Knoyo Health Privacy Policy

Effective Date: 01/15/2025

At Knoyo Health, the privacy and security of your data is our priority. We are compliant with the current HIPAA rule. This Privacy Policy explains how we collect, use, share, and protect your data when you use our Platform.

1. Information We Collect

1.1 Personal information

Your name, email address, phone number, and other contact details when you create an account.

1.2 Your health data

Information or data related to your health that you provide or that is generated through the Platform, such as transcripts of recorded conversations with your healthcare provider. We collect your health data in the forms of Protected Health Information (PHI) and deidentified health . We use these data differently.

1.2.1 Protected Health Information (PHI)

Protected Health Information (PHI), also known as “individually identifiable health information", is any health-related data that links your medical or health information to personal identifiable information, such as your name, contact details, or other information that can uniquely identify you.

1.2.2 Deidentified Health Information (DHI)

Deidentified Health Information (DHI) is health-related data that has been processed to remove personal identifiable information, and therefore cannot be traced back to you.

1.3 Usage data

Information about your interactions with the Platform, such as device information, IP address, and activity logs.

2. How We Use Your Information

2.1 Provide and improve services on our platform

• To enable your use of the functionabilities and features of our Platform, such as generation of detailed summaries of your conversations with your healthcare providers.
• To send you notifications and reminders regarding your health. We will ask you for consent for us to send you notifications separately through the device platform you access our Platform through.

When it comes to your health data, most of the times, we use your PHI in this context.

2.2 Research and development

• To analyze the usage and impact of our Platform and how we can improve.
• To develop additional features, products and services that enhance the ability of our Platform to help you engage with your healthcare.
• To conduct academic research, for example, on the impact of our Platform. Unless we are exclusively using data that has already been deidentified and therefore cannot be traced back to you, we will inform you about our intent to use your data for academic research and ask for your consent separately.

When it comes to your health data, we exclusively use DHI in this context.

2.3 Communication

• To send you information related to your account.
• With your permission, to send updates about our Platform and other services Knoyo Health provides. You can change your permission for such updates anytime.

3. How We Share Your Information

3.1 With HIPAA-covered collaborators

• Other HIPAA-covered entities and their Business Associates with whom we collaborate with to provide and improve our services to you. These entities and us may share your data bidirectionally. These entities can include health-related collaborators, such as healthcare providers who may help verify or enrich the summaries generated by our Platform. These entities can also include service providers that enable the operation of our Platform, such as hosting our server(s). These entities adhere to HIPAA standards and strict confidentiality agreements to protect your PHI. Typically, only DHI is accessed, and PHI is accessed minimally and only when necessary for the provision and improvement of our services to you.
  • You have the right to request that your PHI be not shared with any specific entity, such as any or all of your healthcare provider(s), by contacting us directly (See more details under “5. Your Rights”).

3.2 With academic researchers

• To facilitate academic health science research, for example, on the impact of our Platform.

When it comes to your health data, we exclusively share DHI in this context.

3.3 As required by law, regulation or legal processes

Rarely, we may need to share your information with relevant legal authorities. Some examples include:

3.3.1 Mandatory Reporting

Reporting certain communicable diseases or public health risks to government authorities, such as the Centers for Disease Control and Prevention or local health departments.

3.3.2 Subpoenas and Court Orders

Subpoenas and Court Orders

3.3.3 Fraud Detection

Disclosing data for the purpose of investigating or reporting potential fraud or illegal activities, such as unauthorized account access.

4. Commitment to non-monetization of your PHI

• We do not monetize your PHI for advertisement or any other purpose. If this ever changes, we will notify you and ask for your consent separately.

5. Your Rights

You can exercise all your rights by contacting us at team@knoyo.health, we will respond to you within 24 hours.

5.1 Access and correction

• Access and update your personal and health data directly through our Platform or by contacting us at.

5.2 Data portability

• Request a copy of your data in a structured and machine-readable format for informational purposes for yourself or your loved ones, or for it to be transferred for use in another digital health platform or for your healthcare providers, insurers or other health-related entities at your discretion.

5.3 Deletion

• Request the deletion of your data. Most of the time, we will grant the request, except when we are legally required to retain your data.

5.4 Withdrawal of consent

• You can withdraw your consent for us to collect and use your data at any time by contacting us. Withdrawing consent does not affect the legality of data collection and usage that occurred before the withdrawal.

5.5 Restrict sharing of your data

• Request that your data be not shared with a specific entity, for example, your healthcare provider or your insurance. Under HIPAA, we are required to grant your request unless sharing your data is necessary for treatment, payment, or healthcare operations and no alternative solution exists.

6. Data Security

We implement stringent technical and organizational measures to safeguard your data. Examples of these measures include:

• Encryption of data in transit and at rest.
• Regular security audits and risk assessments.
• Access controls to limit data access to authorized personnel only and only when necessary.

7. Retention of Data

We retain your data for as long as necessary to provide our services or comply with legal obligations. DHI may be retained indefinitely for research and development purposes.

8. International Users

If you are accessing the Platform from outside the United States, your data may be transferred to and processed in the United States, where data protection laws may differ from your home country.

9. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. You will be notified of significant updates. Continued use of the Platform constitutes acceptance of the updated policy.

10. Contact Information

For questions or concerns about this Privacy Policy, please contact us at:

Email: team@knoyo.health
Phone: 310-625-4539