Focus on


We believe that data should be the property of the end-users. 
To do so and foster privacy and security we follow these principles.

Think people first


We believe that data should be the property of the end-users. This seeming simple tenet has several consequences and upsides for our users:

  • End-users decide what to share. By being opted-out by default, people are empowered to decide which data they share and with whom. This opt-in step gives agency, and responsibility, to the end-users. It is also a way to make sure we avoid any data being shared without consent.
  • We do not sell personal data. Or trade, or exchange. In other words, end-users will not be pitched products based on their profiles from companies they have no relationship with or have requested information from.
  • You control your data. When we receive a request to delete an account, all data and personalized identifiers are removed from our environment.

Be compliant

  • We follow different standards and regulations to keep our data compliant. Specifically, we consider GDPR, HIPAA, and FERPA as part of the standards we aim for.
  • We believe that using GDPR standards also reinforces the privacy and security of our US based customers and their end-users.
  • In certain cases where we facilitate a payment or financial transaction, we comply to PCI requirements and all the transactions are done via Stripe, which acts as our credit-card clearing house system.


The standards we follow

  • HIPAA: The Health Insurance Portability and Accountability Act of 1996 stipulates how personally identifiable information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft and addressed some limitations on healthcare insurance coverage.
  • GDPR: The General Data Protection Regulation (GDPR) is a regulation in European law on data protection and privacy. The GDPR’s primary aim is to enhance individuals’ control and rights over their personal data.
  • FERPA:FERPA governs the access to educational information and records by public entities such as potential employers, publicly funded educational institutions, and foreign governments.  It is particularly important as it regulates how and when parents can access their kids’ records.


How do we manage research studies

Research is a big part of our work at Okaya.  When conducting research we want to make sure we:

  • Preserve the participants’ privacy.
  • Identify and address bias.
  • Follow ethics standards.

To do so, we follow the standards put out by Internal Review Boards (IRB) at research institutions and medical facilities.