PRIVACY POLICY

MAIA AI LTD. is a company registered in the United Kingdom under company number 15418515, with a registered office at 86–90 Paul Street, London, EC2A 4NE, UK.

For the purposes of applicable data protection laws (including the UK GDPR), Healz.ai acts as a data controller for personal data processed in connection with the operation of the platform, including the provision of AI‑generated informational responses and related technical services.

Where users choose to engage with independent Health Specialists, such Health Specialists act as independent data controllers in respect of any personal data they process in the course of providing their services.

Healz.ai allows users to upload health‑related documents and questions to receive:

• AI‑generated informational responses;
• Optional informational review by independent licensed Health Specialists acting outside the Healz.ai platform under a separate professional engagement with the user.

Healz.ai does not provide medical care or prescription services, and no doctor‑patient relationship is established between Healz.ai and any user.

We may collect the following types of data when you use the Service:

• Uploaded Content: Documents, lab results, or health‑related text submitted by you;
• Health‑related Information: Only if you voluntarily include it in your upload;
• Technical Data: IP address, browser type, device information, and usage logs;
• Session Metadata: Timestamps, request logs, and diagnostic information;
• Consent Records: Your agreement to our Terms of Service and Privacy Policy, including the time and method of consent.

Important: We do not require or encourage you to include personally identifiable information (PII).

You are solely responsible for removing or redacting any PII or sensitive data before uploading content.

We rely on the following legal bases under the UK GDPR:

• Performance of a contract, to provide the services you request;
• Legitimate interests, to operate, secure, and improve the Service;
• Explicit consent, where required by law, for the processing of special category data such as health information.

You may withdraw consent at any time where consent is the applicable legal basis (see Section 14).

Your data is used strictly to:

• Generate AI‑based informational responses;
• Deliver optional informational commentary from independent licensed Health Specialists;
• Operate, secure, and improve the reliability of the Service (in anonymized or aggregated form where feasible);
• Measure and optimize advertising that brings new users to the Service. We share a limited set of account-level events with advertising partners as described in Section 12.

We do not:

• Sell your data to third parties;
• Share the contents of your chats with the AI, your symptom descriptions, uploaded health documents, lab results, or health‑questionnaire responses with advertising partners;
• Use uploaded content for AI training unless you explicitly opt in.

We may share data with trusted third‑party service providers that support:

• AI processing;
• Cloud infrastructure;
• System operations and security.

While we do not control the internal operations of each subprocessor, we require them by contract to process personal data only in accordance with our instructions, to apply commercially reasonable data protection and security safeguards, and to comply with applicable data protection laws.

A list of subprocessors is available upon request.

Your data may be processed outside the UK or EU, including in the United States, by trusted infrastructure and AI providers. Where such transfers occur, we implement appropriate technical and legal safeguards in accordance with applicable data protection laws.

We take reasonable technical and organisational measures to protect your data, including:

• Secure HTTPS connections;
• Encryption where applicable;
• Access controls and monitoring.

However, no system is completely secure, and we cannot guarantee absolute data security.

We retain your data only as long as necessary to:

• Deliver the Service;
• Comply with legal obligations;
• Respond to user requests;
• Enforce our Terms of Service.

Retention periods are aligned with the purposes described in our Terms of Service.

Uploaded content may be deleted upon request unless retention is required for legal, security, audit, or fraud‑prevention purposes.

Under the UK GDPR, you have the right to:

• Access a copy of your personal data;
• Request correction or deletion;
• Withdraw consent where applicable;
• Object to certain processing activities;
• Lodge a complaint with the UK Information Commissioner's Office (ICO).

To exercise your rights, contact us at [email protected].

We use cookies and similar technologies to:

• Maintain secure sessions;
• Analyze usage patterns;
• Improve site performance and user experience;
• Measure and attribute advertising performance. This includes Meta's first-party cookies _fbp and _fbc, and Google Ads click identifiers. See Section 12 for details.

You can control or disable cookies through your browser settings or our cookie consent banner. Disabling analytics cookies stops client-side advertising measurement but does not delete data already shared.

Many health apps share questionnaire responses, symptom descriptions, and chat content with advertising platforms in exchange for cheaper traffic. We made a deliberate choice not to. The list below is exhaustive — if it isn't in this list, we don't send it.

What we never share

We do not share the contents of your chats with the AI, your symptom descriptions, uploaded health documents, lab results, health-questionnaire responses, or any other clinical or medical information with advertising partners. Only account-level events — account creation, trial start, and subscription payment — are shared.

Our advertising partners

Our current advertising partners are Meta Platforms, Inc. (Facebook and Instagram) and Google LLC (Google Ads).

What we share

When you create an account, start a trial, or make a subscription payment, we send the following to our advertising partners:

• Your hashed email address, hashed internal account identifier, and hashed first and last name (when available);
• Hashed phone number, city, state, postal code, and country from your billing information (when available);
• Your IP address, browser user agent, and first-party Meta cookie identifiers (_fbp and _fbc);
• The event name (account creation, trial start, or subscription payment), event timestamp, and — for paid events — the subscription amount and currency.

Purpose

We share these events to measure advertising effectiveness, to optimize delivery of future campaigns, and to reach people similar to our existing users.

Legal basis

Our legal basis under the UK GDPR is your consent, which you provide by creating an account and agreeing to our Terms of Service and this Privacy Policy.

California residents (CCPA / CPRA)

If you reside in California, you have the right to opt out of the sharing of personal information for cross-context behavioral advertising. To opt out, email [email protected]. On request we will apply Meta's Limited Data Use restrictions to events associated with your account, so data shared with Meta is used only for measurement and not for optimization or audience building.

How to opt out

You can disable advertising cookies in our cookie consent banner or contact us at [email protected] to opt out of conversion-event sharing. Opting out stops future sharing; it does not retroactively delete data already shared with advertising partners.

Retention

Advertising partners retain data according to their own retention policies. Meta currently retains advertiser conversion data for up to two years.

Minors

The Service is intended for users aged 18 and over. We do not knowingly share any data related to minors with advertising partners.

Certain features of Healz.ai, may be offered on a paid basis. Billing and transaction data may be processed by secure third‑party payment processors. Healz.ai does not store full payment credentials such as credit card numbers.

We may update this Privacy Policy from time to time. Any changes will be posted on this page with a revised Effective Date.

For privacy‑related questions, concerns, or requests:

MAIA AI LTD

86–90 Paul Street

London, EC2A 4NE, UK

Email: [email protected]