Terms of Service

TL:DR

  • Mara is a practice management platform based in Switzerland, complying with GDPR and the Swiss Data Protection Act.
  • We prioritize the security of your account by enforcing strong password standards and implementing password encryption methods.
  • Two-factor authentication will be introduced for added security.
  • Your data is encrypted when stored and during transmission using industry-standard methods.
  • If you choose to delete your Mara account, all your data will be permanently and irreversibly removed.
  • We retain account data for a minimum of three years after subscription expiration or account inactivity, unless you delete your account.
  • We store client data in real-time and perform weekly backups to Swiss-based servers.
  • Mara is built on Bubble.io, which utilizes the secure infrastructure of Amazon Web Services (AWS).
  • Payment processing is handled by Stripe, a trusted provider.
  • We comply with GDPR and the Swiss Data Protection Act, never sell your data, and operate solely on subscription revenue.
  • We reserve the right to modify these terms, and termination of access to Mara is possible without prior notice.
  • For more details, please refer to the full Terms of Service below.

Full Terms of Service

Effective Date: 14 June 2023

Welcome to Mara, a therapy management platform. These Terms of Service („Terms“) govern your use of Mara’s services, so please read them carefully. By accessing or using Mara, you agree to be bound by these Terms. If you do not agree to these Terms, you may not use Mara.

1. Account Security

We prioritize the security of your Mara account. To ensure the highest standards of security, we employ the following measures:

1.1 Password Security We work with a password security partner to enforce robust password standards. Your password is encrypted using advanced methods such as „salting“ and „hashing.“ Salting involves adding random bits to each password instance before hashing, creating unique passwords even if two users choose the same password. Salts mitigate hash table attacks by requiring attackers to re-compute them using the salts for each user.

During account creation, we implement strict password requirements to reduce the probability of successful brute force password attacks. You will be required to set secure passwords meeting the following criteria:

  • Length: Passwords must be longer than twelve characters.
  • Complexity: Passwords must include a combination of uppercase letters, lowercase letters, digits (1, 2, 3), and characters (!, #, $).

2. Data Encryption Policy

At Mara, we prioritize the encryption of your data to ensure its confidentiality. We implement the following encryption measures:

2.1 Encryption of Data at Rest Your data is encrypted when it is stored on the AWS servers, making it unreadable and useless to unauthorized individuals who may attempt to access and steal it. We utilize state-of-the-art encryption methods to safeguard your data.

2.2 Encrypted Communication All data transmitted between your browser and Mara is secured through encrypted connections. We enforce HTTPS (HTTP Secure) on all pages, and we utilize HSTS (HTTP Strict Transport Security) to prevent communication over unsecured connections. Additionally, we leverage „Content Security Policy“ settings within all browsers to mitigate certain types of attacks.

3. Account Deletion 

Policy Should you choose to delete your Mara account, we respect your decision and ensure the complete and irreversible removal of your data from the Mara database. We do not simply mark your account as inactive; we permanently destroy all account data. Please note the following regarding account deletion:

3.1 Explicit Deletion Request Account deletion requires your explicit request. If your account inadvertently lapses, we do not assume that you intended to delete your data. We understand the importance of user intent when it comes to data deletion.

3.2 Timely Reminders Before initiating the non-reversible deletion of your data, we will send you multiple reminders. These reminders will give you ample notice and an opportunity to export any data you wish to retain from Mara.

4. Data Retention Policy 

We retain account data for a specific period after an account expires due to subscription expiration or account inactivity. However, if you choose to delete your account, as outlined in section 3, all associated data will be permanently deleted. Please take note of the following details:

4.1 Inactive Accounts or Expired Subscriptions For inactive accounts or expired subscriptions, we retain account data for a minimum of three years after the expiration of the subscription. After this period, we will delete all account data, as we understand that if you no longer require Mara, you likely do not want us to retain your data.

4.2 Account Cancellation If you cancel your account, it remains active until the end of your subscription. The timeline described above does not begin until the expiration of your subscription.

4.3 Responsibility for Data Export While we are committed to data retention, it is your responsibility to ensure that any data you wish to keep is exported from Mara. We provide multiple timely reminders before the non-reversible deletion of your data occurs, allowing you sufficient time to export and retain any desired information.

10-Year Client Data Retention 

We understand the importance of long-term data retention, especially for therapists who have legal obligations to store patient records for a minimum of 10 years. To ensure the longevity of your client data stored with Mara, we implement the following measures:

5.1 Real-Time Data Storage We store your data in real-time on AWS servers. This means that every time you confirm an action on Mara, the data is immediately stored to ensure accurate and up-to-date records.

5.2 Weekly Backup to Swiss-Based Servers To enhance data resilience, we perform weekly backups of all data to Swiss-based servers. This additional layer of protection ensures that your data is securely stored and can be restored if needed.

5.3 Warnings for Permanent Deletion When it comes to deleting any information from Mara, we provide multiple-step warnings to minimize the chances of accidental deletion. While we prioritize giving you full control over your data on Mara, we take precautions to reduce the risk of unintentional data loss.

6. Platform Infrastructure 

Mara’s entire application is built on Bubble.io, which utilizes the technology of Amazon Web Services (AWS). AWS is a trusted technology used by government agencies, such as the CIA, and major companies like LinkedIn, Twitter, Novartis, and Amazon itself. AWS consistently manages risk and undergoes recurring assessments to comply with industry standards.

7. Payment Processing 

We prioritize the security of your payment information. Therefore, we have chosen to use Stripe, a leading payment processing provider. Stripe is trusted by millions of businesses worldwide and offers secure payment processing, payout management, and business operations. For more information on how Stripe handles security, please refer to their dedicated security documentation.

8. GDPR & Swiss Data Protection Act Compliance 

We are committed to complying with the General Data Protection Regulation (GDPR) and the Swiss Data Protection Act (DPA). Any capture of personal data, such as name, address, email address, or telephone number, will always adhere to these regulations. This means that we will always prompt and notify you about the information being captured and the specific purpose for which the data is stored. We strictly adhere to the principles and requirements outlined in the GDPR and DPA to ensure the protection and lawful use of your personal data.

9. Modification of Terms 

We reserve the right to modify these Terms of Service at any time. Any changes will be effective immediately upon posting the revised Terms on the Mara website. By continuing to use Mara after the publication of revised Terms, you accept and agree to the updated Terms.

10. Termination 

We may terminate or suspend your access to Mara at any time, with or without cause, and without prior notice or liability. Upon termination, your right to access or use Mara will immediately cease.

11. Contact Us 

If you have any questions or concerns regarding these Terms of Service or Mara’s practices, please contact us at [email protected].

By using Mara, you acknowledge that you have read, understood, and agreed to these Terms of Service.