Privacy Policy

Introduction

Kentra Health LLC ("Kentra Health", "we", "our", or "us") respects your privacy and is committed to protecting it through our compliance with this policy. This policy describes how we collect, process, retain, and disclose personal data about you when providing services to you through our websites, applications, and services that link to this policy (our "Services") and our practices for using, maintaining, protecting, and disclosing that information.

This policy applies only to information we collect:

• Through the Services; and
• In communications, including email, text, chat, and other electronic messages, between you and the Services.

It does not apply to information collected by us through any other means, including on any other website operated by any third party that does not link to this policy, or any third party, including through any application or content (including advertising) that may link to or be accessible from or through the Services.

Please read this policy carefully to understand our policies and practices regarding your information and how we treat it. By interacting with our Services or providing us with your information, you agree to the collection, use, and sharing of your information as described in this privacy policy. This policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of the Services after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

Children's and Minors' Data

Our Services are not intended for, and we do not knowingly collect any personal data from, children under the age of 18. If we learn we have collected or received personal data from a child under 18 years old without verification of parental consent, we will delete that information.

If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately. We will take steps to remove such information from our systems.

The Personal Data That We Collect or Process

"Personal data" is information that identifies, relates to, or describes, directly or indirectly, you as an individual, such as your name, email address, telephone number, home address, or payment information, or personal health information you upload to our Services.

The types and categories of personal data we collect or process include:

Account and Contact Information

• Name, email address, phone number, and mailing address
• Date of birth and age
• Account credentials and authentication information
• Username and other contact information you provide us

Demographic Information

• Age and gender
• Content and information you elect to provide as part of your profile

Health and Medical Information

• Medical history and health conditions
• Medications, treatments, and prescriptions
• Vital signs and health metrics
• Healthcare provider information and records
• Health goals and wellness data
• Insurance and billing information

Biometric Information

• Voiceprints (when using voice input features)
• Sleep, health, or exercise data

Device and Technical Information

• IP address and device identifiers
• Operating system and version, hardware identifiers
• Browser type and information
• Usage data and interaction patterns
• Location data (with your permission)

Some of the information identified above, including biometric information and health data, may be considered sensitive data under certain laws. If required under applicable law, we will collect and process sensitive personal data only with your consent. If you choose not to provide or allow us to collect some information, we may not be able to provide you with requested features, services, or information.

If you are a California resident, to access our supplemental California privacy statement, visit our CCPA Privacy Notice.

Statistical and Aggregated Information

Statistical or aggregated data does not directly identify a specific person, but we may derive non-personal statistical or aggregated data from personal data. For example, we may aggregate personal data to calculate the percentage of users accessing a specific Services feature. If we combine or connect non-personal statistical or technical data with personal data so that it directly or indirectly identifies an individual, we treat the combined information as personal information.

Technical Information

Technical information includes information about your internet connection and usage details about your interactions with the Services, such as clickstream information to, through, and from our Services (including date and time), products that you view or search for, page response times, download errors, length of your visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), or methods used to browse away from a page.

How We Collect Your Personal and Other Data

You Provide Information to Us

We collect information about you when you interact with our Services, such as when you create or update an account, or interact with our Services.

Automatically Through Our Services

As you navigate through and interact with our Services, we may use automatic data collection technologies to collect information that may include personal data. Information collected automatically may include usage details, IP addresses, operating system, and browser type, and information collected through cookies, web beacons, and other tracking technologies including details of your interactions with our Services.

Using automatic collection technologies helps us to improve our Services and to deliver a better and more personalized experience. The technologies we use for this automatic data collection may include:

• Cookies: A cookie is a small file placed on your device when you interact with the Services. You may refuse to accept or disable cookies by activating the appropriate setting on your browser or device. However, if you select this setting, you may be unable to access certain features of the Services.
• Web Beacons: Some parts of the Services may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit Kentra Health, for example, to count users who have visited those parts and for other related statistics.

To the extent any of these automated technologies are considered a personal data sale, targeted advertising, or profiling under applicable laws, depending on where you live, you may opt out from use of these automated technologies for such uses by disabling cookies in your browser. Please note that some Services features may be unavailable as a result.

Third-Party Collection

When you interact with the Services, there are third parties that may use automatic collection technologies to collect information about you or your device. These third parties may include analytics companies, your device manufacturer, and your internet or mobile service provider. These third parties may use tracking technologies to collect information about you when you use the Services. The information they collect may be associated with your personal data or they may collect information about your online activities over time and across different websites, apps, platforms, and other online services.

We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.

Third-Party Services

We use the following third-party services to operate and improve Kentra Health. All services that process protected health information (PHI) are covered by Business Associate Agreements (BAAs) to ensure HIPAA compliance.

Error Monitoring & Performance

Backend Services

AI Features (Optional, Consent Required)

If you choose to enable AI features in the app, your data is processed by Microsoft Azure OpenAI Service, which is HIPAA-compliant and covered by our Business Associate Agreement. These features require your explicit consent before activation.

How We Use Your Information

We use information that we collect about you or that you provide to us, including any personal data, to:

• Provide you with the Services and any contents, features, information, products, or services that we make available through the Services.
• Fulfill any other purpose for which you provide it.
• Improve our Services, including by analyzing your information and creating aggregated data derived from your information to develop, maintain, analyze, improve, optimize, measure, and report on our Services and their features. Our analysis may include the use of technology like machine learning and large language models.
• Carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
• Notify you when Services updates are available and about changes to any products or services we offer or provide through them.
• Send you appointment reminders, health information, and important updates.
• Comply with healthcare regulations, legal requirements, and law enforcement requests.
• Protect against fraud, unauthorized access, and other harmful activities.
• For any other purpose with your consent.

The usage information we collect helps us improve our Services and deliver a better and more personalized experience by enabling us to estimate our audience sizes and usage patterns, store information about your preferences, speed up your searches, and recognize you when you return to our Services.

Who We Disclose Your Information To

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may also disclose personal data that we collect or you provide as described in this privacy policy:

• To our subsidiaries and affiliates.
• To contractors, service providers, and other third parties we use to support our organization and who are bound by contractual obligations to keep personal data confidential and use it only for the purposes for which we disclose it to them.
• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Kentra Health's assets.
• To healthcare providers, doctors, specialists, pharmacies, and other care team members involved in your treatment.
• To insurance companies for payment processing, coverage verification, and claims management.
• To family members when you have authorized disclosure or in emergency situations.
• To fulfill the purpose for which you provide it.
• For any other purpose disclosed by us when you provide the information.
• With your consent.

We may also disclose your personal data:

• To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
• To enforce or apply our Terms of Use and other agreements, including for billing and collection purposes.
• If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of our organization, our members, or others.

We do not sell your personal information to third parties for marketing purposes.

How We Protect Your Personal Data

We use commercially reasonable administrative, physical, and technical measures designed to protect your personal data from accidental loss or destruction and from unauthorized access, use, alteration, and disclosure:

• Encryption of data in transit and at rest using industry-standard protocols
• Secure authentication and access controls
• Regular security assessments, audits, and penetration testing
• Employee training on data protection and HIPAA compliance
• Physical security measures for our facilities and systems
• Incident response procedures for potential security breaches

However, no website, mobile application, system, electronic storage, or online service is completely secure, and we cannot guarantee the security of your personal data transmitted to, through, using, or in connection with the Services. Any transmission of personal data is at your own risk.

The safety and security of your information also depends on you. You are responsible for taking steps to protect your personal data against unauthorized use, disclosure, and access.

How We Retain Your Personal Data

We keep the categories of personal data described in this policy for as long as reasonably necessary to fulfill the purposes described or for as otherwise legally permitted or required, such as maintaining the Services, operating our organization, complying with our legal obligations, resolving disputes, and for safety, security, and fraud prevention.

This means that we consider our legal and business obligations, potential risks of harm, and nature of the information when deciding how long to retain personal data. At the end of the retention period, personal data will be deleted, destroyed, or deidentified.

Medical records are retained in accordance with applicable federal and state healthcare regulations, which may require retention for extended periods.

If you are a California resident, visit our CCPA Privacy Notice for more information about the retention periods that apply to the personal data categories we collect.

Your Rights and Choices About Your Information

This section describes mechanisms you can use to control certain uses and disclosures of your information and rights you may have under state law, depending on where you live.

Cookies and Tracking Technologies Choices

You can set your browser to refuse all or some browser cookies or other tracking technology files, or to alert you when these files are being sent. If you disable or refuse cookies or similar tracking files, some Services features may be inaccessible or not function properly. Some browsers include a "Do Not Track" (DNT) setting that can send a signal to the online services you visit indicating you do not wish to be tracked.

Location Data Choices

You can choose whether or not to allow the Services to collect and use real-time information about your device's location through the device's privacy settings. If you block the use of location information, some Services features may become inaccessible or not function properly.

Your State Privacy Rights

Depending on your state of residency, you may have certain rights related to your personal data, including:

• Access and Data Portability: You may confirm whether we process your personal data and access a copy of the personal data we process. To the extent feasible and required by state law, data will be provided in a portable format.
• Correction: You may request that we correct inaccuracies in your personal data that we maintain, taking into account the information's nature and processing purpose.
• Deletion: You may request that we delete personal data about you that we maintain, subject to certain exceptions under applicable law.
• Opt Out of Targeted Advertising, Profiling, and Sales: You may request that we do not use your personal data for these purposes.

Important: The exact scope of these rights vary by state. There are also several exceptions where we may not have an obligation to fulfill your request.

To exercise any of these rights, please contact us at kenneth@kentrahealth.com. To appeal a decision regarding a consumer rights request, please reply to the response email with your appeal.

Some browsers and browser extensions support the Global Privacy Control ("GPC") that can send a signal to process your request to opt out from certain types of data processing, including data "sales" as defined under certain laws. When we detect such a signal, we will make reasonable efforts to respect your choices indicated by a GPC setting as required by applicable law.

If you are a California resident, additional information applies to you. To access our supplemental California privacy statement and learn more about California residents' privacy rights, visit our CCPA Privacy Notice.

Account Deletion

You have the right to delete your account and all associated data at any time. When you delete your account:

• Your account credentials and profile information will be permanently deleted
• Your health data, medications, conditions, and allergies will be permanently removed
• Your chat history and AI conversation data will be deleted
• Your consent preferences and settings will be removed

How to delete your account: Open the Kentra Health app, go to Settings > Privacy & Account > Delete Account. You will be asked to confirm this action. Account deletion is permanent and cannot be undone.

Alternatively, you can request account deletion by contacting us at kenneth@kentrahealth.com. We will process your request within 30 days.

Note: Some information may be retained as required by law, including medical records that must be kept for the legally mandated retention period.

Changes to Our Privacy Policy

We may update this policy from time to time, and we will provide notice of any such changes to the policy as required by law. The date the privacy policy was last updated is identified at the top of the page.

We will notify you of changes to this policy by:

• Updating the "Last Updated" date and posting the updated policy on the Services
• Sending email or in-app notifications for material changes

We may email or otherwise communicate reminders about this policy, but you should check our Services periodically to see the current policy and any changes we have made to it. Your continued use of the Services after we make changes is deemed to be acceptance of those changes.