INTRODUCTION

Kinetically, Inc. (“Kinetically,” “we,” “us,” or “our”) is committed to protecting the privacy and security of your personal information, including your protected health information (PHI). This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our mobile application, website, and related services (collectively, the “Services”).

Kinetically provides movement analysis and health monitoring technology that enables patients to perform clinically-validated assessments and share results with their healthcare providers. We understand the sensitive nature of health information and are committed to maintaining the confidentiality, integrity, and availability of your data.

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

INFORMATION WE COLLECT

Information You Provide Directly

Account Information: When you create an account, we collect your name, email address, and password. Healthcare providers may also provide their professional credentials and practice information.

Profile Information: You may choose to provide additional information such as date of birth, gender, and contact preferences.

Health Information: When you use our assessment features, we collect movement and gait analysis data, test results, health plan information, medication information, and any notes or observations you or your healthcare provider enter.

Communications: When you contact us for support or feedback, we collect the content of your messages and any attachments.

Information Collected Automatically

Usage Information: We collect information about how you interact with our Services, including features used, assessment frequency, and session duration.

Camera and Sensor Data: Our mobile application uses your device’s camera and motion sensors to perform movement assessments. This data is processed to generate your assessment results and is handled in accordance with this Privacy Policy.

Information from Healthcare Providers

If you are a patient, your healthcare provider may create an account on your behalf and enter information about your health plans, medications, and treatment goals.

HOW WE USE YOUR INFORMATION

We use the information we collect to:

Provide and Improve Services: Deliver our movement analysis and health monitoring features, process your assessments, and generate results for you and your healthcare providers.

Facilitate Care Coordination: Enable communication and data sharing between patients and their authorized healthcare providers.

Send Notifications: Provide medication reminders, appointment notifications, and health plan updates that you have opted into.

Ensure Security: Protect against unauthorized access, fraud, and other security threats.

Comply with Legal Obligations: Meet our legal and regulatory requirements, including HIPAA compliance.

Improve Our Technology: Analyze aggregated, de-identified data to enhance our algorithms and assessment accuracy.

HOW WE SHARE YOUR INFORMATION

We do not sell your personal information or protected health information.

We may share your information only in the following circumstances:

With Your Healthcare Providers

If you are a patient, your assessment results, health plan progress, and medication adherence information are shared with your authorized healthcare providers through our platform. This sharing is essential to the healthcare services we facilitate.

With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

Service Providers

We may engage trusted third-party companies to perform services on our behalf (such as cloud hosting, data storage, and technical support). These service providers are contractually obligated to protect your information and may only use it to provide services to us.

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency).

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

De-identified Information

We may use and share aggregated, de-identified information that cannot reasonably be used to identify you for research, analytics, and service improvement purposes.

HIPAA COMPLIANCE

Kinetically AI is committed to compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations.

Protected Health Information (PHI)

We recognize that much of the information we collect constitutes PHI under HIPAA. We implement appropriate administrative, physical, and technical safeguards to protect PHI in accordance with the HIPAA Security Rule.

Business Associate Agreements

When we work with healthcare providers who are covered entities under HIPAA, we enter into Business Associate Agreements (BAAs) that govern our use and protection of PHI.

Your HIPAA Rights

As a patient, you have certain rights under HIPAA regarding your PHI:

Right to Access: You have the right to access and obtain a copy of your PHI.

Right to Amendment: You may request that we amend your PHI if you believe it is inaccurate or incomplete.

Right to an Accounting of Disclosures: You may request a list of certain disclosures we have made of your PHI.

Right to Request Restrictions: You may request restrictions on certain uses and disclosures of your PHI.

Right to Confidential Communications: You may request that we communicate with you about your PHI in a certain way or at a certain location.

Right to a Copy of This Notice: You have the right to obtain a paper copy of this Privacy Policy.

To exercise any of these rights, please contact us using the information provided below.

DATA SECURITY

We implement and maintain reasonable administrative, physical, and technical safeguards designed to protect your information from unauthorized access, use, alteration, and destruction. These measures include:

• Encryption of data in transit and at rest
• Secure authentication mechanisms
• Access controls and audit logging
• Regular security assessments and monitoring
• Employee training on privacy and security practices

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

DATA RETENTION

We retain your information for as long as your account is active or as needed to provide you with our Services. We may also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

When you request deletion of your account, we will delete or de-identify your personal information within a reasonable timeframe, except where we are required to retain it by law or for legitimate business purposes.

CHILDREN’S PRIVACY

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so that we can take appropriate action.

YOUR CHOICES

Account Information

You may update or correct your account information at any time by logging into your account settings. You may also request deletion of your account by contacting us.

Notifications

You may opt out of receiving certain notifications by adjusting your preferences in the application settings or by following the unsubscribe instructions in our communications.

Device Permissions

You may control the permissions granted to our mobile application (such as camera and motion sensor access) through your device settings. Note that disabling certain permissions may limit your ability to use some features of our Services.

CALIFORNIA PRIVACY RIGHTS

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including:

• The right to know what personal information we collect, use, and disclose
• The right to request deletion of your personal information
• The right to opt out of the sale of your personal information (we do not sell personal information)
• The right to non-discrimination for exercising your privacy rights

To exercise these rights, please contact us using the information below.

INTERNATIONAL USERS

Our Services are operated in the United States. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located. By using our Services, you consent to this transfer.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the “Last Updated” date. We encourage you to review this Privacy Policy periodically.

For material changes that affect how we use or share your PHI, we will provide notice through the Services or by other means as required by law.

CONTACT US

If you have any questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about our privacy practices, please contact us at:

Kinetically AI, Inc.
Email: privacy@kinetically.ai

For HIPAA-related inquiries or to file a complaint, you may also contact:

Privacy Officer
Kinetically AI, Inc.
Email: hipaa@kinetically.ai

You also have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights if you believe your privacy rights have been violated.

NOTICE OF PRIVACY PRACTICES (HIPAA)

This section serves as our Notice of Privacy Practices as required by HIPAA.

Uses and Disclosures of PHI

We may use and disclose your PHI for the following purposes:

Treatment: We may use and disclose your PHI to facilitate healthcare treatment and services, including sharing your assessment results with your healthcare providers.

Payment: We may use and disclose your PHI as necessary for payment activities, such as billing and claims processing.

Healthcare Operations: We may use and disclose your PHI for our healthcare operations, including quality assessment, training, and compliance activities.

As Required by Law: We may use and disclose your PHI when required to do so by federal, state, or local law.

Public Health Activities: We may disclose your PHI for public health activities, such as reporting diseases or injuries.

Health Oversight Activities: We may disclose your PHI to health oversight agencies for activities authorized by law.

Your Authorization

Other uses and disclosures of your PHI not described in this Notice will be made only with your written authorization. You may revoke your authorization at any time in writing, except to the extent that we have already acted in reliance on your authorization.

Our Duties

We are required by law to maintain the privacy and security of your PHI, provide you with this Notice of our legal duties and privacy practices, and notify you following a breach of unsecured PHI.

This Privacy Policy is effective as of the Last Updated date shown above.