Privacy Policy
Effective Date: February 22, 2026
Kinome ("we," "our," or "us") is committed to protecting your privacy, especially given the sensitive nature of your health information. This Privacy Policy explains how we collect, use, and safeguard your data when you use the Kinome application.
1.1 Healthcare Provider Data
When you connect your healthcare provider (e.g., via Epic MyChart), we collect:
- Clinical Records: Lab results, medications, allergies, conditions, procedures, and clinical notes.
- Demographics: Name, date of birth, and contact information as provided by your health system.
- Encounter History: Records of visits, diagnoses, and treatments from connected providers.
- Imaging and Diagnostics: Radiology reports and diagnostic results where available.
1.2 User-Provided Data
- Account Information: Email address and name used when creating your Kinome account.
- AI Interactions: Queries and feedback you provide to our AI health intelligence engine. We do not use your conversation data for model training.
1.3 Technical Data
- Usage Data: Anonymized analytics about which features you use to improve the application.
- Device Information: Browser type and operating system for debugging purposes only.
We use your data strictly for the following purposes:
- AI Summarization: To provide summarized insights and health roadmaps derived from your records.
- Data Organization: To categorize and present your clinical data in a user-friendly dashboard.
- Personalized Insights: To generate custom health intelligence based on your specific records.
- Service Improvement: Aggregated, anonymized metrics help us improve reliability and features.
We do NOT sell your health data to third parties, advertisers, or data brokers — ever.
Your data is never used to train AI models without your explicit opt-in consent.
3. Data Sharing and Third Parties
3.1 AI Processing
We use secure AI providers with compliant infrastructure to process clinical data for summarization. Data transmitted to these providers:
- Is handled under data processing agreements or encrypted channels.
- Is never stored by the AI provider beyond the duration of the request.
- Is never used for third-party model training.
3.2 Healthcare Integration
We connect to your healthcare provider via standardized HL7 FHIR APIs (e.g., Epic MyChart). We only access data you explicitly authorize during the OAuth 2.0 consent process. You can revoke access at any time.
3.3 No Third-Party Advertising
Kinome does not integrate advertising SDKs, analytics platforms that sell data (e.g., Meta Pixel), or any third-party trackers that monetize your health data.
3.4 Legal Disclosures
We may share information if required by law (e.g., a valid court order). We will notify you in advance to the extent permitted by law.
4. Data Security
We implement industry-standard and healthcare-grade security measures:
- Encryption in Transit: All connections use TLS 1.3.
- Encryption at Rest: All stored health data is AES-256 encrypted.
- Access Control: Strict authentication via Better Auth with session management and revocation.
- Minimal Data Retention: We retain only the data necessary to provide the service. You can delete all data at any time.
- Audit Logging: Access to your records is logged and auditable.
5. Your Rights and Control
You have full ownership of and control over your health data:
- Revocation: Disconnect your healthcare provider at any time via the Settings menu. This immediately removes our OAuth token.
- Deletion: Request full deletion of your Kinome account and all associated data by emailing contact@kinome.steady23.com
- Export: You can view and export all raw data retrieved from your provider within the app.
- Correction: If you believe data is incorrect, you may flag it for review.
6. HIPAA and Compliance
Kinome is a consumer-facing personal health record (PHR) application. Consumer PHR applications are exempt from direct HIPAA obligations when data is obtained directly by patients. However, we voluntarily adopt privacy-by-design principles aligned with HIPAA's spirit:
- We treat all clinical data as Protected Health Information (PHI).
- We implement administrative, physical, and technical safeguards equivalent to HIPAA's Security Rule.
- We strongly recommend reviewing your healthcare provider's privacy policy (e.g., Stanford Health Care) regarding how they share data with third-party applications.
7. Children's Privacy
Kinome is not directed to children under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with data, please contact us immediately.
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by:
- Posting the updated policy on this page with a revised effective date.
- Sending an in-app notification for material changes.
Continued use of Kinome after changes constitutes acceptance of the updated policy.
If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us:
contact@kinome.steady23.com
