Mama Support® Privacy Policy and Notice of Privacy Practices

Last Updated: Oct 16, 2025

  1. Introduction

Happy Mama LLC ("we," "us," or "our”) operates Mama Support® (“The App”), a mobile application designed to support maternal mental health through informational tools like the Edinburgh Postnatal Depression Scale (“EPDS”). We are committed to protecting your privacy and ensuring transparency in our data practices.

This Privacy Policy explains how we collect, use, share, and protect Your personal information, including health-related data and serves as our Notice of Privacy Practices under the Health Insurance Portability and Accountability Act (HIPAA) and outlines our compliance with other relevant data privacy laws, including the California Consumer Privacy Act (CCPA) and the European Union General Data Protection Regulation (GDPR).

By using the App, You agree to the collection, use, and processing of your data information as described in this Privacy Policy.

  1. Scope of This Policy

This Privacy Policy applies to all users of The App and related services we provide in the United States, the European Union and other regions where we make the App available. 


If You access The App from outside these jurisdictions, this access and use is your consent to the transfer of your data to the United States and other jurisdictions that may not provide the same level of data protection as your home country.


  1. Definitions

  • Personal Information: Any information that identifies, relates to, describes, or can be linked to a specific individual.

  • Protected Health Information (PHI): Individually identifiable health information regulated under HIPAA.

  • Business Associate: As defined under HIPAA, an entity that performs services involving PHI on behalf of a covered entity.

  • Data Subject: An individual located in the EU whose personal data is processed under the GDPR.

  • Data Controller / Processor: As defined in the GDPR, the controller determines purposes and means of processing; the processor acts on behalf of the controller.


  1. Data We Collect

We collect the following categories of data:

  • Personal Information/Identifiers: Name, email address, or other contact details you provide

  • Health Information: Responses to the EPDS questionnaire or other related health information

  • Internet/Device Data: IP address, device type, operating system, device identifiers, geolocation data

  • Usage Data: Time spent, features used, pages viewed

  • Inferences: Potential mental health risk levels


Data may be collected directly from You, through your use of The App, or from third-party service providers such as analytics tools.


  1. Legal Basis for Processing

We process your data according to the following legal bases:

  • Consent: We rely on your explicit consent for health data such as EPDS responses.

  • Contract: We aim to fulfill our Terms of Use and provide related services.

  • Legal Obligation: We are compliant with HIPAA, CCPA and GDPR requirements.

  • Legitimate Interests: We intend to continually improve and secure The App, provided such interests are not overridden by your legal rights under the above statutes and regulations.


  1. How We Use Your Data

We use your data to:

  • Generate and display EPDS screening results for your personal use

  • Respond to inquiries and support requests

  • Improve user experience and App functionality

  • Conduct analytics and usage tracking

  • Protect against fraud and ensure security

  • Meet legal requirements, such as compliance reporting to authorities if required


We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.


  1. Data Sharing and Disclosure

We do not sell your personal information. We may share data:

  • Internally: With authorized employees under strict confidentiality obligations.

  • With Service Providers: Bound by HIPAA-complaint Business Associate Agreements or GDPR-compliant data processing agreements.

  • For Legal Compliance: Where required by law, regulation or court order.

  • With Consent: When You authorize specific disclosures.


If data is transferred outside the EU, we implement appropriate safeguards, such as Standard Contractual Clauses (SCCs).


  1. Data Retention

We retain your data only as long as necessary:

  • EPDS Responses: Automatically deleted after 30 days unless saved to your account. Saved responses will be retained until You delete them or close your account.

  • Account Information: Retained for as long as your account is active and for up to 2 years following account closure, unless longer retention is required to comply with legal obligations.

    • HIPAA Records: Where applicable, documentation such as consents or notices related to PHI will be retained for at least 6 years from the date of creation or last use, in compliance with HIPAA.

    • EU Users: We follow GDPR principles of data minimization and storage limitation and will delete or anonymize your data when it is no longer needed for its original purpose.


You may request data deletion at any time.


  1. Data Security

We use industry-standard safeguards including HIPAA Security Rule requirements and GDPR security obligations to protect your data:

  • Administrative: Employee training, policies and access controls

  • Physical: Secure data center infrastructure with restricted access

  • Technical: Encryption of data in transit and at rest, and audit logs


The security of your data is important to us. However, please be advised that no security method is 100% secure. We cannot guarantee absolute data security. 


  1. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Under HIPAA (U.S.):

    • Access to PHI

    • Request correction of PHI

    • Receive accounting of disclosures

  • Under CCPA (California):

    • Know what personal information we collect and how it's used

    • Request deletion of your personal data

    • Non-discrimination for exercising your rights

    • Opt-out of the sale of your personal data

  • Under GDPR (EU):

    • Right to access, rectify, or erase personal data

    • Right to restrict or object to processing

    • Right to data portability

    • Right to lodge a complaint with a supervisory authority


To exercise any of these rights, contact us at [Insert Email]. We will respond within applicable legal timeframes.


  1. Age Requirements

The App is intended for users age 18 years and older. We do not knowingly collect data from individuals under 13 years of age. If we discover such data, we will delete it promptly, in accordance with the Children’s Online Privacy Protection Act (COPPA).


  1.  International Data Transfers

If You are located outside the United States, your information may be transferred to and processed in the U.S. and other countries where our servers or service providers are located. We use safeguards such as Standard Contractual Clauses (SCCs) to ensure appropriate data protection.


  1. Policy Updates

We may update this Privacy Policy to reflect changes in our practices or applicable legal requirements. We will notify You of any changes by posting the new Privacy Policy on this page and updating the “Last Updated” date.


  1. Contact Information

For questions or to exercise your rights under this Policy:

  • Email: [Email]

  • Mail: [Address]

You may also submit complaints to the U.S. Department of Health and Human Services (HHS) or to your local EU data protection authority.


  1. Compliance

This Privacy Policy is designed to comply with the Health Insurance Portability and Accountability Act (HIPAA), the California Consumer Privacy Act (CCPA), and the EU General Data Protection Regulation (GDPR). Where a conflict arises, we apply the most protective standard applicable to your jurisdiction.