Legal
Privacy Policy
EFFECTIVE JUNE 1, 2026 · VERSION 2.3
EFFECTIVE JUNE 1, 2026 · VERSION 2.3
We built Kinvera so families can understand their health history and do something about it. Your trust is the entire product, so here is what matters most, in plain language. The full policy below explains each point in detail.
Kinvera Health LLC ("Kinvera," "we," or "us") operates a family health mapping and prevention platform that helps individuals and families understand their intergenerational health history and act on personalized screening timelines. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over your data.
Kinvera is not a HIPAA-covered entity and does not function as a healthcare provider, health plan, or healthcare clearinghouse. However, we apply enterprise-grade safeguards to all health-related information on the Platform and align our practices with the FTC Health Breach Notification Rule and applicable state consumer health privacy statutes.
We may update this Privacy Policy periodically. When we make material changes, we will notify you by email, in-app notice, or by requiring acceptance of a new version at next login. Your continued use of the Platform after the effective date of an update constitutes acceptance of the revised Policy.
When you create an account and use the Platform, you may provide:
When you use the Platform, we may automatically collect:
Most family health information on the Platform is entered by you about your relatives, and most of those relatives will not have a Kinvera account. When you add a relative's health history, such as a condition or an age of onset, you are recording information about another person. By entering it, you confirm that you have a reasonable basis to do so as that person's family member or as someone who helps maintain your family's health record.
A relative does not need an account for you to record their history. If a relative does accept an invitation and joins, they create their own account and control the information they contribute to a shared workspace, subject to these terms.
If someone learns that information about them is recorded on the Platform and wants it removed, they may contact us at hello@kinverahealth.com. We will work with the account holder to remove or de-identify that information.
Kinvera does not collect Social Security numbers, financial account numbers, insurance member IDs or group numbers, or clinical records from healthcare providers. We may collect the name of your insurance carrier if you provide it, as described in Section 2.1, but we never ask for the identifying details on your insurance card. The Platform is not integrated with any EHR or provider system. All health data on the Platform is self-reported by users.
We process your information only for the purposes listed: to provide prevention dashboards and screening recommendations, generate physician-ready summaries, send screening reminders and notifications, maintain account security, improve the Platform, support aggregated insurer or research partnerships, and comply with legal obligations.
We do not use your identifiable health information for advertising targeting, profiling for commercial purposes, or sale to third parties.
Kinvera creates de-identified, aggregated datasets that cannot reasonably identify any individual. De-identified data is not personal information under applicable privacy laws. Kinvera may use, license, sell, publish, or otherwise share de-identified, aggregated data for any lawful purpose, including:
Aggregation standards: We do not report on groups smaller than 50 individuals, and we apply suppression rules to prevent re-identification. We de-identify data consistent with the HIPAA Safe Harbor method, removing identifiers so that the remaining information cannot reasonably be used to identify you, and we do not attempt to re-identify it. We do not sell identifiable personal health data under any circumstances.
Kinvera uses third-party service providers to operate the Platform, including database hosting, payment processing, transactional email, and analytics. Each processor receives only the data necessary for its specific function and is subject to data processing agreements that restrict use to the purposes described. We do not authorize any processor to use your data for their own commercial purposes, and we do not share identifiable health information with advertising networks.
Kinvera does not display in-app advertising. We do not allow off-platform targeted advertising using your health data. If Kinvera uses advertising attribution tools to measure the effectiveness of app install campaigns, any data shared with such tools is anonymized. Marketing emails and newsletters are sent via Beehiiv to users who have subscribed; you may unsubscribe at any time via the link in any email or by contacting hello@kinverahealth.com.
Kinvera segregates identifying account data (name, email) from health-related data at the database level. Row-level security ensures each user's health data is accessible only to that user and, where workspace permissions apply, to family members they have explicitly invited.
No security system is perfect. If you become aware of a security concern related to your account, please contact hello@kinverahealth.com immediately.
Depending on your state of residence, you may have rights to access, port, correct, delete, or restrict processing of your personal data, and to opt out of any sale or sharing. Kinvera honors these rights for all U.S. users regardless of state, applying a highest-common-denominator standard.
Kinvera does not sell identifiable personal health data. If we ever share data in a manner that constitutes a "sale" or "sharing" of identifiable personal information under applicable law, we will provide a clear opt-out mechanism. Kinvera will not discriminate against you for exercising any privacy right.
To exercise any of these rights, contact us at hello@kinverahealth.com or submit a request through your account settings. We will respond within 30 days. Complex requests may require up to 90 days; we will notify you if additional time is needed. We may verify your identity before processing your request.
In future product tiers, insurers or employer sponsors may offer Kinvera access to their members or employees. In any such arrangement, insurers receive aggregated, de-identified population insights only by default. Individual-level data is shared only with your explicit opt-in consent, obtained through a separate consent flow, and you may revoke that consent at any time, with revocation taking effect within 30 days. Kinvera will identify the sponsoring insurer and describe the specific data shared at the time of consent.
Research collaborations use aggregated, de-identified data only. Individual-level data is never shared with research partners without explicit user consent. All research partnerships require formal data use agreements aligned with applicable law.
The Platform is intended for adults. You must be at least 18 years old to create a Kinvera account, and we verify this with your date of birth at signup. We do not knowingly allow anyone under 18 to register as a user, and if we learn that someone under 18 has created an account, we will take prompt steps to close it.
Because Kinvera is a family health platform, the family history you record as an adult account holder may include information about minor relatives, such as a child or a younger sibling. Childhood and early-onset conditions are a meaningful part of family health history, so the Platform allows you to record them. By entering health information about a minor relative, you confirm that you have an appropriate basis to do so, for example because you are the minor's parent or guardian, or because you help maintain your family's health record.
A minor, or a parent or guardian acting for them, may request removal of information about that minor at any time by contacting hello@kinverahealth.com. We will remove or de-identify that information promptly after we verify the request.
Kinvera retains your identifiable personal data only as long as necessary to provide the Platform services or comply with applicable legal obligations. When you delete your account, identifiable data is removed from active systems promptly and flagged for purge from backups within our retention window. Certain data may be retained beyond account deletion where required by law, to resolve disputes, or to enforce our agreements. Aggregated, de-identified statistical data may be retained indefinitely as it cannot reasonably be linked back to any individual.
Kinvera stores and processes data in the United States, and the Platform is intended for U.S. residents. If you access the Platform from outside the United States, your data will be transferred to and processed in the U.S., which may not provide the same level of data protection as your home jurisdiction. Kinvera does not currently offer services to European Union or European Economic Area residents.
Kinvera's privacy practices are designed to align with the FTC Health Breach Notification Rule and applicable state privacy statutes, including the California Consumer Privacy Act (CCPA/CPRA), the Washington My Health My Data Act, the Maryland Online Data Privacy Act (MODPA), the Colorado Privacy Act, Virginia VCDPA, Connecticut CTDPA, Texas TDPSA, and Utah UCPA. We apply a highest-common-denominator privacy standard across all users rather than a fragmented state-by-state approach.
We may update this Privacy Policy periodically. Material changes will be communicated by email, in-app notice, or by requiring acceptance of a new version at next login. The effective date at the top of this page will always reflect the most recent revision. Historical versions are available upon request.