mA.I Health Limited
Privacy Policy

This Privacy Policy was last updated on 10 October 2025.

  1. About this Privacy Policy

    1.1 The mA.I health™ (App) is owned and operated by mA.I Health™ Limited ("we", "us", and "our"). In these terms, “you” refers to an account holder to the App.

    1.2 The App is designed solely as an information repository platform. It allows you to upload, store, search, retrieve and share health-related information you have obtained from health, well-being or disability service providers (Providers) about you (if you are an adult), or about your child (if you are the child’s parent or legal guardian) (Services). The App does not provide any form of health analysis, diagnostic tools, medical advice, or personalised user services.

    1.3 This Privacy Policy sets out how we collect, store, use and disclose the personal and health information that you provide to us through your use of the App, in accordance with our privacy obligations under the Privacy Act 2020 (Privacy Act) and the Health Information Privacy Code 2020 (Health Information Code).

    1.4 This Privacy Policy applies to all users of our App, and forms part of, and should be read together with our Terms and Conditions of Use (Terms and Conditions).

  2. Changes to this Privacy Policy

    2.1 We may amend the terms of this Privacy Policy from time to time and will notify you of any changes by sending you a push notification in our App. It is your responsibility to check this Privacy Policy periodically for changes.

    2.2 Your continued access and use of our App following notification of any changes to this Privacy Policy constitutes acceptance of those changes. If you do not agree with any aspect of the updated Privacy Policy, then you must immediately cease all use of our App.

  3. Key definitions in this Privacy Policy

    3.1 "Personal information" means identifiable information about an individual, such as their name, email address, date of birth and so on.

    3.2 “Health information” means health information and records about an individual, including health information obtained from a Provider (for example, medical notes, records and prescriptions).

    3.3 “Information” means personal information and/or health information (as the case may be) uploaded or inputted into the App.

    3.4 References to “parent” means a parent or guardian of a child.

    3.5 A “user” means any user who creates or accesses an account to the App.

  4. Account types

    4.1 The following types of accounts under the App can be created:

    4.1.1 Personal Account: if you are aged 18 years or over, you may create an account for yourself to store and access your own health information (Personal Account Holder).

    4.1.2 Sub-Account: if you are a Personal Account Holder and a parent of a child under the age of 18,( you may create an account for your child or an account for each of your children (a Sub-Account). By doing so, you will be able to store, manage and access the health information of that child via your own account.

  5. Account Sharing

    5.1 Access to accounts can be shared by account holders:

    5.1.1 If a Sub-Account has been created by a parent who is a Personal Account Holder, and the other parent is also a Personal Account Holder, the parent that created the Sub-Account may give access to the other parent by inviting them from the child’s account to access that child’s account. Once invited, the other parent will also be able to access (and store and manage) the child’s account through their own account.

    5.1.2 Any Personal Account Holder who creates an account for a child or who has access to a child’s account does so subject to agreement to our Terms and Conditions.

    5.1.3 If a parent would like their child to access, store and manage their own health information, then after downloading the App, the child needs to log-in using the email address and password the parent used to create the Sub-Account.

    5.1.4 Once a child logs in to their account (i.e. a Sub-Account), each parent will continue to be able to store, manage and access each child’s health information from within their own account. However, a child will be able to change the password to their account to disallow their parents’ access to their account (and their health information).

    5.1.5 If the child is aged 16 or over, and the parent continues to access, store and manage that child’s health information via their own account, then the parent confirms that they have the consent of that child to continue to upload, store, access, share and manage their Information.

    5.1.6 If you are a Personal Account Holder, you may give access to another Personal Account Holder (e.g. your spouse/partner or adult child) by inviting them to have full access to your own health information. By doing so, you consent to your spouse/ partner and/or adult child to have full access to your own health information. You can revoke this access at any time by uninviting them.

  6. Personal and health information we collect

    6.1 If you are a Personal Account Holder, we may collect and store the following Information about you:

    6.1.1 your name, email address, username, password, date of birth, payment details (including your credit card) (Account Information);

    6.1.2 gender, height, weight, blood type and allergies (Profile Information);

    6.1.3 your health information that you upload to your App; and

    6.1.4 any other personal information that you provide to us through your dealings with us.

    6.2 If you have also created a Sub-Account for a child, we may additionally collect and store personal and health information about your child that you provide to us, including:

    6.2.1 their name, date of birth, email address, username, password (Sub-Account Information); height, weight, date of birth, blood type and allergies (Profile Information); and

    6.2.3 your child’s health information that you upload to our App.

    6.3 We may also collect, store and use technical information through each user’s use of our App, including (but not limited to), the device identifier, device type, date and times of using the App, user behaviour on the App, and any other such technical information relating to the use of the App. This information is only collected and stored at an aggregate level for compliance purposes, such as auditing of data changes and false attempt logins for cyber security.

    6.4 Your Account Information is represented by a unique identifier, which is not linked to you (being the user). Except for your Account Information, we will not link any personal or health information to any specific user, or retrieve each user’s personal or health information connected with their account. We will also not link username and password information to a specific user.

    6.5 If you do not provide the Account Information (for a Personal Account) and Sub-Account Information (for a Sub-Account), you will not be able to create the account and access our Services. It is entirely voluntary to provide us any other personal or health information, including the Profile Information. You may also choose what health information (if any) you upload to our App.

  7. How we collect your Information

    7.1 We collect personal information when you create an account in our App and access our Services.

    7.2 We collect health information when you upload health information to our App and/or request the provision of health information from Providers through features in our App.

  8. Why we collect your Information

    8.1 We collect your Information for the following purposes:

    8.1.1 health information uploaded to the App is collected solely for the purpose of enabling users to store, search, retrieve and share the health information uploaded to the App. We are unable to access the health information connected with each account. We do not analyse, interpret, or provide personalised user services in relation to health information;

    8.1.2 Account Information is collected to allow you to create a user account on our App, and to receive payments for your subscription. We may also use your name and contact details to contact you if necessary, including to respond to your enquiries or complaints. We may use your child’s email address and date of birth information that you provide to us when creating their Sub-Account to contact them when they turn 16 (to notify them about our privacy terms), and when they turn 18 (to notify them about their ability to create a new account as a Personal Account Holder). We may also use Account Information to ensure you are complying with our Terms and Conditions of Use and using our App and Services for their intended purposes;

    8.1.3 Profile Information is collected when setting up an account, for each user to refer to as a reference point. It is voluntary to provide this information, and we do not act on this information;

    8.1.4 other personal information is only collected at an aggregate level to allow us to understand our customer base, how our App is being used, to measure, manage, monitor, develop and improve our Services, for compliance purposes and for our internal business reporting purposes; and

    8.1.5 we may collect and use your Information for any other use that you authorise, and/or to do anything else required or permitted by a court order or relevant laws and regulations (including the Privacy Act and the Health Information Code).

  9. Disclosure and sharing of Information

    9.1 We will only share your Information on your instructions (where you choose to share your Information with third parties by using our App), and on the terms set out below.

    9.2 Your Information is stored with Amazon Web Services (AWS) through their Amazon S3 service. This is a landing zone for raw healthcare data and is for storage only. We have not permitted access to the Information to AWS or any other entity or person.

    9.3 If you request your (or your child’s) health information from a Provider via the auto-populate function in the App, the App may access data from your email account in your email application via APIs or standard protocols, for the purpose of uploading information you receive in an email from a Provider to the App. The App can only access the data linked to the temporary unique identifier code (and which is not linked to the user) that is generated by the auto-populate function when the data is sent to the email address infocollect@maihealth.app. The unique identifier code expires after 30 days, meaning if you request health information from a Provider using the auto-populate function and the Provider does not email you that information within 30 days, any information received after 30 days cannot be uploaded to your account using the unique identifier code. In that case, you will need to request that information again with another unique identifier code. A unique identifier code cannot be used for multiple Providers – a separate unique identifier code must be generated for each Provider.

    9.4 You may choose to share health information with your (or your child’s) Provider or any other person, via email. The sharing of information between you and a Provider or any other person is restricted to the information you select to be shared. Once you send that information via email, it is no longer within the security and encryption framework of the App.

    9.5 The App adheres to strict standards for healthcare data protection, including the US Health Insurance Portability and Accountability Act. Except as otherwise stated in this Privacy Policy, we may also disclose or transfer your Information in the circumstances set out below. Where possible to do so, we will only disclose your Information on an anonymised or aggregate basis:

    9.5.1 when we believe in good faith that disclosure is necessary to protect our rights, or to protect your safety or the safety of others;

    9.5.2 where permitted to do so under the Privacy Act or Health Information Code;

    9.5.3 to comply with any applicable law, court order, regulation, or governmental request;

    9.5.4 to enforce our agreements, policies and terms;

    9.5.5 to protect the security or integrity of our App, website, and our related services;

    9.5.6 if we are selling, assigning or transferring any of our assets or business; or

    9.5.7 if it is necessary and appropriate to facilitate the purpose for which your personal information was collected pursuant to this Privacy Policy, or a directly related purpose.

  10. International Transfers

    10.1 So that we can provide you with our services, your Information may be shared, transferred, disclosed and/or stored in countries other than New Zealand (for example, in Australia).

    10.2 There may be differences between New Zealand’s privacy laws and those of the overseas locations in which your Information (and other data we collect) is located. However, your Information will only be provided by us to our service provider, AWS, outside New Zealand, if we have reasonable grounds to believe that:

    10.2.1 the recipient is subject to New Zealand privacy laws;

    10.2.2 the recipient is subject to privacy laws in their country that offer similar protections to those under New Zealand privacy laws;

    10.2.3 the recipient agrees contractually to protect the Information in a way that provides similar protections to those under New Zealand privacy laws; or

    10.2.4 we have your permission.

    10.3 If you create an account in New Zealand as a Personal Account Holder, or if you have created a Sub-Account for a child in New Zealand, and you and/or your child subsequently relocate and reside in another country and continue to use our Services, you agree that we remain subject to New Zealand’s privacy laws.

  11. Links to other websites, apps or services

    11.1 Our website and App may contain links to third party services (including websites and/or apps) that are not under our control, and which may not follow the same privacy practices as us. We do not endorse or make any representations about the third party services (including, but not limited to their accuracy or thoroughness) and will not be responsible for their content, privacy practices or terms of use. They are provided solely for your information and convenience. Your disclosure of personal or health information to third party services is at your own risk, and we recommend that you check any relevant privacy policies before providing your personal or health information to any third party.

  12. Storage and security

    12.1 We take reasonable precautions to protect your Information from unauthorised access, use, modification or disclosure.

    12.2 The Information that you upload via the use of the App is stored and backed-up by Amazon S3’s backend storage service. Your data is encrypted as it goes between your device and AWS’ storage service, while its stored and from AWS’ storage service to your device. If you're using iOS 12 or later or the equivalent in Android devices and have enabled two-factor authentication, the data is protected with end-to-end encryption, meaning only the user can access it on their device once they have signed into their device and signed into our App and their account.

    12.3 If you believe there may have been a privacy breach, please contact us as soon as possible using the contact details provided below.

  13. Your rights to access, correct and update your personal information

    13.1 You have a right to access, correct and update your Account Information. You can do this manually by editing your summary and/or your profile.

    13.2 You can also search, retrieve or delete any or all health information connected with your Personal Account or any Sub-Account you have access to.

    13.3 As noted above, except for your Account Information, we will not link any personal or health information to any specific user, or access or retrieve each user’s personal or health information connected with their account. If your child requests access to their health information stored on the App, it is your responsibility to share this information with your child.

    13.4 The App is an information repository platform only. We are not responsible for the accuracy of the personal and health information you upload or share via the use of the App.

  14. Retention of Information

    14.1 If you or we terminate or deactivate your account, we will retain the Information connected with your account for 6 months (including, for a parent, your children’s health information). If your account is re-activated within 6 months of termination, you consent to us re-linking the Information connected with your account to enable you to re-access the Information under your account. If your account is not re-activated within 6 months of termination, your Information will be deleted from the App.

    14.2 You may, at any time during your subscription term, delete any health information connected with your account (including, for a parent, your children’s health information).

  15. Contact us

    15.1 If you have any concerns about this Privacy Policy, the use or collection of your personal information, or would like to access or request correction of your personal information held by us, please contact us at enquiry@maihealth.app.

  16. Privacy Commissioner

    16.1 If you are not satisfied with our response to any privacy related concern you may have, you can contact the Office of the Privacy Commissioner online at www.privacy.org.nz, or:

    Office of the Privacy Commissioner
    PO Box 10-094
    Wellington 6143

    Enquiries Line: 0800 803 909