Effective Date: March 11, 2026
Kinvera is a prevention-focused digital platform designed to help families understand their health history and make informed decisions about their future. Kinvera is not a HIPAA-covered entity; however, we apply enterprise-grade safeguards to personal health-related information.
Information you provide may include name, email, date of birth, family relationships, and self-reported health history. We may also collect device and usage data to secure and improve the platform.
We use your information to provide prevention dashboards, generate summaries, maintain account security, improve the platform, and comply with legal obligations. We do not sell identifiable personal health data.
Kinvera may create de-identified, aggregated datasets that cannot reasonably identify any individual. Such data is not considered "personal information" under applicable privacy laws. Kinvera may use, license, sell, publish, or otherwise share de-identified data for any lawful purpose, including but not limited to:
De-identification is performed using industry-standard techniques aligned with HIPAA Safe Harbor or Expert Determination methods. We do not report on groups smaller than 50 individuals, and we do not re-identify data once de-identified.
Advertising is contextual by default. Personalized health-based recommendations require explicit opt-in. Kinvera does not allow off-platform targeted advertising.
Insurers receive aggregated, de-identified insights by default. Individual-level data is shared only with explicit user opt-in and may be revoked at any time.
Research collaborations use aggregated, de-identified data and require formal data use agreements.
The Kinvera app may use third-party services for analytics, crash reporting, and performance monitoring (e.g., Firebase, Mixpanel). These services may collect device identifiers and usage data subject to their own privacy policies. We do not share identifiable health information with these providers.
Kinvera does not track you across apps or websites owned by other companies. If this changes, we will request your permission in accordance with Apple's App Tracking Transparency framework before enabling any such tracking.
With your consent, we may send push notifications related to prevention reminders, account updates, or platform features. You may disable notifications in your device settings.
Depending on your state of residence, you may access, correct, delete, download, or opt out of certain data uses. Requests may be submitted to [email protected].
Kinvera implements encryption in transit and at rest, role-based access controls, logging, vendor oversight, and breach response procedures aligned with the FTC Health Breach Notification Rule.
We retain identifiable data only as long as necessary to provide services or comply with legal obligations. Users may request deletion at any time.
Deletion requests may be submitted via account settings or email. Upon verification of identity, Kinvera will log the deletion request, remove identifiable data from active systems, flag associated data for purge from backups within defined retention windows, and confirm deletion completion to the user. Aggregated, de-identified statistical data that cannot reasonably be linked back to an individual may be retained.
Kinvera is not intended for users under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete it promptly. If you believe a child has provided us information, contact [email protected].
Kinvera aligns with FTC Health Breach Notification Rule and applicable state privacy statutes including CCPA/CPRA, Washington My Health My Data Act, Maryland MODPA, Colorado CPA, Virginia VCDPA, Connecticut CTDPA, Texas TDPSA, and Utah UCPA. We apply a highest-common-denominator framework across users.
We may update this Privacy Policy periodically. Material changes will be communicated through the platform or via email.
Kinvera
Email: [email protected]