Privacy Policy

Your use of Hurricane’s website, , Hurricane’s apps and other websites, and any related offerings ("Services") is subject to the Terms and Conditions ("Terms") set forth in and our Privacy Policy (“Policy”).

Herein lies Hurricane Lotus privacy policy regarding the use of our website and the data collected while users are on this website. More specifically, this policy outlines how we use this information, and in what circumstances we may share this information to third parties. Use of other Hurricane Services, including but not limited to the Hurricane Practitioner Platform, and Hurricane's Research Surveys and Services are governed by their own Privacy Policies which supersede this one. Please contact if you have any questions.

Data We Collect

When you use our website,, we collect non-personally identifying information, including the browser type, language preference, referring site, and the date and time of each visit. This information is used by Hurricane to understand how users interact with our website and to optimize our services.

Hurricane also collects potentially personally-identifiable information like Internet Protocol (IP) addresses for users that log into our website and leave comments on our blog posts. Hurricane also collects any information you willfully provide. For example, any forms you fill out with personally identifiable information, such as your name, organization name, email address and phone number will be stored.

Please note that Hurricane Practitioner Platform users (Practitioners or Clients) retain all rights to their individual data. Proprietary Information of Practitioner includes non-public data provided by Practitioner to Company to enable the provision of the Services including any data related to Clients, but in all cases excluding the De-Identified Data (as defined below) (collectively “Practitioner Data”). Proprietary Information of Client includes non-public data provided by Client to Company to enable the provision of the Services including any Personal Health Information and Health Outcomes, but in all cases excluding the De-Identified Data (as defined below).

You must be at least 18 years old to have our permission to use this site. Our policy is that we do not knowingly collect, use or disclose Personally Identifiable Information about visitors that are under 18 years of age. In compliance with the U.S. Children’s Online Privacy Protection Act (COPPA), our services and products are not directed to users under 18 years of age, unless accessed under the careful supervision and consent of a parent or legal guardian. Any use by someone under this age is strictly prohibited and will be terminated immediately upon discovery. Further, any personally identifiable information provided by someone under 13 or that identifies someone under this age, will be deleted immediately upon discovery if in violation of this restriction.

Use of Data

Hurricane may communicate with you if you’ve provided us the means to do so. For example, if you’ve given us your email address, we may send you emails on behalf of Hurricane related to promotions, product updates, as well as general brand information, or email you about your use of the Services. Also, we may receive a confirmation when you open an email from us. This confirmation helps us make our communications with you more interesting and improve our services. If you do not want to receive communications from us, please indicate your preference by sending an email to

Hurricane shall have the right to collect and analyze data and other information relating to the provision, use and performance of various aspects of the Services and related systems and technologies (including, without limitation, information concerning Practitioner Data and data derived therefrom), and Hurricane will be free (during and after the term hereof) to (i) use such information and data to improve and enhance the Services and for other development, diagnostic and corrective purposes in connection with the Services and other Company offerings, (ii) disclose and use such data solely in aggregate or other de-identified form that does not contain personally identifiable information (“De-Identified Data”) in connection with its business, including without limitation to deliver services to other customers, (iii) Company may sell or share this De-Identified Data with third parties, and (iv) Company may release high-level findings based on and including the De-Identified Data on Company website, and share findings with press and media. No rights or licenses are granted except as expressly set forth herein.

Sharing of Data

Hurricane will not share any personally-identifying information with any third party unless you specifically provide us with permission to do so by opting into such an activity, service, or program. Hurricane always provides the opportunity for users to Opt-Out or revoke the permissions granted at a later date.

Hurricane may provide non-personally identifiable aggregate information to third parties (de-identified data). Aggregate information is data that has been amalgamated from multiple participants and is not linked to any specific individual. When your data is compiled into aggregated information, all personally identifiable information is removed and combined with other users’ data so that no individual can reasonably be identified.

Third Party Technologies We Use

Law Enforcement Requests

Under certain circumstances, the information that you have provided can be subject to be disclosed in the event of a judicial or another government subpoena, warrant or order, or in coordination with regulatory authorities. If this occurs and there is no specific request that prevents us from doing so, we will notify all affected individuals as we are legally obliged to comply with valid governmental requests.

Hurricane is unable to decrypt your personally identifiable information without your involvement. However as part of a subpoena there is always a risk that the disclosed encrypted data could be decrypted by the requesting party. Hurricane cannot provide any further protection against this. If this is a concern to you, we recommend using the pseudonymous account registration options.

Insurance Company & Employer Requests

Hurricane will not provide any person's data (PII or non-PII) to an insurance company or employer. We are supporters of legislative efforts intended to prevent discrimination and to safeguard individuals' privacy.


The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.

Our practices include, but are not limited to, the following areas:

  • ISO/IEC 27001:2013 certification. Our information security management system, which protects hurricsystems, has been certified under the ISO/IEC 27001:2013 standard. View or download our certification here.

  • Encryption. Hurricane uses industry-standard security measures to encrypt patient data both at rest and in transit. All personally identifiable information is session-level encrypted. Furthermore, this information cannot be decrypted by the Hurricane software nor by any of our employees without the participants’ consent and involvement.

  • Limited access to essential Hurricane personnel:We limit data access to authorized personnel, based on job function and role. Hurricane access controls include multi-factor authentication, and strict least-privileged authorization policy. All access to services deployed by Hurricane are authenticated, authorized, and encrypted.

While our engineering team periodically reviews and improves our security measures to ensure compliance with best privacy practices, it is impossible to guarantee that breaches in security will not occur. As we value our users' opinions, we encourage you to provide feedback and contribute to ongoing best practices by contacting us at

Aggregated Statistics

Hurricane may collect statistics about the behavior of visitors on our website, including how much time someone spends on our website, and which pages on our website are visited most frequently. This allows us to understand what parts of our website are most interesting to visitors. Hurricane may disclose this information publicly or share it with third parties. However, Hurricane does not disclose any personally-identifiable information.


Hurricane Lotus uses cookies and similar tracking technologies when you visit our website in order to best enrich your experience on our website. Cookies are text files that contain small amounts of information that are downloaded to your computer/mobile device/tablet when you use a website. This information includes appropriate advertising materials and also personal preferences (such as language or login information). Cookies keep track of which browsing device has visited a certain website before.

There are two types of cookies; session cookies and persistent cookies. A session cookie collects information while a browser has a website open. This information is automatically deleted when you close your browser. A persistent cookie is information that remains until you or your browser deletes the cookies.

There are also first and third party cookies. First party cookies are set by our website. These cookies provide Hurricane Lotus with analytics regarding marketing and advertising. Third party cookies are set by external parties and can recognize your device while you are on our website and when you use other websites. These third party cookies can be collected when you click on an external website link. We encourage you to review all third party privacy policies and cookie policies as we are not liable for their policies once you leave our website.

Users who do not wish for Hurricane to collect or use cookies should set their browsers to refuse cookies before using our website. Please note that certain features on the website will not be available without the aid of cookies.

State Law & Privacy Rights

California Residents Rights

Under California Civil Code Sections 1798.83-1798.84, some California residents have specific rights regarding their personal information. These rights are subject to certain exceptions that can be found here. Further, if you are a current, former, or prospective employee or if we have collected or processed your personal information in connection with our business with a company, partnership, sole proprietorship, nonprofit or government agency, and you are an employee, owner, director, officer, or contractor of that entity, rights 1-3 below are not available to you until at least January 1, 2021.

  1. Right to Disclosure of Information: You have the right to request that we disclose certain information regarding our practices with respect to personal information.

  2. Right to Delete Personal Information: You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.

  3. Right to Opt out of Sales of Your Personal Information: You have the right to direct a business that sells your personal information to third parties not to sell your personal information.  This right is referred to as “the right to opt-out.”

  4. Right to Non-Discrimination: You may exercise your rights under the CCPA without discrimination.

  5. Direct Marketing and Do Not Track Signals: Under California’s “Shine the Light” law, California residents may request and obtain a notice once a year about the personal information we shared with other businesses for their own direct marketing purposes.

In order to submit such requests, please contact us at

Nevada Resident Rights

If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Information to third parties who intend to license or sell that Personal Information. You can exercise this right by contacting us at with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your Personal Information as sales are defined in Nevada Revised Statutes Chapter 603A.

Privacy Policy Changes

Please note that Maya has the right to change its Privacy Policy from time to time. These changes are likely only minor changes. Maya thus encourages its users to continue to review our privacy policy regularly to ensure it is compliant with their preferences.

If you have any questions about this privacy policy please contact us at by mail:
Attn: Data Protection Officer
Maya PBC
1312 17th St., Suite 775
Denver, CO. 80202-1508

Last Updated: December 24, 2020