Privacy Policy

Last Updated: November 29, 2025

Our Commitment to Your Privacy:

Kairos collects only the minimal information necessary to help you manage care for yourself or a loved one. We use enterprise-grade security, encrypt all data, and never sell your information. Your health data is yours alone.

This Privacy Policy explains how Kairos ("we," "us," or "our") collects, uses, protects, and shares information when you use our mobile application and web services. We are committed to transparency and protecting your privacy with the highest standards of data security.

1. Information We Collect

1.1 Account and Authentication Information

When you create an account, we collect:

Name and Email: Used for account creation and authentication via Microsoft Azure AD B2C
User ID: A unique identifier assigned to your account
Authentication Tokens: Secure session tokens stored locally on your device

1.2 Health and Care Information

To help you manage care, we collect and store the information you choose to enter:

Personal Notes: Journal entries, observations, and care documentation you create
Medications: Medication names, dosages, schedules, start/end dates, and medication history
Medical History: Diagnoses (current and past), symptoms, co-occurring conditions, and mental health history
Health Events: Hospitalizations, clinic visits, treatment milestones, and significant events
Early Warning Signs: Behavioral patterns and warning sign tracking you document
Insurance Information: Insurance type, insurer name, and optional photos of insurance cards (if you choose to upload them)
Documents and Images: PDFs, photos, and documents you upload related to care
Audio Recordings: Voice notes you record within the app (stored temporarily only for transcription, then immediately deleted)
Family Information: Names and relationships of family members you add to your care circle

1.3 Device Permissions

Our mobile app requests the following permissions only when needed:

Microphone: To record audio notes that are transcribed to text. Audio files are uploaded for transcription and immediately deleted after processing.
Photo Library: To allow you to attach existing photos or documents to your notes
Camera: To take photos of documents, medications, or insurance cards directly within the app

All permissions are optional and you can deny them. The app will function without these permissions, though certain features (audio notes, camera photos, image attachments) will be unavailable.

1.4 Usage and Analytics Data

We collect minimal, anonymized usage data to improve our services:

Anonymized User Activity: We hash your user ID with SHA-256 (creating a 16-character anonymous identifier) before tracking any activity. No personally identifiable information is transmitted.
Feature Usage: Which features you use (e.g., "note created," "PDF generated") to understand what's valuable
Session Information: When you log in and how long you use the app
Technical Data: Device type, operating system version, app version, and crash reports
Important: No protected health information (PHI) is ever included in analytics tracking

1.5 Local Device Storage

The following information is stored locally on your device using AsyncStorage:

Session cookie for authentication
User ID and email
App preferences and settings

This data remains on your device and is not transmitted to our servers except for authentication purposes.

2. How We Use Your Information

2.1 Core Application Services

We use your information to provide the core features of Kairos:

Care Management: Store and organize your health information, medications, and care timeline
Medication Tracking: Manage medication schedules and dosage history
AI Assistant: Power our intelligent chatbot that can answer questions using your care context and trusted medical sources
Content Generation: Create summaries, care plans, and documentation from your notes
Document Sharing: Generate PDFs of your care timeline for sharing with healthcare providers
Family Coordination: Enable family members to collaborate on care when you invite them

2.2 AI Processing

We use artificial intelligence to enhance your experience:

Text Generation: Azure AI Foundry (GPT-5-mini deployment) generates care summaries, answers questions, and helps organize information
Audio Transcription: Azure AI Foundry transcription service converts your audio notes to text
Document Processing: Mathpix OCR extracts text from images and PDFs you upload

2.3 Communication

We use your email address to:

Send account-related notifications and security alerts
Provide customer support responses
Send important updates about the service (rarely, and only for critical information)

We do not send marketing emails or share your email with third parties.

2.4 Analytics and Improvement

We use anonymized analytics data to:

Understand which features are most valuable to users
Identify and fix bugs or technical issues
Improve user experience and app performance
Make informed decisions about new features

Remember: Your user ID is hashed before any analytics data is transmitted, and no health information is included.

3. Third-Party Services and Data Processing

We use carefully selected third-party services to provide Kairos functionality. Here's exactly what we use and why:

3.1 Microsoft Azure Services

Azure AD B2C: Manages user authentication, account security, and identity verification
Azure AI Foundry (GPT-5-mini): Powers our AI assistant, generates care summaries, and transcribes audio notes. Important: We have an enterprise agreement with Microsoft that ensures your data is NOT used to train AI models.
Azure Application Insights: Receives anonymized analytics with hashed user IDs for performance monitoring
Azure SQL Database: Hosts our encrypted database with enterprise-grade security
Azure Key Vault: Securely stores API keys and credentials (not accessible to the application)

3.2 Document and Communication Services

Mathpix: Processes images and PDFs to extract text via OCR (Optical Character Recognition). Documents are sent temporarily for processing and not retained by Mathpix.
iFax: Enables secure fax transmission when you choose to send documents to healthcare providers. You explicitly provide recipient fax numbers and approve documents before sending.

3.3 Data Processing Safeguards

Azure AI Foundry Enterprise Agreement:

Your health information is processed by Azure AI Foundry to provide AI features (chat, summaries, transcription). Under our enterprise agreement with Microsoft:

Your data is NOT used to train or improve AI models
Your data is NOT retained by Microsoft beyond processing your request
Processing happens in real-time and data is not stored
Microsoft cannot access your data for any purpose other than processing your specific request

4. How We Share Your Information

4.1 We Do NOT Sell Your Data

We do not sell, rent, trade, or otherwise monetize your personal information or health data. Period.

4.2 Sharing You Control

You have complete control over when and how your health information is shared:

PDF Generation: You choose exactly what notes and information to include in generated PDFs
Fax Transmission: You explicitly provide recipient fax numbers and review documents before sending
Family Sharing: You can invite family members to your care circle using secure invitation codes. You control what information family members can see.
Document Exports: You initiate and control all data exports

4.3 Service Providers

We share data with third-party service providers only as necessary to operate our services:

Cloud infrastructure providers (Microsoft Azure)
AI processing services (Azure AI Foundry)
Authentication services (Azure AD B2C)
Document processing services (Mathpix, iFax - only when you use these features)

All service providers are contractually obligated to protect your data, use it only for the specific services they provide to us, and comply with applicable data protection laws.

4.4 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

Comply with legal process or law enforcement requests
Protect the rights, property, or safety of Kairos, our users, or the public
Prevent fraud, security threats, or illegal activity

We will notify you of such requests unless prohibited by law.

5. Data Security

We implement multiple layers of security to protect your data:

5.1 Encryption

In Transit: All data transmitted between your device and our servers is encrypted using TLS/HTTPS
At Rest: All data stored in our database is encrypted using AES-256 encryption
Local Storage: Session data stored on your device is protected by device-level encryption

5.2 Access Controls

Authentication: Enterprise-grade OAuth 2.0 authentication via Azure AD B2C
Database Access: Role-based access controls with separate read-only and write permissions
API Security: All API endpoints require valid authentication tokens
Credential Management: API keys and secrets stored in Azure Key Vault, not in application code

5.3 Privacy by Design

Analytics Anonymization: User IDs are hashed with SHA-256 before any analytics tracking (resulting in a 16-character anonymous identifier)
Temporary Processing: Audio files are deleted immediately after transcription (typically within minutes)
Minimal Collection: We only collect data necessary for core functionality
Data Isolation: Each family's data is completely isolated from other families

5.4 Security Monitoring

Regular security audits and vulnerability assessments
Real-time monitoring for suspicious activity via Azure Application Insights
Automatic security updates and patches
Encrypted backups with 30-day retention

6. Data Retention

We retain your data only as long as necessary to provide services or as required by law:

Account Data: Retained as long as your account is active
Health Records: Retained until you delete them or close your account
Audio Recordings: Deleted immediately after transcription (typically within minutes, never longer than 24 hours)
Session Data: Session cookies expire after inactivity or when you log out
Backup Data: May be retained for up to 30 days in encrypted backups for disaster recovery
Analytics Data: Anonymized usage data retained according to Application Insights default retention policy (90 days)

Account Deletion: If you request account deletion, we will permanently delete all your data within 30 days (the time needed to ensure backup copies are also purged). After deletion, your data cannot be recovered.

7. Your Privacy Rights

7.1 Access and Control

You have complete control over your data:

Access: View all health information and notes stored in your account at any time
Edit: Modify or correct your personal information and health records
Delete: Remove individual notes, medications, events, or other health information
Export: Generate PDF exports of your care timeline and documentation
Account Deletion: Request full account deletion by contacting us (see contact information below)

7.2 HIPAA and Privacy Principles

While Kairos is not a HIPAA covered entity (we are a personal health record platform, not a healthcare provider), we respect HIPAA-like privacy principles:

Right to access and obtain copies of your health information
Right to request corrections to your health information
Right to know how your information is used and shared
Right to request restrictions on data use

8. Mobile App Permissions

Our mobile app requests specific permissions to enable features. Here's what we request and why:

8.1 Microphone Permission

Why: To record audio notes that are transcribed to text
When: Only when you tap the microphone button to start recording
Data Handling: Audio is uploaded to Azure AI Foundry for transcription and immediately deleted after processing
Platform: iOS and Android

8.2 Photo Library Permission

Why: To allow you to attach photos or documents from your device to notes
When: Only when you tap to attach an image or document
Data Handling: Selected images are uploaded to our secure servers and associated with your notes
Platform: iOS and Android

8.3 Camera Permission

Why: To take photos of documents, medications, or insurance cards directly within the app
When: Only when you tap to take a photo within the app
Data Handling: Photos are uploaded to our secure servers and associated with your notes
Platform: iOS and Android

8.4 Permission Control

All permissions are:

Optional: You can deny any permission
Revocable: You can change permission settings in your device settings at any time
Just-in-time: Requested only when you try to use a feature that needs it
Transparent: We explain why we need each permission when requesting it

9. Children's Privacy

Kairos is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from minors under 18. If you believe we have collected information from someone under 18, please contact us immediately and we will delete the information.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: You can request details about what personal information we collect, use, and disclose
Right to Delete: You can request deletion of your personal information
Right to Opt-Out: You can opt-out of sale of personal information (note: we do not sell personal information)
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at the email address below.

11. International Users and Data Transfers

Kairos is operated in the United States, and our servers are located in the United States. If you are accessing our services from outside the U.S., please be aware that your information will be transferred to, stored, and processed in the United States where our servers and database are located.

By using our services, you consent to the transfer of your information to the United States. We take steps to ensure that your data receives an adequate level of protection in accordance with applicable data protection laws.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or for legal, operational, or regulatory reasons. When we make material changes, we will notify you by:

Updating the "Last Updated" date at the top of this policy
Sending an email notification to your registered email address
Displaying a prominent notice in the mobile app

We encourage you to review this Privacy Policy periodically. Your continued use of Kairos after changes are posted constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: shsmith099@gmail.com

Website: https://kair-os.com

We will respond to your inquiry within 30 days.

14. Your Consent

By using Kairos, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree with this policy, please do not use our services.

Summary: Kairos collects minimal data necessary for care management, encrypts everything, uses AI with enterprise protections (no model training), never sells your data, and gives you complete control over your information. We're transparent about exactly what we collect and why.