access your Personal Information and health data, including confirmation of what we're processing, copies of your data, and information about how we use and share it. Much of this is available through your account settings, or you can contact us at privacy@meetmyvillage.com.
6.2 Correct Your Information
You can update most of your Personal Information through your account settings. If you notice any inaccuracies or want to correct information you cannot change directly, contact us at privacy@meetmyvillage.com.
6.3 Delete Your Information
You have the right to request deletion of your Personal Information and health data.
How to delete:
- Delete your account through your account settings
- Contact us at privacy@meetmyvillage.com to request deletion
What happens when you delete:
- Your account is deactivated
- Your Personal Information and health data are deleted within the timeframes required by applicable law
- Deletion is permanent and cannot be undone
Exceptions to deletion: We may retain certain information where required by law or for legitimate business purposes, such as to resolve disputes, prevent fraud, or enforce our agreements.
6.4 Data Portability
You can request a copy of your Personal Information and health data in a structured, commonly used, machine-readable format to transfer to another service.
6.5 Opt-Out of Marketing Communications
You can opt out of promotional and marketing communications at any time by:
- Using the "unsubscribe" link in our emails
- Adjusting your communication preferences in account settings
Note: You cannot opt out of essential service-related communications necessary for your account, including security alerts and policy updates.
6.6 Withdraw Consent for Health Data
You can withdraw consent for health data collection at any time by emailing privacy@meetmyvillage.com or deleting your account. If you withdraw consent, we will stop collecting health data and existing health data will be deleted within the timeframes required by applicable law. Core Services requiring health data will no longer be available.
6.7 Limit Use of Sensitive Personal Information
For certain states (e.g., California), you have the right to limit our use of sensitive personal information. However, we only use your health data for the purposes described in Section 3, which are permitted under applicable law. We do not use your health data for purposes that would require an opt-out right.
6.8 How to Exercise Your Rights
To exercise any of these rights, email us at privacy@meetmyvillage.com or use your account settings for access, correction, and deletion. We will verify your identity before processing requests and respond within the timeframes required by applicable law. We will not discriminate against you for exercising your privacy rights.
6.9 Authorized Agents
You may designate an authorized agent to submit requests on your behalf. We will require verification of the agent's authority before processing requests.
7. How Long We Keep Your Information
We retain your Personal Information only as long as necessary to fulfill the purposes described in this Privacy Policy.
7.1 Active Accounts
While your account is active, we retain all account information, health data you've provided, usage history, and communications.
7.2 Deleted Accounts
When you delete your account, we will delete or de-identify your Personal Information and health data within the timeframes required by applicable law, except where we must retain information for legal, regulatory, or legitimate business purposes. De-identified data that cannot identify you may be retained for research purposes.
7.3 Inactive Accounts
If your account remains inactive for an extended period, we may delete your account and data to manage our systems and resources. Before doing so, we will send notice to your registered email address and provide you with a reasonable opportunity to reactivate your account.
8. How We Protect Your Information
The security of your health data is critically important to us. Because we handle consumer health data, we implement security measures that meet or exceed industry standards for protecting sensitive information.
8.1 Technical Safeguards
Encryption:
- All data is encrypted in transit using TLS 1.2 or higher
- All data is encrypted at rest using industry-standard encryption
- Encryption keys are managed using industry best practices
Access Controls:
- Access controls and authentication requirements
- Multi-factor authentication for administrative access to systems containing health data
- Regular access audits and reviews
Authentication:
- Strong password requirements
- Account lockout after multiple failed login attempts
- Secure password reset mechanisms
- Secure APIs with authentication and authorization
Network Security:
- We protect our infrastructure using AWS network security controls, including Virtual Private Clouds (VPCs), security groups, and network access control lists to restrict unauthorized access
- Regular vulnerability and code scanning to fix known OSVs
Monitoring and Logging:
- Security monitoring for suspicious activity
- Logging of access to health data
- Automated alerts for security anomalies
8.2 Organizational Safeguards
We implement organizational safeguards including employee confidentiality agreements, security training, vendor security requirements, and incident response procedures.
8.3 Regular Security Assessments
We conduct security assessments, vulnerability testing, and security reviews for new features to continuously improve our security practices.
8.4 Breach Notification
In the unlikely event of a data breach affecting your Personal Information or health data, we will investigate immediately, take steps to contain and remediate the breach, and notify affected users and relevant regulatory authorities within the timeframes required by applicable law. Our notification will include information about what happened, what data was affected, steps we have taken, and how to contact us with questions.
8.5 Your Responsibility
While we implement strong security measures, security also depends on you:
Protect your account:
- Keep your password secure and do not share it with others
- Use a strong, unique password for your My Village account
- Enable two-factor authentication if available
- Log out when using shared or public devices
- Use a secure internet connection when accessing our Services
- Do not share your account with others
Report security concerns:
- Contact us immediately at privacy@meetmyvillage.com if you suspect unauthorized access to your account or notice suspicious activity
8.6 Limitations
No system is completely secure. Despite our reasonable and appropriate security measures, unauthorized access or data breaches could occur. However, we continuously work to improve our security and promptly address any identified vulnerabilities.
9. International Data Transfers
Our Services and data infrastructure are hosted primarily in Amazon Web Services (AWS) Canada Central region, meaning your Personal Information is stored and processed in Canada.
If we use service providers or partners located outside of Canada, your Personal Information may be transferred to and processed in other countries, including the United States. Those jurisdictions may have different data-protection laws and may permit access by law-enforcement or national-security authorities in those jurisdictions.
When we engage such providers, we use contractual and technical safeguards to help ensure that your information receives protection comparable to that required under Canadian privacy laws.
By using our Services, you consent to the storage and processing of your Personal Information in Canada and, where applicable, to limited transfers to other jurisdictions as described above.
10. Children's Privacy
Our Services are intended solely for individuals who are 18 years of age or older. We do not knowingly collect personal information from anyone under 18.
If you are under 18, you may not use our Services or create an account.
If you are a parent or guardian and believe your child under 18 has provided us with personal information, please contact us immediately at privacy@meetmyvillage.com and we will delete such information promptly.
11. Cookies and Tracking Technologies
We use cookies and similar technologies to provide, protect, and improve our Services. You can control cookies through your browser settings, though disabling them may limit certain features. We do not respond to Do Not Track signals.
12. Region-Specific Privacy Rights
12.1 For California Residents
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
Categories of Personal Information We Collect: As described in Section 1, we collect identifiers, demographic information, internet/network activity, and sensitive personal information (wellness data, account credentials).
Business and Commercial Purposes: As described in Section 3, we use information to provide Services, improve our platform, communicate with you, ensure security, and comply with legal obligations.
Your California Rights:
- Right to Know: Request disclosure of Personal Information we collect, use, and disclose about you.
- Right to Delete: Request deletion of your Personal Information and health data. We will delete within the timeframes required by applicable law.
- Right to Correct: Request correction of inaccurate Personal Information. We will correct within the timeframes required by applicable law.
- Right to Opt-Out: We do not sell or share your Personal Information for cross-context behavioral advertising.
- Right to Limit Use of Sensitive Personal Information: We use sensitive personal information (health data, account credentials) only for permitted purposes under California law. We do NOT use your health data for purposes that would trigger an opt-out right under California law.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
- Authorized Agents: You may designate an authorized agent to submit requests on your behalf. We require signed written permission from you authorizing the agent and verification of your identity.
Contact for California Rights:
- Email: privacy@meetmyvillage.com
- Response Time: We will respond to verified requests within the timeframes required by applicable law.
12.2 For Washington State Residents (My Health My Data Act)
Washington's My Health My Data Act (MHMDA) provides specific protections for consumer health data.
Your Rights Under MHMDA:
- Right to Consent: We obtain your affirmative consent before collecting consumer health data.
- Right to Access: Request a list of third parties with whom we've shared your consumer health data and a copy of your consumer health data.
- Right to Delete: Request deletion of your consumer health data. We will delete within the timeframes required by applicable law.
- Right to Withdraw Consent: Withdraw consent for collection and sharing of consumer health data at any time. We will honor withdrawal within the timeframes required by applicable law.
- Geofencing Prohibition: We do NOT collect or use geofencing data or use your location to identify or track visits to health facilities.
- Restrictions on Sharing: We do NOT sell consumer health data. We do NOT share consumer health data except as described in Section 4.
Contact for Washington Rights: privacy@meetmyvillage.com
12.3 For Canadian Residents
We comply with Canadian federal and provincial privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA).
Consent: We obtain your consent before collecting, using, or disclosing your Personal Information, except where permitted or required by law. For sensitive information like health data, we obtain explicit, affirmative consent.
Cross-Border Data Transfers: Your Personal Information will be transferred to, processed, and stored in the United States. When your information is in the United States, it is subject to US laws and may be accessible to US courts, law enforcement, and national security authorities.
Your Rights Under Canadian Privacy Law:
- Right to Access: Request access to your Personal Information in our custody or control and receive information about how it has been used and disclosed. We will respond within the timeframes required by applicable law.
- Right to Correction: Challenge the accuracy and completeness of your Personal Information and request corrections.
- Right to Withdraw Consent: Withdraw consent at any time, subject to legal or contractual restrictions. We will inform you of implications of withdrawal. Certain Services may no longer be available if you withdraw consent for health data.
- Right to Complain: If you have concerns about our privacy practices, contact our Privacy Officer at privacy@meetmyvillage.com. If unsatisfied, you may file a complaint with the Office of the Privacy Commissioner of Canada or your provincial privacy commissioner.
Privacy Officer Contact:
- Email: privacy@meetmyvillage.com
12.4 For Residents of Other U.S. States
Residents of certain U.S. states (including Colorado, Connecticut, Montana, Oregon, Texas, Utah, and Virginia) may have additional rights.
Your Privacy Rights:
- Right to access your Personal Information
- Right to correct inaccurate information
- Right to delete your Personal Information
- Right to data portability
- Right to opt-out of targeted advertising, sale of Personal Information, or profiling (we do not engage in these practices)
- Right to Appeal: If we deny your rights request, you may appeal our decision by contacting privacy@meetmyvillage.com.
- No Discrimination: We will not discriminate against you for exercising your privacy rights.
How to Exercise Rights: Contact us at privacy@meetmyvillage.com with your request. We will verify your identity and respond within the timeframes required by your state's law.
13. Contact Us
We are committed to addressing your privacy questions and concerns.
For privacy inquiries, to exercise your rights, or to submit a complaint:
- Email: privacy@meetmyvillage.com
When contacting us, please include:
- Your full name
- Email address associated with your account
- Detailed description of your request or concern
Response Time: We will respond to your inquiries within the timeframes required by applicable law.
14. Changes to Our Privacy Practices
As our Services evolve, we may change how we collect, use, or share your information.
Types of changes:
- Non-Material Changes: Minor clarifications, corrections, updated contact information, or administrative updates are effective immediately upon posting.
- Material Changes: Changes to how we use your health data, changes to third parties we share with, changes to your rights, or significant changes to security practices require advance notice.
How we notify you of material changes:
- Email to your registered email address, or
- Prominent notice on our website
- For health data changes: We will obtain your affirmative consent
Your options when we make changes:
- Review the updated policy
- Accept the changes by continuing to use Services
- Withdraw consent and delete your account
- Contact us with questions or concerns
15. Transparency and Accountability
My Village is committed to transparency in our privacy practices and accountability in how we handle your Personal Information and health data.
Our commitments:
- Clear communication about data collection and use
- User control over personal information
- Strong security measures and regular audits
- Compliance with applicable privacy laws
- Privacy by design in product development
Privacy by Design principles:
- Data minimization - collect only what's necessary
- Purpose limitation - use data only for specified purposes
- Data quality - keep information accurate and current
- Storage limitation - retain only as long as needed
- Security - protect data with appropriate safeguards
- User rights - respect choices and provide controls
My Village Wellness Intelligence Inc. | privacy@meetmyvillage.com