Mae
Back to Mae

Legal

Privacy Policy

MAE Privacy Policy Our Kidz, Inc. (d/b/a Mae) Effective Date May 22, 2026 Last Updated May 22, 2026 Entity Our Kidz, Inc. (d/b/a Mae) Jurisdiction State of Idaho, United States Privacy Contact privacy@mae-os.com 1. Introduction Our Kidz, Inc. (doing business as Mae) operates a voice-first family health navigation platform. This Privacy Policy describes how Mae collects, uses, stores, shares, and protects personal information and children's health information submitted through the Mae app and related services. It applies to all users, including parents and caregivers who create accounts, and governs information collected about children under 18 whose health profiles are managed through parent accounts. 2. Information We Collect 2.1 Account Information When you register for Mae, we collect: - Name, email address, and password - Billing information (processed by our payment provider; not stored on Mae systems) - Employer or benefits plan information, if you access Mae through an employer program 2.2 Child Profile Information (LadybugDB) Mae's family digital twin architecture (LadybugDB) stores child health profiles you create. This includes: - Child's name, date of birth, age, and biological sex - Symptom descriptions and health observations submitted by the caregiver - Health history, prior diagnoses, medications, allergies, and visit notes entered by the caregiver - Voice and text inputs from caregiver interactions with Mae - Navigation session records, including Mae's responses to health queries - Outcomes information collected through clinical follow-up calls, where applicable, including whether emergency or urgent care was sought and the outcome of that care All child health information is submitted by the parent or caregiver. Mae does not collect information directly from children. 2.3 Device, Usage, and Audit Log Information Mae automatically collects device identifiers, operating system version, session logs (anonymized), and crash reports for performance diagnostics. Mae also maintains interaction audit logs for every clinical interaction. Each audit log record includes the full interaction transcript, governing protocol version, decision path, trigger conditions evaluated, and Mae's final recommendation to the caregiver. These logs are retained for clinical quality and safety purposes and are accessible only to authorized clinical and technical personnel. 2.4 Third-Party Integrations If you connect Mae to third-party health data sources such as Apple Health or wearables, Mae may receive health metrics you authorize. You may revoke access at any time. 3. How We Use Your Information 3.1 To Provide the Services - Operate Mae's voice-first navigation interface and LadybugDB profiles - Generate context-appropriate health navigation responses - Apply Mae's clinical protocol governance framework to flag and review interactions - Facilitate clinical oversight callbacks where triggered under Option C - Conduct outcomes follow-up for Tier 3 hard escalation cases 3.2 To Improve Mae - Analyze de-identified, aggregated usage patterns to improve navigation accuracy - Train Mae's AI models using de-identified data only, never identifiable children's health data without explicit opt-in - Conduct quality assurance under Mae's Case Review Rubric 3.3 Communications and Compliance - Send account, billing, service, and safety notifications - Send clinical escalation callbacks and outcomes follow-up calls where triggered - Comply with COPPA, FTC Health Breach Notification Rule, and applicable state health privacy laws - Respond to lawful government requests and enforce Mae's Terms of Service You may opt out of non-essential communications at any time. Clinical and safety communications cannot be opted out of while your account is active. 4. Children's Privacy (COPPA Compliance) Mae complies with the Children's Online Privacy Protection Act (COPPA), 15 U.S.C. § 6501 et seq., and FTC regulations at 16 C.F.R. Part 312. Account holders must be 18 or older. By creating a child profile, you provide verifiable parental consent for Mae to collect and process your child's health information. You may withdraw consent at any time by deleting the child's profile or closing your account. 4.1 Children's Data Use Restrictions Mae does not: - Sell children's personal information to any third party - Use children's health data for advertising or behavioral targeting - Share children's identifiable health data with research or data partners without explicit opt-in consent - Use identifiable children's health data to train AI models without explicit opt-in consent 4.2 Parental Rights As the parent or legal guardian, you have the right to review, correct, or delete your child's information, and to refuse further collection by closing the account. To exercise these rights, contact privacy@mae-os.com. We will respond within 30 days. See Section 9 for retention periods. 5. Health Data, HIPAA, and FTC Compliance 5.1 FTC Health Breach Notification Rule Mae is subject to the FTC Health Breach Notification Rule, 16 C.F.R. Part 318 (as amended effective 2024). In the event of a breach of unsecured personal health records, Mae will notify affected users within the timeframe required by applicable law. 5.2 HIPAA Where Mae serves as a business associate to a HIPAA-covered entity under an employer benefits arrangement, Mae operates under a signed Business Associate Agreement (BAA). Outside a covered entity relationship, Mae's health data handling is governed by this Privacy Policy and the FTC Health Breach Notification Rule. 5.3 State Health Privacy Laws Mae complies with applicable state health data privacy laws, including Idaho's consumer health data protections and, where applicable, the Washington My Health MY Data Act and similar state-level requirements. 6. Sharing of Information 6.1 We Do Not Sell Your Data Mae does not sell your personal information or your child's health information to third parties for advertising, marketing, or data brokerage purposes. 6.2 Service Providers Mae shares information with service providers bound by data processing agreements, including cloud infrastructure, payment processing, analytics (de-identified only), and AI model providers. Service providers may not use your information for their own purposes. 6.3 Clinical Oversight Team Under Option C, Mae's clinical oversight team, including the Clinical Director, Case Reviewers, and RN, may access the following for quality review and escalation purposes: - Flagged interaction transcripts and full interaction audit logs - The child's LadybugDB health profile - Mae's clinical reasoning path and governing protocol version for each interaction In Tier 2 flagged cases and Tier 3 hard escalation cases, clinical team members may initiate outbound contact with the caregiver by phone. All clinical team members are bound by confidentiality obligations and operate within the scope of Mae's Clinical Protocol Governance Policy. 6.4 Employer and Benefits Partners If you access Mae through an employer program, Mae may share aggregate, de-identified utilization data with your employer. Mae does not share individual health information with your employer without your explicit consent. 6.5 Legal Requirements and Business Transfers Mae may disclose information as required by law, court order, or lawful government request. In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity and you will be notified. 7. Data Security Mae uses industry-standard security measures including encryption in transit (TLS) and at rest (AES-256), role-based access controls, regular security assessments, and incident response procedures aligned with FTC Health Breach Notification requirements. No system is completely secure. You use Mae at your own risk with respect to data security. 8. Your Rights and Choices 8.1 Access, Correction, and Portability To request correction or a copy of health data stored in your LadybugDB profiles, contact privacy@mae-os.com. We will respond within 30 days. 8.2 Deletion You may delete your account and all associated data at any time through the Mae app or by contacting privacy@mae-os.com. Deletion is permanent. Mae will retain data required by law for the legally mandated period. 8.3 Marketing Communications You may opt out of marketing emails via the unsubscribe link in any marketing email or by contacting support@mae-os.com. 8.4 California Users (CCPA/CPRA) California residents have the right to know, delete, correct, opt out of sale or sharing, and limit use of sensitive personal information. To exercise these rights, contact privacy@mae-os.com. Mae will not discriminate against you for exercising CCPA/CPRA rights. 8.5 AI Transparency (Colorado SB 205, California AB 2013) Mae uses AI to generate health navigation responses designed to support caregiver understanding, not to make clinical determinations. Contact privacy@mae-os.com with questions about how Mae's AI affects your interactions. 9. Data Retention Data Type: Retention Period Account information: Duration of account + 12 months Child health profiles (LadybugDB): Duration of account or 24 months post-closure, whichever is shorter Interaction audit logs: 7 years for clinical quality and safety Clinical oversight records: 7 years for legal and compliance Outcomes follow-up records: 7 years for clinical quality and safety De-identified / aggregated data: Indefinitely, not subject to deletion requests Billing records: 7 years for tax and financial compliance 10. Third-Party Services Mae may integrate with third-party health data sources (Apple Health, wearables) at your direction, governed by the third party's own terms. Mae's app is available through the Apple App Store and Google Play; use of those platforms is governed by Apple's and Google's respective terms. Mae is not responsible for third-party data practices. 11. Changes to This Privacy Policy Mae may update this Privacy Policy from time to time. Material changes will be communicated by email or in-app notification at least 30 days before taking effect for existing users. Continued use after the effective date constitutes acceptance. 12. Contact Us Privacy & Data privacy@mae-os.com Legal legal@mae-os.com Support support@mae-os.com Mailing Address Our Kidz, Inc. (d/b/a Mae), Caldwell, Idaho 83605 If you have unresolved concerns about our data practices, you may contact the Federal Trade Commission at ftc.gov/complaint or your state attorney general.