1. Information We Collect
Nayya provides Services to our customers (primarily business entities) and their designated end users that utilizes information related to individual healthcare, financial and lifestyle factors. In providing the Services, we collect, store and process data that direct users and customers submit to Nayya or instruct us to process. It is your right to withhold information and Nayya will tell you what information you must provide to receive the Service by designating it as required at the time of collection or through other appropriate means.
1.1. Personal Information Categories. We may have collected the following categories of personal information directly from you or about you in the last 24 months. We do not necessarily collect all examples of personal information listed in a particular category, nor do we collect all categories of personal information for all end users.
Identification Information: Name, email address, date of birth, social security number, address, phone number
Employment information: employment status, identity of your employer, employee identification number, the health plans and/or other insurance products (e.g., disability, pet, life, accident) that your employer offers to you, and the cost of each of those plans to you
Demographic information: your city, state, country of residence, postal code, and age and gender, income level, other lifestyle factors
Financial Information: compensation, soft credit information, mortgage and other loan debt, spending preferences
Family information: identification, employment, demographic, financial and health information regarding your family members that you provide directly to Nayya or that is linked to your insurance plans (e.g., dependent coverage)
Health and healthcare information: medical conditions and activities, medical insurance-related information (member ID, plan information, coverage tier, group number, subgroup, division, service dates, service category, status, place and type of service, diagnosis codes, admission codes, procedure codes, admission type, discharge status, billed amounts, not covered amounts and reason, billing savings and discounts, deductible, copayment, coinsurance, fees and surcharges, reimbursement account coverage), provider information (provider ID, name, address, specialty, hospital type, NPI, in-network indicator, specialty drug indicator), and drug information (RX codes, drug name, dosage, form, quantity, related provider information, underlying condition)
Communication Information: We may collect information when you contact us with questions, feedback or concerns and when you voluntarily respond to questionnaires, surveys or requests for market research seeking your opinion and feedback or otherwise correspond with us online. If you choose to interact with any chatbot on our websites, you agree that the third-party provider of the chatbot service may host your conversation with us.
Social Media Information: We maintain a social media presence on platforms like Instagram, Facebook, YouTube, X, and LinkedIn (“Social Media Pages”). When you interact with us on social media, we may receive personal information that you provide or make available to us based on your settings, such as your contact details. In addition, the companies that host our Social Media Pages may provide us with aggregate information and analytics regarding the use of our Social Media Pages.
1.2. Sources of Information. We may collect personal information about you from the following categories of sources:
Directly from end users (you provide us this information)
Consumer Report / Credit Reporting Agencies
Your employer and their service providers and administrators, including insurance providers
Your health plans, plan sponsors and third-party administrators
Your supplemental insurance plan provider
Government agencies or regulators
From your devices
Social media platforms
Third-party data and other service providers, including third party chatbot services
1.3. Internet Activity Information. When you use the Services or Website, we may automatically log the following information:
Device Information: The manufacturer and model, operating system, browser type, IP address, and unique identifiers of the device you use to access the Services and Website
Usage Information: Information about how you use our Service, such as the types of content that you view or engage with, the features you use, the actions you take, and the time, frequency, and duration of your activities
Location Information: We may derive a rough estimate of your location from your IP address. We may use third party service providers to provide us with other location information
Email Open/Click Information: We may collect information about the date and time you open or click links in emails we send or links on our website
Terms and Conditions and Privacy Policy: We may collect information about the time and time you accept our end user terms and conditions and privacy policies
We may use the following technologies to collect Internet Activity Information:
Cookies, which are text files stored on your device to uniquely identify your browser or to store information or settings in the browser to help you navigate between pages efficiently, remember your preferences, enable functionality, help us understand user activity and patterns, and facilitate online advertising
Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications
Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked
1.4. Protected Health Information. Some of the personal information we process may be subject to laws and regulations, such as rules issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), that govern the use and disclosure of certain individually identifiable health-related personal information (“Protected Health Information”). When Nayya receives Protected Health Information, it may do so as a “business associate” of certain insurance plans, third party administrators, employers or other covered entities or as a subcontractor business associate of another business associate, and may be subject to an agreement that, among other things, prohibits us from using or disclosing the Protected Health Information in ways that are not permissible by the health care provider itself, and requires us to implement certain measures to safeguard the confidentiality, integrity, and availability of the Protected Health Information. When we act as a business associate, we may be subject to certain laws and regulations, including certain HIPAA rules, that govern our use and disclosure of Protected Health Information and that may be more restrictive than otherwise provided in this Privacy Policy.
1. How We Use Your Personal Information
1.5. We use your personal information for the following purposes:
Service and Website Delivery, including to:
provide, operate, maintain, and secure the Services and Website;
create, maintain, and authenticate your account;
manage the security features of the Services and Website; and
understand your needs and interests and personalize your experience with the Services and Website.
Communicate with users, including to:
send updates about administrative matters such as changes to our terms or policies; and
provide user support, and respond to your requests, questions and feedback.
Service Improvement, including to:
support, analyze, and improve the Services and Website and create new features; and
create and derive insights from de-identified and aggregated information.
Marketing and Advertising, including to:
send you direct marketing communications, such notifying you of special promotions, offers and events via email and other means.
Compliance and Protection, including to:
comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
Protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
Audit our compliance with legal and contractual requirements and internal policies; and
Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
1.6. We may de-identify your data, including to create anonymous, aggregated or de-identified data by removing information that makes the data personally identifiable to you. We may use this anonymous, aggregated or de-identified data and share it with third parties for our lawful business purposes, including to analyze and improve the Service, conduct research and market studies and to promote our business. Where we have de-identified personal information, we will not attempt to re-identify it, and we will ensure that any third parties who receive such de-identified information are required to not re-identify it.
1.7. Our Sharing. We do not sell, rent, license, or lease your personal information to third parties. However, to provide the Services and Website, we may share personal information with:
Vendors providing services to Nayya, including hosting services, data warehousing providers, email services, credit agencies, insurance eligibility verification service providers, advertising and marketing services, customer support services, including providers of chatbots, and analytics services.
Professional Advisors, such as lawyers and accountants, where doing so is necessary to facilitate the services they render to us.
Business Transaction Recipients, such as counterparties and others assisting with a merger, acquisition, financing, reorganization, bankruptcy, receivership, dissolution, asset sale, or similar transaction, and with successors or affiliates as part of or following that transaction.
Government Authorities, when required to do so for the Compliance and Protection purposes described in this Policy.
Health Plans, Supplemental Insurance Plans and Providers and Third-Party Plan Administrators, when required to do so in order to provide the Services and only when permitted by applicable law.
Your Employer, we may share anonymized and aggregated insights for the purposes of Service Improvement with your employer. We do not share Protected Health Information you provide to us with your employer.
2. Your Choices and Access to Your Personal Information
Based on your state of residence, you may have certain privacy rights, subject to exceptions, regarding your personal information, as described below. Individuals wishing to exercise their rights in their personal information may do so by contacting us at privacynotices@nayya.com. To process your request and to help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to your personal information or complying with your request. We may require you to provide additional personal information to us. If you are making a request on behalf of someone else, we will need to verify that you have the authority to do so. 1.8. Right to Know: You may have the right to request what personal information we have collected, used, disclosed, and shared about you in the past 12 months.
1.9. Right to Delete: You may have the right to request that we delete certain personal information we have collected about you.
1.10. Right to Correct: You may have the right to request that we correct inaccurate personal information we have about you.
Other ways in which you can control the collection or use of your personal information by Nayya, include:
1.11. Opt Out of Marketing Communications: You may opt out of marketing communications by following the unsubscribe instructions in any marketing email we send you. Please note, however, that you may continue to receive Service-related communications as described in this Policy after opting out of marketing communications.
1.12. Limit Online Tracking: Here are some of the ways you can limit online tracking. Note that some mechanisms are specific to the device or browser on which they are exercised. You will need to opt out on every browser and device that you use.
Block Cookies: Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings.
Limit the Use of Advertising ID: You may be able to limit use of your mobile device’s advertising ID for interest-based advertising purposes through your device’s settings.
Use Privacy Plug-Ins or Browsers: You can block our Services from setting cookies used for interest-based ads by using a browser with privacy features or installing browser plugins and configuring them to block third party cookies/trackers. You can also install a browser add-on to opt out of Google Analytics.
Advertising Industry Opt-Outs: You can also use opt-out options to limit use of your information for interest-based advertising by participating companies like Digital Advertising Alliance and Network Advertising Initiative
Platform Opt-Outs. The following advertising platforms offer opt-out features that let you opt out of use of your information for interest-based advertising: Google, LinkedIn, and Microsoft.
3. Other Important Information
1.13. Security Practices. The security of your personal information is important to us. We employ a number of organizational, technical and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies, and we cannot guarantee the security of your personal information.
1.14. Links to other Websites. The Services and Website may contain links to other websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with Nayya. We do not control third party websites, mobile applications or online services, and we are not responsible for their actions. Other websites and services follow different rules regarding the collection, use and sharing of your personal information. We encourage you to read the privacy policies of the other websites and mobile applications and online services you use.
1.15. Changes to this Policy. The Service and our business may change from time to time. As a result we may change this Privacy Policy at any time. When we do, we will post an updated version on this page, unless another type of notice is required by applicable law. By continuing to use our Service or Website or providing us with personal information after we have posted an updated Privacy Policy, or notified you by other means if applicable, you consent to the revised Privacy Policy and the practices described in it.
1.16. Children. As a general rule, children are not allowed to use the Service and neither our Website nor our Services are directed to children. We define “children” as anyone under 13 years of age. Any personal information of a child we collect has been provided directly by a parent or guardian through use of the Services. If we learn that we have collected personal information of a child without the consent of the child’s parent or guardian, we will delete it.
1.17. Geographic limits. Your information is stored in the United States. If it is necessary to transfer your information, we will ensure that your personal information is protected by appropriate safeguards as required by applicable data protection laws.
1.18. Data Retention. We retain your information in line with our Data Management Policy. This enables us to comply with legal and regulatory requirements or use it where we need to for our legitimate purposes such as managing your account and dealing with any disputes or concerns that may arise. We may need to retain your information for a longer period if we need the information to comply with regulatory or legal requirements (e.g., HIPAA or applicable state laws) or where we may need it for our legitimate internal business purposes. If we don’t need to retain information for this time, we may destroy, delete or anonymize it more promptly. This includes user account information affiliated with our Service.
1.19. Job Applicants. When you apply for a job with Nayya, we collect the information that you provide in connection with your job application. This includes name, contact information, professional credentials and skills, educational and work history, and other information that may be included in a resume or provided during interviews (which may be recorded). This may also include demographic or diversity information that you voluntarily provide. We may also conduct background checks and receive related information.
We use applicants’ information to facilitate our recruitment activities and process employment applications, including evaluating candidates and monitoring recruitment statistics. We use successful applicants’ information to administer the employment relationship. We may also use and disclose applicants’ information (a) to improve our website, (b) as otherwise necessary to comply with relevant laws, (c) to respond to subpoenas or warrants served on Nayya, and (d) to protect and defend the rights or property of Nayya or others.
1.20. Contact Us. Please direct any questions or comments about this Policy or privacy practices to privacynotices@nayya.com.
