Skip to content Skip to footer
Close

Privacy Policy

BayaEthicalAI.com – Privacy Policy Effective Date: 28 February 2026

Privacy Policy

In this Privacy Policy, ‘us’, ‘we’ or ‘our’ refer to UMAK Limited (NZBN: 9429053062857), the owner of the   BayaEthicalAI.com application (Baya App). We are committed to protecting and respecting your privacy. We operate in New Zealand only  and we are bound by  New Zealand’s Privacy Act 2020 and its Information Privacy Principles (IPPs).

This Privacy Policy outlines data collection, storage, transfer, disclosure, retention, and deletion, as well as inputs  and outputs related to the AI (artificial intelligence) used within the Baya App. We also cover users’ request to personal information and children’s privacy.

BayaEthicalAI.com operates a  self-reflection application designed to help adults explore their experiences related to  attention, motivation, organization, and other daily functioning. This app is not a medical device, does not diagnose or treat medical conditions, and does not share data with healthcare providers.

We also operate a separate Health Care Professional (HCP) Training Chatbot, which is isolated from the user app and used exclusively for clinician training and mock practice. There is no interaction with users or patients through the app.

PART A:

PRIVACY POLICY – USER

  1. Purpose of the Baya App The Baya App is a self-reflection tool designed to assist adults in exploring and documenting experiences relating to their attention, organisation, motivation and other daily functioning. The Baya App is not designed for and does not provide any medical, mental health, psychological, or psychiatric diagnosis or treatment. The Baya App is not a substitute for any medical advice or a consultation with qualified health professionals. The Baya App has a feature where users can rate their experience with focus, motivation, emotions, time sense and impulsivity. This is a subjective rating only (not diagnostic) and is meant for user self-reflection.
  2. Collection of personal information
  • We only seek to collect personal information reasonably necessary for us to perform our functions and activities. The primary purpose for collecting, holding and using personal information is to create a profile account with us. For the purpose of user profile creation, authentication, and login on the Baya App, we will collect the following information:
  • email address (for authentication)
  • email authentication is handled by Microsoft Entra Id external service (Customer Identity & Access Management (CIAM)
  • We do not collect any other personal or sensitive information for access to the application, which includes but is not limited to your health information, including:
  • identifying information such as name and date of birth
  • demographic information, such as age and address;sensitive information including health diagnosis or treatment or any biometric information (such as voice biometrics); and
  • any direct financial information (note : all payments, subscriptions, and in‑app purchases are processed securely through the Apple App Store or Google Play Store, depending on your device.)
  1. Use of AI (artificial intelligence) to generate summaries
  • The Baya App uses an AI assistant via Microsoft Copilot Studio, which receives input from users and generates output by way of summaries. Users’ active participation is required, where they review and approve the AI-generated summaries before saving the summary.
  • Users’ input into AI may include:
  • self-reflection on their attention, organisation, and daily functioning;
  • descriptions of their lived experiences;
  • sleep routine, habits, or quality; and
  • descriptions of general health and life stress observations.
  • We note that users’ input may include information such as sleep patterns or focus issues which can be regarded as sensitive information, which includes but is not limited to your health information, which is voluntarily and routinely entered into the Baya App by users. We treat your information with the highest level of care. Please refer to section 4 below “Data storage, transfer, and disclosure”.

The app has a message node which appears each time the chatbot is used reminding users to refrain from disclosing personal identifying information or any medical diagnosis and treatment. This is not required for the functioning of the application.

  • The AI-summary output (AI transparency and use):
  • Questions asked through the chatbot are static and pre designed.
  • AI (natural language processing or NLP) is used only to summarise the users chat.
  • Summary will only be based on users’ input into the AI rather than drawing on any external sources;
  • requires users to review, modify if necessary, and approve the summary prior to the summary being saved as a record; and
  • is not designed to generate any medical assessment, diagnosis, or treatment suggestions.
  • Uses Azure Open AI GPT models for summarising
  • The data is not used by the application for chatbot optimisation or AI training and optimisation.
  • AI-generated summaries may be incomplete or inaccurate. Users should review and edit before saving and always consult a qualified professional for health concerns.
  1. Data storage, transfer, and disclosure
  • We take the security of your data seriously. We will endeavour to take all reasonable steps to keep secure any information which we hold about you, and to keep this information accurate, up to date and complete. We require our employees and data processors to respect the confidentiality of any personal information held by us.
  • Our data storage is localised, i.e. we store your data as per our business agreement with Microsoft Dataverse, hosted on Microsoft Azure. Region selected by BayaEthicalAI: (Australia East).
  • Your data remains within the Baya App and is solely used for the AI-generated summaries. Your data will not be shared with any third parties, including to any healthcare providers or for purposes such as advertising and marketing, unless you have consented to such different use or disclosure or such use or disclosure is otherwise allowed by applicable privacy laws. We will take all reasonable steps to maintain the security and integrity of your personal information including the use of computer access passwords, lock-up cabinets, personnel policies and/or firewalls.
  • In terms of security controls and data encryption, we use the following:

Microsoft Copilot Studio : At rest: AES‑256 (Microsoft‑managed by default).In transit: TLS 1.2+.

Microsoft Dataverse : At rest: SQL Server TDE, full environment‑wide encryption at rest .In transit: TLS 1.2+.

Strict role- based controls

Zero- trust access model

  1. Data retention and deletion
  • We will retain your personal information only for as long as necessary to fulfill the purposes we collected it for, as well as for any legal, reporting, or accounting requirements. Accordingly, once a user deletes their account, we will erase and delete the user’s information from our systems.
  • Users have the right to request deletion of their account and associated data. We provide a mechanism for users to request account deletion, which is accessible via the app’s main menu or settings. Upon request: User data is removed from production within 30 days and any backup data is removed in the next backup cycle (within 90 days). System logs are retained for 90 days
  • When we no longer need to store your information, we will take steps to properly de-identify or destroy it.
  • If you wish to have your personal information deleted, please send a request to email: humannottoken@BayaEthicalAI.com and we will take all reasonable steps to delete it unless we need to keep it for legal reasons.
  1. Access request to personal information

Users have the right to request access or deletion to the copies of their personal information which we hold. Upon receiving a request for access, we will verify your identity prior to proceeding with the request.

Requests can be directed to email: humannottoken@BayaEthicalAI.com

  1. Children’s privacy

The Baya App is not designed for, or directed at, people under eighteen (18) years of age. We do not knowingly collect personal information from minors. In the event we are aware of a minor using the Baya App, we will take immediate steps to notify the user, disactivate the account, and delete the user’s personal information as soon as possible.

  1. Complaints about privacy
  • If you have any questions about our Privacy Policy, or any complaint regarding treatment of your privacy by us, please contact us at the details provided in this Privacy Policy.
  • In most cases we will ask that you put your request in writing to us. We will investigate your complaint and will use reasonable endeavours to respond to you in writing within 30 days of receiving the written complaint. If we fail to respond to your complaint within 30 days of receiving it in writing or if you are dissatisfied with the response that you receive from us, you may have the right, depending on the jurisdiction, to make a complaint to the applicable regulator.
  1. What if our Privacy Policy Changes?

We will use information in accordance with the Privacy Policy under which the information was collected. If we decide to change our Privacy Policy, we will post those changes on our https://bayaethicalai.com so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personal information in a manner materially different from that stated at the time it was collected we will notify users by email or via a prominent notice on our website, and where necessary we will seek the prior consent of our users

Contact

Email: humannottoken@BayaEthicalAI.com |  Website: https://BayaEthicalAI.com

PART B:

PRIVACY POLICY – HEALTHCARE PROFESSIONAL (HCP) INTERFACE

  1. Overview:

BayaEthicalAI.com (Company UMAK Ltd: NZBN 9429053062857) operates a training interface for healthcare professionals (HCPs). This platform provides static multiple-choice questions (MCQs) and mock scenarios related to executive function issues in adults with attention deficit hyperactivity disorder (ADHD).

  • The interface is for educational purposes only.
  • It does is not diagnostic software
  • Use of this interface does not result in certification or diploma in Adult ADHD.
  1. Data We Collect

To verify that the user is a genuine healthcare professional, we collect basic professional information only, such as:

  • Email
  • A company code is emailed to your healthcare practice manager which can be used by you to complete the login.

No additional personal identifiers (e.g., DOB, address) are required.

  1. Data We Do Not Collect
  • No patient data is collected or processed.
  • No chat or free-text interaction occurs; all questions and answers are pre-coded.
  1. Purpose of Data Use
  • To grant access to the HCP training interface.
  • To maintain platform integrity and prevent misuse.
  • Data is not used for marketing or shared with third parties.
  1. Data Storage and Security
  • Stored in Microsoft Dataverse and Azure Cloud Services (Region: Australia)
  • Encrypted at rest (AES-256) and in transit (TLS 1.2+).
  • Role-based access controls and zero-trust security model.
  1. AI Transparency
  • The HCP interface uses static, pre-coded MCQs and scenarios.
  • No generative AI or adaptive scoring is applied.
  • No patient interaction is provided.
  • The HCP interface may link to external, published resources on adult ADHD. These links are provided for educational context only.
  1. Rights and Retention
  • HCPs may request access or deletion of their account data.
  • Upon deletion request:
    • Account data is removed from production within 30 days.
    • Backups are purged within 90 days.
  • System logs retained for 90 days for security auditing.
  1. Age and Professional Restrictions
  • Access is limited to verified healthcare professionals aged 18+.
  1. Contact


Email: humannottoken@BayaEthicalAI.com | Website: https://BayaEthicalAI.com