Privacy Policy

Kinetic Systems and Technologies, Inc. ("Kinetic", "Kinetic Systems", "we", "us", or "our") is committed to protecting your privacy. The terms "client", "customer", "you", "your", and similar terms refer to the persons and organizations that may engage us to provide Services and may deliver information to us that is subject to this Privacy Policy.

This Privacy Policy describes our practices for collecting, using, and sharing information through our service platform, including the artificial intelligence (AI) models, features and functions that we use (collectively, the "Service" or "Services").

Our approach ensures that patient privacy protections are embedded within the fundamental design of our automation technologies. By accessing or using our Services, including this website, you consent to the collection, use, and disclosure of information as described in this Privacy Policy. Your use of the Service is also governed by our Terms of Service and, where applicable, a Business Associate Agreement (BAA) if you qualify as a Covered Entity or Business Associate under HIPAA.

We collect information to provide and improve our Service, including the following:

• Protected Health Information (PHI): This includes patient names, dates of birth, medical record numbers, diagnoses, treatment information, medications, laboratory results, medical images, insurance information, and other health-related data as defined by HIPAA. This information is provided to us for processing within our Service on behalf of our Customers.
• Customer Employee Information: Names, email addresses, phone numbers, professional titles, and login credentials for individuals authorized by our Customers to access and use the Service.
• Account Information: When you create an account, we collect your name, email address, password, and other information necessary to set up and manage your account.
• Communication Information: Information you provide when you contact us with questions, feedback, support requests, or otherwise communicate with us.
• Usage Data: We collect information about how you and authorized users interact with our Service, including IP addresses, browser types, device identifiers, operating systems, access times, pages viewed, features used, and referring URLs. This helps us understand how our Service is used and identify areas for improvement.
• Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies to collect information about your interaction with our Service, enhance user experience, and perform analytics. You can control the use of cookies through your browser settings.
• AI Input Data: This includes PHI or other data submitted by customers or users for processing by our AI algorithms.
• AI-Generated Outputs: Our AI models produce outputs, predictions, classifications, and insights based on the input data. These outputs may constitute PHI if they relate to identifiable individuals.
• De-identified or Aggregated Data: We may use de-identified or aggregated data (from which personal identifiers have been removed in accordance with HIPAA standards) to train, validate, and improve our AI algorithms, models and Service. We provide detailed information about this process in our BAAs and service agreements.

We use the information we collect for the following purposes:

(a) To provide and maintain the Service:

• Process and securely store PHI on behalf of our customers as authorized by our BAAs
• Enable AI to analyze data and provide insights as requested by customers
• Create and manage user accounts
• Provide customer and technical support and respond to inquiries

(b) To improve and develop our Service:

• Analyze usage patterns to understand how our Service is used
• Develop new features, functionalities, and products
• Use de-identified and aggregated data to train, validate, and improve our AI algorithms and models

(c) To communicate with you:

• Send administrative information, including updates to our terms, conditions, and policies
• Provide service-related announcements
• Respond to your comments and questions
• With your consent, send marketing communications about our products and services

(d) To ensure security, compliance, and legal protection:

• Protect the security and integrity of our Service
• Prevent fraud and identify technical issues
• Comply with legal obligations under HIPAA and other applicable laws.
• Protect our rights, privacy, safety, or property.
• Enforce our agreements, including our Master Services Agreement and BAAs.

(e) To conduct research and analytics:

• Aggregate or de-identify information so that it can no longer be linked to you or your device. We may use that information for any purpose, including research, analytics, and service improvement.

We do not sell your PHI or personal information. We share information only in the following circumstances:

(a) With Healthcare Organizations: We share PHI and insights with the customer (Covered Entity) that provided the data, as directed by them and in accordance with our BAA and other customer agreements.

(b) With Service Providers and Subcontractors: We engage third-party vendors, consultants, and service providers to perform functions on our behalf, such as cloud hosting, data analytics, customer support, AI model development, and security services. These parties are contractually obligated to protect the information and use it only for the purposes for which it was disclosed. Any service provider that handles PHI must execute a BAA with us.

(c) With AI Providers: If we work with third-party AI developers or platforms, we share only data that has been appropriately de-identified according to HIPAA standards or as explicitly permitted under our BAAs.

(d) Legal Requirements and Protection of Rights: We may disclose information when required by law or when we believe in good faith that disclosure is necessary to:

• Comply with legal obligations, such as subpoenas or court orders.
• Protect and defend our rights or property.
• Prevent or investigate potential wrongdoing in connection with the Service.
• Protect personal safety.
• Protect against legal liability.

(e) Business Transfers: In the event of a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our Service of any change in ownership or uses of your information, as well as any choices you may have.

(f) With Your Consent: We may share information with third parties when we have your explicit consent to do so (or the consent of the relevant customer/Covered Entity in the case of PHI).

We implement comprehensive safeguards designed to protect the security, confidentiality, and integrity of the information we process, including PHI.

Our security measures include:

• Encryption: Data is encrypted both at rest and in transit using industry-standard encryption protocols
• Access Controls: Strong authentication mechanisms and role-based access controls limit who can access information
• Security Assessments: Regular security assessments, penetration testing, and vulnerability management
• Employee Training: Ongoing training for employees on privacy and security obligations
• Incident Response: Comprehensive incident response plans to address potential security events

While we implement robust security measures, no system is completely impenetrable. We cannot guarantee absolute security of your information. In the event of a data breach involving PHI, we will comply with notification requirements under HIPAA and our BAAs.

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, and reporting requirements. PHI is retained in accordance with the terms of the applicable BAA and our customer's instructions.

When we no longer need personal information for business or legal purposes, we securely delete or anonymize it in accordance with our data retention policies.

You may have certain rights regarding your personal information, depending on your location and how you interact with our Service:

(a) Rights Related to PHI. If your PHI is processed by us on behalf of one of our customers (Covered Entities), you should direct any requests to access, amend, restrict, or obtain copies of your PHI to that healthcare organization. We will assist our customers in responding to those requests as required by our BAAs and HIPAA.

(b) General Privacy Rights. You have the following rights regarding your personal information:

• Access and Correction: You may request access to the personal information we hold about you and request corrections if it is inaccurate or incomplete.
• Marketing Opt-Out: You can opt out of receiving promotional emails from us by following the unsubscribe instructions provided in those emails. Please note that you will continue to receive transactional or administrative messages.
• Cookie Controls: Most web browsers are set to accept cookies by default. You can usually modify your browser settings to decline cookies if you prefer. However, this may affect your ability to use certain features of our Service.

(c) State-Specific Privacy Rights. You may also have additional rights depending on your location.

California Residents: Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the right to:

• Know what personal information is collected, used, shared, or sold
• Request deletion of personal information
• Opt out of the sale or sharing of personal information
• Correct inaccurate personal information
• Limit use of sensitive personal information

Other State Residents: Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws have substantially similar rights. These include the right to access, delete, correct, and obtain a copy of your personal information, as well as opt out of certain processing activities.

To exercise any of these rights, please contact us using the information provided in the Contact Us section below. We will respond to your request within the timeframe required by applicable law.

We use AI to assist our customers in delivering their services, whether involving care or other health-related services, but nothing that we provide is intended to replace professional medical judgment. We are committed to responsible AI development and deployment:

• Transparency: We strive to be transparent about how our AI models are trained and how they generate insights, within the bounds of protecting proprietary information.
• Human Oversight: Where AI is used for critical healthcare decisions, we encourage and often require oversight by qualified healthcare professionals who review AI-generated outputs.
• Performance Monitoring: We continuously monitor AI model performance to ensure accuracy, reliability, and safety.

Our Service is not intended for direct use by individuals under the age of 13 without parental consent, unless provided through a healthcare provider in the context of patient care. We do not knowingly collect personal information from children under 13 without appropriate authorization or lawful basis. If we learn that we have inadvertently collected personal information from a child under 13 without proper authorization, we will take steps to delete that information promptly. When PHI of a minor is provided by a customer (healthcare provider), it is handled in accordance with HIPAA and our BAA.

If you are accessing our Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located and our central database is operated. Data protection laws in the United States may differ from those in your country of residence. When transferring your information internationally, we implement appropriate safeguards to protect your information in accordance with this Privacy Policy and applicable law.

We reserve the right to update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes to this Privacy Policy, we will notify you by:

• Posting the updated Privacy Policy on our website
• Updating the "Effective Date" at the top of this Policy
• Sending you an email notification (if you have provided us with your email address)
• Providing notice through other appropriate communication channels

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

If you have questions, comments, or concerns about this Privacy Policy, our data practices, or if you wish to exercise your privacy rights, please contact us at:

If you are a patient of one of our customers and have questions about your PHI, please contact your healthcare provider directly, as they are the Covered Entity responsible for your health information.

We will respond to your inquiries within a reasonable timeframe, typically within 30 days, or as required by applicable law.