Privacy Notice

Mohala Health Group LLC ("Mohala", "we", "us") — a Hawaiʻi limited liability company headquartered in Honolulu, Hawaiʻi — operates the Mohala Intelligence. We act as the data controller for personal data you provide while using the Service.

• Account & profile — name, email, display name, organization, role.
• Authentication — login credentials, hashed passwords, sign-in timestamps, OAuth identifiers when you sign in with Google.
• Support communications — messages submitted via the Connect form or to david@mohalaintelligence.com.
• Product telemetry — pages visited, features used, error reports, IP address, browser/device identifiers, and tour-event analytics needed to improve the product.
• Subscription metadata — module entitlements, plan tier, renewal dates, and the Stripe customer ID (we do not store full payment instrument data; card details are submitted directly to Stripe).

Mohala does not ingest protected health information (PHI). The HHIP source data is public-record (CMS, BLS, BRFSS, ACS, DCCA, NPPES, APCD, hospital MRFs, etc.) and does not contain individual patient identifiers.

• Provide the Service — create accounts, gate modules, render dashboards. Legal basis: performance of contract.
• Security & fraud prevention — abuse detection, rate-limiting, audit logging. Legal basis: legitimate interests.
• Product improvement — aggregated usage analytics, regression detection. Legal basis: legitimate interests.
• Customer support — respond to inquiries, deliver receipts and notifications. Legal basis: performance of contract.
• Legal compliance — tax, accounting, and lawful requests. Legal basis: legal obligation.

• Stripe, Inc. — our payment processor. Stripe handles checkout, card processing, fraud screening, invoicing, and refunds on our behalf. Mohala Health Group LLC is the merchant of record. Personal data shared: name, email, billing address, transaction history.
• Hosting & infrastructure subprocessors — for application hosting, database, edge functions, file storage, and email delivery.
• Professional advisers — legal, accounting, and compliance advisers, under confidentiality.
• Authorities — where required by law, court order, or to protect the safety of our users and the Service.

We do not sell personal data and we do not share it for cross-context behavioral advertising.

Data may be processed in the United States and other countries where our subprocessors operate. Where applicable law requires, we rely on appropriate safeguards such as Standard Contractual Clauses or recognized adequacy decisions.

We keep account and subscription data for as long as your account is active and for a reasonable period thereafter to satisfy tax, audit, and legal obligations (typically up to 7 years). Telemetry is retained in aggregated form. We delete or anonymize personal data when it is no longer needed.

Depending on where you live, you may have the right to access, correct, delete, restrict or object to processing of your personal data, to data portability, and to withdraw consent. Residents of the UK/EEA additionally have the right to lodge a complaint with their supervisory authority. To exercise any of these rights, email david@mohalaintelligence.com. We respond within one month.

We implement appropriate technical and organisational measures including encryption in transit, hashed passwords, role-based access, row-level security on our database tables, audit logging, and least-privilege service credentials. No system is perfectly secure; we will notify affected users without undue delay if a breach materially affects them.

We use a small number of cookies and similar storage strictly necessary for sign-in, CSRF protection, and remembering UI preferences (such as guided-tour progress). We do not use third-party advertising or cross-site tracking cookies. If we add optional analytics cookies in the future, we will request consent.

The Service is not directed to children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided us personal data, email us and we will delete it.

We may update this Privacy Notice. Material changes will be notified by email or in-product notice. The "Last updated" date at the top reflects the latest revision.

Questions or requests: david@mohalaintelligence.com
Mohala Health Group LLC · Honolulu, Hawaiʻi