Login

Login

Login

PRIVACY POLICY

Updated March 24, 2025



This privacy policy (“Privacy Policy”) describes how we collect, use, maintain, protect, and disclose information you provide or we collect when you use our website at https://care.malla.co and any other Malla website that links to this Privacy Policy (collectively, the “Site”) and our related services, products, app, email and other communications (collectively, with the “Site”, the “Services”). The terms “Malla”, “us”, “we” or “our” refer to Malla Ventures, Inc., the owner of the Services, and its affiliates and subsidiaries. The terms “you” or “your” refer to the user or viewer of the Services. 

Personal information doesn't include publicly available information from government records, consumer data that’s been anonymized or aggregated, or information excluded from applicable laws, such as health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended.

If you’re a patient using our Services, any information you share with us might be considered protected health information (PHI). Malla will safeguard that information as required by federal and state laws. When we handle PHI for our healthcare provider customers, we follow the agreements we have with them, including our Business Associate Agreement, which HIPAA mandates.

Also, if you’re a patient, your healthcare provider may have their own rules and policies about how they collect, use, and share your information.

This Privacy Policy incorporates, and you agree to be governed by, the privacy policy of our third-party healthcare platform provider Healthie (https://www.gethealthie.com/privacy).



Personal Information We Collect

For purposes of this Privacy Policy, “Personal Information” means any information that identifies or relates to a particular individual and also includes information referred to as “personally identifiable information” or “personal data” under applicable data privacy laws, rules, or regulations. We may collect the following categories and specific types of Personal Information when you visit the Site or use our Services:

  • Basic Identifiers: Contact and account data, such as your full name, login credentials, email address, physical address, and phone number.

  • Professional Information: Information related to your business, such as your title, specialty, credentials, where you work, business address, and practice description. 

  • Demographic Data. Characteristics of protected classifications, including age, gender, race and ethnicity. 

  • Payment Information. Transactional data, such as your credit card information, bank account details, and other payment information.

  • Government-Issued Identifiers. Information related to government-issued identifiers, including your driver’s license number, or other similar government identifier for identification verification purposes. If you are a provider using our Platform, we will also collect your NPI or other credentials.

  • Commercial Information. Information related to products, subscriptions, or services you have purchased from us. 

  • Communication data. Information obtained via our customer service team and other communication channels.

  • Interests and preferences. Product preferences, interests, feedback, and survey data.

  • User Content. Information related to communications between you and us, including emails, survey responses, comments, product reviews, testimonials, and other content.

  • Usage and Performance Data. Data related to the use of our Services. This may include your interactions with our Services, error reports, and other data about the performance of our Services. This data helps us to diagnose problems with our Services and to improve various features and solutions for your future use.

  • Sensory Information. We may record your voice or likeness, such as when you attend a live, online product demonstration or training session, or when we record customer service calls for quality assurance.

  • Inferences. We may also draw inferences from any of the information identified above. 

  • Geolocation Data. We may collect information, such as your IP address, that permits us to determine your general location (e.g., your city or state).

Other information that we may collect which is not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

Please note, if you choose not to provide certain information, we may not be able to provide requested Services or features of the Site.



Automatic data collection.

We, our service provides, and our advertising partners may collect Personal Information automatically about you or your device, and your activity over time on the Site, the Services, and other online sites or services, such as:

  • Device data, such as your computer or mobile device operating system type and version number, manufacturer and model, browser type, screen resolution, IP address, unique identifiers, the website you visited before browsing to our Site or Services, or general location information such as city, state, or geographic area.

  • Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, or duration of access.

When you visit the Site or use the Services, our servers may automatically record some of these types of Personal Information in log files. We may use this information to help secure the Services by identifying potential threats and vulnerabilities, or in analyzing the effectiveness of the Services to improve their function and content.  

In addition, when you use or access the Site and Services, we, our service providers, and our advertising partners may use cookies and similar technologies such as pixels, web beacons, and local storage to collect information about how you use the Site and Services. For example, we may use some or all of the following technologies:  

  • Cookies, which are text files that websites store on a visitor’s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand user activity and patterns, and facilitating online advertising.

  • Web beacons, also known as pixel tags or clear GIFs, which are typically used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked, typically to compile statistics about usage of websites and the success of marketing campaigns.

  • Local storage, which is used to save data on a visitor’s device. We may use data from local storage to, for example, turn on web navigation, store multimedia preferences, customize what we show you based on your past interactions with our Site or Services, and remember your preferences. 

  • Session-replay technologies, which are third-party software programs that we may use on the Site or Services to record a video replay of user’s interactions with the Site. The video replay may include users’ clicks, mouse movements, scrolls, mobile app touches, typing, and other activity taken during the session. We use these replays for research and development purposes, such as to help us troubleshoot problems with the Site and Services, understand how users interact with and use the Site and Services, and identify areas for improvement.

  • Chat technologies, to operate the chat features that you can use to communicate with us through the Site. Our chat vendors and other third parties may access and use the device data and online activity data described above, and monitor and record your chats, for the purposes described in this Privacy Policy. When you use these features you are not communicating with a human.

We process the Personal Information collected through such technologies for a variety of purposes, including to help operate certain features of the Site and Services, to enhance your experience through personalization, and to help us better understand the features of the Site and Services that you and other users are most interested in.  

Third party sources.

We may combine Personal Information we receive from you with Personal Information we obtain from other sources, such as:

  • Data providers, such as information services, data co-ops, and data licensors. 

  • Public sources, such as social media platforms like LinkedIn.

  • Customers, such as other providers on the platform.

  • Marketing partners, such as companies that have entered into joint marketing relationships with us. 

Our customers and other users of the Site or Services may have the opportunity to refer colleagues or other contacts to us and share their contact information with us. Please do not share another person’s contact information or other Personal Information with us unless you have their permission to do so.



How We Use Personal Information

We use Personal Information for the following purposes:

  • To operate the Services, including providing you with technical support and to improve the Services.

  • To create, monitor, and maintain your account. 

  • To complete any registration or other transactions or actions you request online, such as payment processing.

  • To provide you with information that you have requested or to respond to your inquiries.

  • To enhance the safety, security, and performance of the Services. This includes verifying your identity, as well as preventing or detecting fraud or other unauthorized or illegal activities.

  • To design, develop, and communicate with you about our new features, products, and services, or, subject to any consents or authorizations that are required by applicable law, those of our subsidiaries, affiliates, and parent companies and any of their related businesses and those of our third-party partners.

  • To measure or understand the effectiveness of communications (including advertising) that we send to you and others, and to deliver relevant communications to you and to provide you with communications from Malla, surveys, newsletters, and other information.

  • To better understand our audience.

  • To notify you about changes to the Services.

  • To create de-identified information that cannot be used to personally identify you, such as aggregate statistics relating to the use of the Services.

  • To enforce this Privacy Policy and any other terms that you have agreed to, including to protect the rights, property, or safety of us or any other person, or the copyright-protected content of the Services.

  • For any purpose where you have given your consent (where legally required).

  • To comply with applicable federal, state, and other laws and regulations.

  • To enforce our agreements, comply with legal obligations, and to defend us against legal claims or disputes. 

  • To promote our Services, products or our business. Where required by law, we will ask your consent for such activities, which you may withdraw at any time.

    • Direct Marketing. We may send you direct marketing communications, by email or otherwise, as permitted by law. See Your Privacy Rights and Choices below for information on how to stop receiving direct marketing communications.

    • Interest-Based Advertising. We engage our advertising partners, including third party advertising companies (such as Google Ads) and social media companies, to display ads around the web. These companies may use cookies and similar technologies to collect information (including, subject to our Cookie Policy, the automatically-collected data described above) about your interactions over time across our Services, our communications, and other online services, and use that information to serve online ads that they think will interest you. This is called interest-based advertising. For more information, please visit our Cookie Policy.

Except where consent is required, we undertake such marketing and advertising on the basis of our legitimate business interests. Where we seek your consent, you may withdraw your consent at any time.

We do not engage in profiling in furtherance of decisions that produce legal or similarly significant effects concerning consumers.



Artificial Intelligence

We may use artificial intelligence (AI) to enhance or help us provide the Services. For example, we may use AI tools to provide quicker, more efficient responses to your customer service requests. When you interact with those tools, your Personal Information may be used to provide you with a response or to otherwise provide the output or feature for which AI is being used.

Use of Google Workspace APIs
We do not use data obtained from Google Workspace APIs to develop, improve, or train generalized Artificial Intelligence (AI) or Machine Learning (ML) models. This includes but is not limited to data from Gmail, Calendar, Drive, and other Workspace services. Our use of Google user data complies with the Google API Services User Data policy (https://developers.google.com/terms/api-services-user-data-policy), including the limited use requirements.



How We Share Personal Information

We disclose Personal Information to certain third parties in the following circumstances: 

  • Service Providers. We may share your Personal Information with third party companies and individuals that provide services and products on our behalf or help us operate and provide the Services. Examples of these service providers include entities that process credit card payments, that provide website and application functionality, hosting, analytics, customer support via chatbot, email delivery, marketing, advertising measurement, and database management services.

  • Advertising Partners. We may share your Personal Information with third party advertising companies, including for the Interest-Based Advertising described above. For details on the third parties that may place Cookies through our Sites, and information on your choices regarding Cookies, please see our Cookie Policy. 

  • Professional Advisors. Our legal, financial, insurance, and other advisors in connection with the kinds of corporate transactions described below or in connection with the management of all or part of our business or operations.

  • Transfers of Control. Another entity as a result of a corporate sale, merger, consolidation, asset sale, or in the unlikely event of bankruptcy or we go out of business. User information is generally considered an asset that is transferred in one of these types of corporate transactions.

  • Business Partners. With your consent, we do share your name and email with certain partners we may work with. If you would not like your information shared with these partners, notify us via support@malla.co

  • Authorities and Others. We may share your information to comply with legal processes (including to comply with the law, to enforce our Terms of Service, or to respond to subpoenas, discovery requests, or similar legal processes or proceedings), cooperate with law enforcement or when we believe it is prudent to share information with legal authorities, and investigate and prevent fraud or imminent harm to you, our users, or to us. We may also share your information to ensure the security of our network and the Services.



Your Rights and Choices

We also offer you choices that affect how we handle the Personal Information that we control. You may request the following in relation to your Personal Information:

  • Information about how we have collected and used your Personal Information. We have made this information available to you without having to request it by including it in this Privacy Policy.

  • Access to a copy of the Personal Information that we have collected about you. Where applicable, we will provide the information in a portable, machine-readable, readily usable format.

  • Correction of Personal Information that is inaccurate or out of date for the purpose for which we collected or use this data.

  • Deletion of Personal Information that we no longer need to provide the Services, deliver Products, or for other lawful purposes.

  • Additional rights, such as to object to and request that we restrict our use of your Personal Information, and where applicable, you may withdraw your consent.

To make a request, please email us or write to us as provided in the “Contact Us” section below. We may ask for specific information from you to help us confirm your identity. Depending where you reside, you may be entitled to empower an “authorized agent” to submit requests on your behalf. We will require authorized agents to confirm their identity and authority, in accordance with applicable laws. You are entitled to exercise the rights described above free from discrimination. 



Opting Out of Cookies and Sale/Sharing Using Online Tracking Technologies 

Our use of online tracking technologies may be considered a sale or sharing under applicable law. As a visitor to our Site, you can opt out of being tracked by these third parties by emailing support@malla.co.

Depending on where you access the Services from, you may have the right to opt out of targeted advertising through a Global Privacy Control (GPC) enabled browser setting. If you have this right, when you visit and log in to our websites in a GPC-enabled browser, we will treat our initial receipt of the GPC signal as a valid request to opt-out of targeted advertising, as defined by applicable U.S. privacy laws granting this right. To download and use a browser supporting the GPC browser signal, visit: https://globalprivacycontrol.org/orgs.

Please note that if you are logged out, our processing of the signal will be limited to the specific browser that you are using. You may need to renew your opt‑out choice if you use a different browser to access our websites. Other than GPC, we do not recognize any "do not track" signals.




Limits on Your Rights and Choices

In some instances, your choices may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a feature of our Services you have requested, or our ability to comply with our legal obligations and enforce our legal rights. If you are not satisfied with how we address your request, you may contact us as provided in the “Contact Us” section below. 


Identity Verification

For security purposes, we may request additional information from you to verify your identity to enable us to process some requests. In such cases, we may contact you by email to verify your request. Depending on your request, we will ask for information such as your name and the email address associated with your Malla account.


Authorized Agent

Depending on your state of residence within the United States, you may designate an authorized agent to submit a request on your behalf to exercise your privacy rights described herein. To authorize an agent to do so, you must: (1) provide to such agent your signed permission to submit such request; and (2) verify your own identity directly with us. We may deny a request from an authorized agent if the agent does not provide adequate proof that they have been authorized by you to act on your behalf.


Responding to Requests

Upon receipt of your request, we will respond within the time frame permitted by the applicable law.


Appealing Requests

Depending on your state of residence within the United States, you may appeal our decision to your request regarding your Personal Information. To do so, please contact us in any of the ways listed in the “Your Rights” section. We respond to all appeal requests as soon as we reasonably can, and no later than legally required.

Promotional Emails

To stop receiving promotional emails, you can click on the “unsubscribe” link at the bottom of any promotional email you receive from us. If you are a patient, please contact your healthcare provider to update your communication preferences. If you are a patient of a healthcare provider who uses our Platform, please contact your healthcare provider to update your communication preferences.


Limiting the Use of Sensitive Personal Information

Malla only collects sensitive Personal Information, such as your social security number, financial account information, and as otherwise defined by applicable law, when you provide it to us. Some purposes for the collection and processing of sensitive information include to verify your identity, such as to: perform the Services as reasonably expected; prevent, detect, and investigate security incidents; and verify or maintain the quality or safety of our products and services. We only use such sensitive Personal Information for the use disclosed at the time you provide it to us. Malla does not use sensitive Personal Information for the purpose of inferring characteristics about you. Malla does not offer the right to limit the use of sensitive Personal Information.


Your Rights with Respect to Health and Medical Information We Collect or Process

If you are a patient of a healthcare provider who uses our Platform, we may collect or process information about you at the direction of your healthcare provider. If your healthcare provider is a Covered Entity under HIPAA, your rights with respect to your PHI are governed by HIPAA as well as our Business Associate Agreement with your healthcare provider. If you would no longer like to be contacted by that healthcare provider via our Platform, please contact your healthcare provider directly. If you would like to access or delete Personal Information, or to correct or update inaccurate Personal Information, please contact your healthcare provider directly to do so.

We will retain Personal Information we process on behalf of our customers for as long as needed to provide the Services to our customers. Malla will retain this Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.


Data Aggregation Services & De-identified Data
To the extent we receive PHI from our customers that are Covered Entities under HIPAA, we may use such information to provide data aggregation services (as that term is defined by HIPAA) and to create de-identified data in accordance with 45 CFR 164.514(a)-(c) retaining all ownership claims relating to the de-identified data Malla creates from PHI. Malla may use, during and after this agreement, all aggregate non-identifiable information and de-identified data for purposes of enhancing the Service, technical support and other business purposes, all in compliance with the HIPAA Privacy Standards, including without limitation the limited data set and de-identification of information regulations.


Data Retention 

Personal Information is retained for an appropriate period of time depending on the purposes of processing your Personal Information and we will securely destroy your Personal Information once there is no longer a need to keep it, in accordance with applicable laws and regulations.



We may also keep some of your information as required to meet legal or regulatory requirements, resolve disputes, prevent fraud or abuse, enforce our terms of use, or for other legitimate business purposes.

When we no longer have a need to keep your information, we will either delete it from our systems or anonymize it so that it no longer identifies you.



Data Processing

Malla is based in the United States and uses service providers and has corporate affiliates that may be located outside of the United States.

If you submit Personal Information to us, your Personal information may be processed in a foreign country, where privacy laws may be less stringent than the laws in the United States. By submitting your Personal Information to us, you agree to the transfer, storage, and processing of your Personal Information in a country other than your country of residence. 



Children's Privacy

The Services are not directed to children, and we do not knowingly collect information from children under 16. If you are a parent or guardian and believe that we have information about your child, please contact us as described in the Contact Us section below.



Security

We maintain organizational, administrative and technical safeguards designed to protect your Personal Information from loss, misuse and unauthorized access, disclosure, alteration, or destruction. However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee its absolute security.



Links to Other Websites

The Services may contain links to or integrations from other websites not operated or controlled by us (“Third Party Sites”), including social media websites and services . The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of such Third Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact those sites directly for information on their privacy practices and policies.



How Will I Know if this Privacy Notice Changes? 

We may change this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Site.



Contact Us

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at support@malla.co or by mail to:



Malla Ventures, Inc.

Attn: Privacy

1000 Santa Monica Boulevard

Apt 1908

Los Angeles CA 90067



Additional U.S. State Disclosure



Some U.S. state privacy laws require specific disclosures. The following table provides additional information about the categories of Personal Information we collect and how we use and disclose that information. You can read more about the Personal Information we collect and where we collect it from in “Personal Information we collect” above, how we use Personal Information in “How we use Personal Information” above, and how we retain Personal Data in “Data Retention” above.

Basic Identifiers
- Primary purpose for processing:
Providing the Service
Business operations
Communicating with You
Referrals
Business operations
With your consent
As required by applicable law
- Primary recipients:
Service Providers
Business Partners

Professional Information
- Primary purpose for processing:
Providing the Service

Business operations

Security, Safety and Dispute Resolution

Communicating with You

Marketing and Promotional Purposes

Referrals

Analytics and Personalization

Employment Decisions

As required by applicable law
- Primary recipients:
Service Providers

Demographic Data
- Primary purpose for processing:
Providing the Service

Business operations

Core Functionality and Improvement

Security, Safety and Dispute Resolution

Marketing and Promotional Purposes

Referrals

Analytics and Personalization

As required by applicable law


- Primary recipients:
Service Providers
Business Partners

Device Data; Online Activity Data; Geolocation Data
- Primary purpose for processing:
Providing the Service

Business operations

Core Functionality and Improvement

Security, Safety and Dispute Resolution

Marketing and Promotional Purposes

Analytics and Personalization

As required by applicable law


- Primary recipients:
Service Providers
Third Parties

Usage and Performance Data
- Primary purpose for processing:
Providing the Service
Business operations
Core Functionality and Improvement
Security, Safety and Dispute Resolution
As required by applicable law

- Primary recipients: Service Providers

User Content
- Primary purpose for processing:
Providing the Service
As required by applicable law
- Primary recipients: Service Providers

Sensory Information
- Primary purpose for processing:
Providing the Service
As required by applicable law
- Primary recipients: Service Providers



Furthermore, if you work as a healthcare professional, are employed by a medical practice, or are part of a billing organization, we might have gathered specific types of Personal Information from or about in the last twelve months and may have sold or shared that information to certain categories of third parties for the purposes outlined below. 

Basic Identifiers
- Primary purpose for processing:
With your consent
- Primary recipients: Business Partners

Commercial Information
- Primary purpose for processing:
With your consent
- Primary recipients: Business Partners

Device Data
- Primary purpose for processing:
Marketing and Promotional Purposes

Analytics and Personalization
- Primary recipients: Third Parties, like data analytics companies, social media companies, advertising networks, and cookie information recipients

Online Activity Data
- Primary purpose for processing:
Marketing and Promotional Purposes

Analytics and Personalization
- Primary recipients: Third Parties, like data analytics companies, social media companies, advertising networks, and cookie information recipients



State consumer privacy laws may provide their residents with additional rights regarding our use of their personal information. California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia provide (now or in the future) their state residents with rights to:

  • Confirm whether we process their personal information.

  • Access and delete certain personal information.

  • Correct inaccuracies in their personal information, taking into account the information's nature processing purpose.

  • Data portability.

  • Opt-out of personal data processing for:

    • targeted advertising;

    • sales; or

    • profiling in furtherance of decisions that produce legal or similarly significant effects.

  • Either limit (opt-out of) or require consent to process sensitive personal data. 


Exercising Your Rights. You can exercise privacy rights described in this section by submitting a request through our Privacy Request Form or to support@malla.co.

Verification. In order to protect your Personal Information from unauthorized access, change, or deletion, we may require you to verify your credentials before you can submit a request to know, correct, or delete Personal Information. If you do not have an account with us, or if we suspect fraudulent or malicious activity, we may ask you to provide additional Personal Information for verification. If we cannot verify your identity, we will not be able to honor your request.

Authorized Agents. You may also submit a rights request through an authorized agent. If you do so, the agent must present signed written permission to act on your behalf and you may also be required to independently verify your identity with us. Authorized agent requests can be submitted to support@malla.co.

Appeals. Depending on where you live, you may have the right to appeal a decision we make relating to requests to exercise your rights. To appeal a decision, please send your request to support@malla.co.