Privacy Policy

Last modified: 24 May 2022

This Privacy Policy explains how Flourish Labs LLC (“Flourish Labs”, “we”, “us” or “our”) collects information about you when you use our websites, myala.app and flourishlabs.net (our “Websites”) or our mobile application (our “App”), when you contact our customer service team, engage with us on social media, or otherwise interact with us (collectively, our “Services”). It also explains how we use and process your information, how we may share it, and how you can update and delete your information. It does not address our privacy practices relating to Flourish Labs job applicants, employees and other personnel.

We may choose or be required by law to provide different or additional information relating to the processing of Personal Information (as defined below) about residents of certain countries, regions or states. Please refer below for additional information that may be applicable to you:

US California: If you are a resident of the State of California, please see our California Privacy Policy for additional California-specific privacy information.
US Nevada: If you are a resident of the State of Nevada, Chapter 603A of the Nevada Revised Statutes permits a Nevada resident to opt out of future sales of certain covered information that a website operator has collected or will collect about the resident. Although we do not sell covered information, you can contact us at https://myala.app/contact/ to submit such a request.
European Economic Area, United Kingdom or Switzerland: If you are located in the European Economic Area (“EEA”), Switzerland or the United Kingdom (“UK”) or otherwise engage with our European operations, please see our European Privacy Notice for additional European-specific privacy information, including what constitutes your personal data, the lawful bases we rely on to process your personal data, how we use cookies when you access our Services from the EEA, Switzerland or the UK, and your rights in respect of your personal data.

What is Personal Information?

When we use the term “Personal Information” in this Privacy Policy, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked directly or indirectly to an individual. It does not include aggregated or de-identified information that is maintained in a form that is not reasonably capable of being associated with or linked to an individual (“Non-Personal Information”).

Our collection of Personal Information

We collect information from three sources: if and when you provide information to us, automatically through operating our Services, and from outside sources.

Information you provide to us

We collect information when you create an account, fill out a form or a survey, or communicate with us via email or social media sites or by contacting customer support. The information you might provide includes your name, email, phone number, demographic information, your responses to forms and surveys, feedback, and other information about you included within your messages to us.

We do not collect payment information.

We will never send you unsolicited emails or contact you by phone requesting your account ID, password, credit or debit card information or national identification numbers.

Information we collect automatically as you use our Services

When you use our Services, we collect the following information about you:

Usage information. For example, we log the pages you visit on our Websites or which screens or features you access in our App.

Information about the browsers and devices you use to access our Services. This includes the type of web browser you use, App version, access times and dates, pages and screens viewed, your IP address, and the page you visited before navigating to our Websites. It includes information about the computer or mobile device you use to access our Services, including the hardware model, operating system and version, device identifiers set by your device operating system, and mobile network information (like your connection type, carrier and region).

We and our third party analytics provider use various technologies to collect and store information, including cookies, pixel tags/beacons, local storage, such as browser web storage or application data caches, databases, and server logs. For more information about these practices and your choices regarding these data collection technologies, please see our Cookie Policy.

We generate some information about you based on other information we have collected. For example, our third party analytics provider may use your IP address to derive the approximate location of your device, such as the city or state you are accessing the Services from. This location data is aggregated and de-identified, it is not tied to your personal information.

Information we get from others

We may receive information about you from third parties; which we combine with Personal Information we collect either automatically or directly from you.

We may get information from third-party app stores you use to install our App. For example, when you submit a feedback report we collect which version of Android or iOS you are running, so we can analyze the issue.
Our vendors that perform services solely on our behalf, such as user research and marketing providers, collect Personal Information and share some or all of this information with us.
With your consent or at your direction when you connect your wearable device to myala, we may receive information from wearable providers such as Apple, Fitbit or Oura. This includes your sleep, activity and heart rate data that you see in the reports in the “Your Data” section of the App.

Our use of Personal Information

We use information about you for the purposes listed below:

To provide our Services. For example, to provide you with features such as Your Report and Check-ins, to facilitate your interactions with crisis counselors, and to provide customer service;
To customise your experience of our Services. For example, by recognising you and remembering your information when you return to our App, we can show you content about mental health resources available at your academic institution or employer;
To communicate with you. For example, we send you Check-in notifications, ask for your feedback, respond to your customer service requests, send you text messages alerting you that someone you are supporting has activated their ‘myala signal’ and would like you to reach out to them, and other administrative messages..
To market our Services, evaluate and improve the effectiveness of our marketing. For example, we may send you marketing messages by email, text messages or in-app messages. You can see information about your choices regarding marketing communications in the “Your Choices” section below.
To understand who is using our Services. For example, if you choose to give us demographic information, this helps us understand the diversity of our User base.
To improve our Services, and develop new products or services. For example, we analyze data about how you use our App to improve the design and make it easier to use. We also use feedback data to create new features that we think you will find useful.
To diagnose or fix technical problems. For example, by monitoring, debugging, repairing, and preventing issues such as the App crashing.
To protect our Services, our users, and the public. For example, by detecting security incidents; detecting and protecting against malicious, deceptive, fraudulent, or illegal activity; fighting spam; complying with our legal obligations; and protecting the rights and property of Flourish Labs and others, which may result in us terminating Services.
To comply with legal obligations;
To facilitate contests, sweepstakes, and promotions; process and deliver entries and rewards.

Where you choose to contact us, we may need additional information to fulfil the request. We may provide you with additional privacy-related information where the scope of the request and/or Personal Information we require fall outside the scope of this Privacy Policy. In that case, the additional Privacy Policy will govern how we may process the information provided at that time.

Our sharing of Personal Information

We share information about you in limited circumstances, and with appropriate safeguards on your privacy.

We do not sell your Personal Information.

We do not share your Personal Information with social media networks.

We do not share your Personal Information with your academic institution or employer.

We may share your Personal Information with companies, organizations, or individuals outside of Flourish Labs as follows:

We share information with your consent or at your direction. For example, we may share your mobile phone number with our crisis support partner if you contact them via our App, or with our SMS/text message provider Telnyx to send you security codes when you log into the app. If you choose to take part in a research study about our Services and give your consent, we may share information such as your answers to Check-in surveys and your wearable data with the researchers.
We share information with those who need it to do work for us to deliver or improve the Services. This might include independent contractors and third party vendors of customer service, infrastructure and hosting, analytics, user research, email and SMS/text communication, engineering services, marketing services and others.
We may share information with third parties, such as legal advisors and law enforcement:
- to comply with laws or to respond to lawful requests and legal process;
- to protect our rights and property and the rights and property of others, including to enforce our agreements and policies;
- in connection with the establishment, exercise, or defense of legal claims;
- to detect, suppress, or prevent fraud;
- as otherwise required by applicable law.
We may share information in an emergency. This includes protecting the health and safety of you, our employees and agents, our customers, or any person.
We may take part in or be involved with a corporate business transaction, such as a merger, acquisition, joint venture, or financing or sale of company assets. We may disclose Personal Information to a third party during negotiation of, in connection with or as an asset in such a corporate business transaction. Personal Information may also be disclosed in the event of insolvency, bankruptcy or receivership.
We may share information between and among Flourish Labs and our current and future parents, affiliates, subsidiaries, and other companies under common control and ownership.

We may also share de-identified and/or aggregated information with third parties. For example, we may share de-identified and/or aggregated information with academic research organizations to help facilitate their research. We may share aggregated information with the administration of your academic institution or employer (for example, we may share the total number of App users from that organization).

Your choices

You have several choices available when it comes to information about you:

Reviewing and updating your information

You can review and update information you provide to us (such as your name, phone number and email address) in the App under “Your Settings” or by contacting us at https://myala.app/contact/

Marketing communications

If we send you marketing communications such as emails, you can opt out by following the instructions in those communications. It may take up to a week for the opt-out to take effect. If you opt out of marketing communications, we may still send you other communications, such as those about your account or legal notices.

Mobile push notifications/alerts

If you opt in when you first sign into the app, we send push notifications to your mobile device, e.g., to remind you to complete your daily Check-in surveys. You can deactivate these messages at any time by changing the notification settings on your mobile device (but you might miss your Check-ins!).

SMS/Text messages

We use text messages to send you verification codes when you sign into the app, instead of passwords. You can stop us sending you text messages by replying to our message with STOP. However, this will effectively mean that you cannot sign into the app anymore, so we do not recommend doing this.

If you agree to be part of a myala user’s support team, we use text messages to send you an alert that they have activated their myala signal and would like you to reach out to them. You can stop us sending you text messages by replying to our message with STOP. However, this will mean that we can no longer send you text messages requesting support for any myala user. If you no longer want to support someone, please reach out to them and ask them to remove you from their support team in the app.

Cookies

For information about our and our third-party partners’ use of cookies and related technologies, and choices you have in relation to cookies, please see our Cookie Policy.

Deleting your account

While we’d be very sad to see you go, you can delete your account and your data if you no longer want to use our Services. You can do so in the App under “Your Settings”. Please note that we retain certain information when required or permitted by law. We also retain cached or archived copies of information about you for a certain period of time. If you are located in the EEA, UK or Switzerland, or otherwise engage with our European operations, please see the European Privacy Notice for additional European-specific information on our data retention practices.

Keeping your information secure

We work hard to keep your Personal Information secure. We implement what we believe to be appropriate and reasonable technical and organizational measures to protect the Personal Information we collect and store from loss, misuse, unauthorized use, access, inadvertent disclosure, change or destruction.

For example:

We use encryption to keep your data private while in transit.
We restrict access to Personal Information to those employees, contractors, and agents who need that information in order to process it. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

However, no network, server, database or Internet or email transmission is ever fully secure or error free. Please keep this in mind when giving us any Personal Information.

International data transfer

Flourish Labs is based in the United States and processes information in the United States, which may not provide equivalent levels of data protection as your home jurisdiction. The Personal Information we collect may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third-party service providers have operations, including in the United States.

For example, if you are accessing our Services from the EEA, your Personal Information will be processed outside of the EEA. In the event of such a transfer, we ensure that: 1) the Personal Information is transferred to countries recognised as offering an equivalent level of protection; or 2) the transfer is made pursuant to appropriate safeguards, such as standard data protection clauses adopted by the European Commission. If you wish to enquire further about these safeguards used, please contact us using the details set out at the end of this Privacy Policy.

Links to Third Party Services

This Privacy Policy applies only to our Services. Our Services may include links to third-party websites, plug-ins and applications (“Third Party Services”). This Privacy Policy does not apply to Third Party Services, and we are not responsible for any personal information practices of Third Party Services. To learn about the personal information practices of third parties, please visit their respective privacy policies.

Children’s Personal Information

Our Services are not directed to children under the age of 16, and we do not intend to or knowingly collect Personal Information from children under 16. If an individual is under the age of 16, they should not use our Services or otherwise provide us with any Personal Information either directly or by other means. If a child under the age of 16 has provided Personal Information to us, we encourage the child’s parent or guardian to contact us at https://myala.app/contact/ to request that we remove the Personal Information from our systems.

Updates to this policy

We will update this Privacy Policy from time to time. When we make changes to this Privacy Policy, we will change the date at the beginning of this Privacy Policy. If we make material changes to this Privacy Policy, we will notify individuals by email to their registered email address, by prominent posting on our Services, or through other appropriate communication channels. All changes shall be effective from the date of publication unless otherwise provided.

Contact us

We welcome your feedback on this Privacy Policy. If you have any comments or questions, please contact us at: https://myala.app/contact/

Change log/updates to this document

24 April 2022: Clarified that we do not collect location information tied to an individual, only in aggregated/de-identified format. Added Apple in section referring to wearables. Added information about how we use SMS/text messaging.

24 August 2021: Posted Terms of Service

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_ga_PSEBT7WSGD	2 years	This cookie is installed by Google Analytics.