Privacy Policy
Last Updated: October 8, 2025
Welcome to Kipu ("we," "us," or "our"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.
• Account Information: Name, email address, professional credentials
• Authentication Data: Login credentials, authentication tokens
• Professional Information: Role, department, healthcare organization affiliation
As a HIPAA-compliant healthcare application, we handle Protected Health Information (PHI):
• Patient records accessed through the App
• Clinical notes and documentation
• Treatment and medication information
• Device Information: Device type, operating system, unique device identifiers
• Usage Data: Features accessed, session duration, interaction patterns
• Log Data: IP addresses, access times, error logs
We may collect location data to ensure compliance with geographic access restrictions. Location services can be disabled in your device settings.
• Authenticating users and managing access
• Providing healthcare management features
• Synchronizing data across devices
• Ensuring HIPAA compliance
• Detecting and preventing unauthorized access
• Maintaining audit logs as required by healthcare regulations
• Analyzing usage patterns to improve functionality
• Troubleshooting technical issues
• Developing new features
• Your Healthcare Organization: For authorized healthcare operations
• Business Associates: HIPAA-compliant service providers who assist in operations
• Legal Authorities: When required by law or to protect rights and safety
• Marketing purposes
• Third-party advertising
• Sale to data brokers
• We handle PHI in accordance with HIPAA Privacy and Security Rules
• We maintain appropriate administrative, physical, and technical safeguards
• We conduct regular security risk assessments
• Right to access your PHI
• Right to request amendments
• Right to receive accounting of disclosures
• Right to request restrictions on use and disclosure
In the event of a breach of unsecured PHI, we will notify affected individuals and the Secretary of the Department of Health and Human Services as required by law.
We implement industry-standard security measures:
Technical Safeguards:
• End-to-end encryption for data transmission
• Encrypted data storage
• Multi-factor authentication
• Secure session management
Physical Safeguards:
• Secure data centers with restricted access
• Environmental controls and monitoring
• Backup and disaster recovery systems
Administrative Safeguards:
• Security training for all personnel
• Access controls and user authentication
• Regular security audits and assessments
• Active User Data: Retained while your account is active
• Audit Logs: Retained for 6 years as required by HIPAA
• Inactive Accounts: Data may be deleted after 90 days of inactivity
• Legal Requirements: Some data may be retained longer to comply with legal obligations
You can access and update your account information through the App. You can request copies of your PHI.
You can request deletion of your account. Note: Some information must be retained for legal compliance.
You can opt out of non-essential communications. You cannot opt out of essential service notifications.
This App is not intended for use by individuals under 18 years of age. We do not knowingly collect information from children.
Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt out of sale (Note: We do not sell your information)
• Right to deletion
• Right to non-discrimination
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy in the App, sending an email notification, or displaying a prominent notice. Your continued use of the App after changes constitutes acceptance of the updated policy.
For questions, concerns, or to exercise your privacy rights, please contact:
Privacy Officer
Kipu EMR
Email: privacy@kipuhealth.com
Phone: 1-800-KIPU-HELP
HIPAA Privacy Officer
Email: hipaa@kipuhealth.com
If you have concerns about our privacy practices, please contact us first. We will investigate and attempt to resolve any complaints.
For HIPAA-related complaints, you may also file a complaint with:
U.S. Department of Health and Human Services
Office for Civil Rights
Website: www.hhs.gov/ocr/privacy/hipaa/complaints/