Privacy and Security
Collection of information
Zmaaya Pty Ltd (the company behind Zmaaya) collects personal information about you in a variety of ways when you visit our website, use our web application, or deal with us by email or on the phone. This information may include your name and contact information and other information relating to your account with us, such as your credit card details.
We also automatically receive and record information when you visit our website, such as your IP address and information stored in cookies on your computer hard-drive.
Use of information
The personal information we collect is used to provide you with services you request and to operate our business efficiently. We use it for billing, identification, authentication, service improvement, research, and also for contacting you when necessary.
We may use your personal information to advise you of new or updated products or services or special offers or promotions that you may be interested in. You can contact us at any time to let us know that you do not want us to use your information for this purpose.
If you do not provide personal information to us we may not be able to provide our services or services most suited to your needs.
We may disclose personal information when we believe it violates our Terms of Service, when it is required to assist with a lawful investigation or comply with the law, if we believe disclosure is necessary to protect our rights, or if some or all of the assets and operations of our business are or may be transferred to another party.
From time to time third party service providers who assist us with our activities, such as website hosts, IT back-up service providers, and other IT or payment service providers, may also have access to personal information held by us and may use this information on our behalf.
To assist us in improving our products and services, we monitor aggregated data that is collected by our Zmaaya application and may share this with third parties collectively and in an anonymous way. This data will not reveal personal information.
We will not sell, rent or share your personal information with third parties in other ways without your consent unless we are entitled by law to do so.
By providing your personal information to us, you consent to us transferring this information to third party IT providers, including our website host and back-up service provider, outside of India.
Storage and Protection
We may hold your personal information in electronic databases, such as our customer relationship management system. We take all reasonable steps to keep any personal information we hold about you secure. We restrict access to personal information to our employees, contractors and agents who require that information in order to operate and develop our application and service.
Access and Correction
You can request access to personal information we hold about you. We will provide this except in the limited circumstances in which we are permitted not to.
You may request that we correct personal information we hold about you that is inaccurate or out-of-date. If you request that we delete your personal information, we will take all reasonable steps to do so unless we need to keep it for legal, auditing or internal business purposes.
Changes to this policy
Questions or complaints
You can contact us at info@Zmaaya.com.
If you have a complaint about how your personal information has been handled, please let us know us immediately. We take your privacy seriously and we will respond to your complaint as soon as we can.
Updated January 2021
Security is a core requirement for you and your clients. We have implemented several security mechanisms to keep your personal data and your clients' data safe.
We believe in transparency. The following guide highlights some of the ways Zmaaya keeps your data safe and secured.
We are compliant to HIPAA, PIPEDA, PHIPA, and GDPR regulations.
A HIPAA BAA is available upon request. Contact us if you have specific concerns about regulations outlined by your governing body.
Refer to our help section about GDPR and how you as a practitioner can obtain consent and satisfy other requirements of the GDPR Act. Learn more
A signed Data Processing Agreement is available upon request. Contact us if you have specific concerns about GDPR compliance.
Payments processed through Practice Better are done in a PCI compliant manner. We process subscription payments via Stripe and payments on your behalf via integrations with Stripe which is a PCI Level 1 Service Providers. Your clients' credit card data is not stored on Zmaaya servers.
Learn more about Stripe compliance:
Security in the browser
We do not persist your password in your browser cache. We use secure cookies with limited lifespans. You will be asked to re-enter your login credentials if your session is idle for the allotted timeout period.
All data sent between your browser and our servers are secured using the industry standard AES-256 bit encryption. We use TLS 1.2 to encrypt your data both between your browser and our servers and between our servers and other internal networks. Data stored on our servers are also encrypted using AES encryption algorithms.
Server & Backups
We store your data on encrypted hard drives on servers in North America.
Data backups are done nightly, so you can rest assured you won't lose sensitive data in the unlikely event of a disaster. Backups are stored for 30 days, after which they are purged from our system.
Opting Out of Marketing Cookies
If you would like to opt-out of marketing cookies, you can do this through your browser's built-in tracking protection functionality. We have included steps for the following supported browsers below.
If you are using Chrome as your main browser, you can enable the Do Not Track setting by following these instructions:
Optionally, you can opt-out of Google Analytics specifically, by downloading the following Chrome Add-on:
If you are using Safari as your main browser, you can block cookies by following these instructions:
If you would like to opt-out of all cookies, we recommend choosing the Prevent cross-site tracking option. This setting will not be specific to marketing cookies, but any cookie generated from any domain.
If using Firefox as your main browser, you can enable and customize the Enhanced Tracking Protection feature:
Help protect your Zmaaya account
Create a strong password for your account
It's always important to have a strong password for services where you store sensitive information. If someone gets access to your Practice Better account, they may be able to view sensitive information about you and your clients.
Make sure your operating system has the latest updates
Most operating systems have free software updates to enhance security and performance. Because updates help keep your PC safer, we strongly recommend that you set up your PC to get these updates automatically.
Never reply to emails asking for your password
Zmaaya will never ask for your password in email, so never reply to any email asking for any personal information, even if it claims to be from Zmaaya.
Check your recent activity
If you receive an email notifying you of unusual activity, you request to see when and where your account has been accessed, including successful sign-ins and security challenges. Request to; email@example.com
Deleting Your Account
You may request at any time for Zmaaya to delete your account data from our system.
Deleting a Client Account
You can request your account be removed from our system by sending a request to: firstname.lastname@example.org
As a practitioner, we do understand that you may need to keep a record of all information and communication between you and your clients as part of your regulatory requirements. If you require copies of the journal entries, chat messages, and documents shared by your client, we recommend exporting your client's file using the instructions provided in this help article.
Deleting a Practitioner Account
As a practitioner, you can delete your data from Zmaaya when cancelling your subscription. Contact us directly to request your data be removed from our system. email@example.com
You will also be removed from our mailing list if you have subscribed in the past.
Your subscription payment history will be retained for the purpose of financial reporting for Zmaaya Inc.