Privacy Policy

KindredLink, Inc. (“KindredLink,” “we,” “us,” or “our”) is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, store, and safeguard information when you access or use our website(s), applications, platform, and related services (collectively, the “Services”).

By accessing or using the Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, you must discontinue use of the Services immediately.

1. Information We Collect

1.1 Information You Provide Directly

• Account Information: Name, email address, phone number, role/title, and facility or organization affiliation when you create an account, request a demo, or contact us.
• Veteran Life-History Data: Biographical information, personal narratives, family history, military service history (including branch, service era, deployments, and rank), career history, and other life details provided during onboarding or through AI conversations. This data may constitute Protected Health Information (“PHI”) as defined by HIPAA.
• Voice and Audio Data: Voice recordings captured with explicit consent for the Digital Presence (Eternal Voice) feature, including speech patterns, vocal characteristics, and conversational content.
• Media Uploads: Photographs, documents, and other media uploaded by users or family members.
• Communication Data: Messages, inquiries, and correspondence sent through our contact forms, email, or support channels.
• Payment Information: Billing details processed through our third-party payment processor. KindredLink does not store credit card numbers or financial account details on our servers.

1.2 Information Collected Automatically

• Device and Usage Data: IP address, browser type, operating system, device identifiers, pages viewed, referring URLs, and interaction patterns with the Services.
• Location Data: Approximate location derived from IP address. For facilities using our Indoor Positioning System, precise indoor location data is collected from BLE beacons and wearable devices worn by residents with appropriate consent.
• Wearable Device Data: Health and activity metrics collected from Garmin and other compatible wearable devices, including step counts, heart rate, sleep data, and movement patterns. This data may constitute PHI.
• Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to operate the Services, analyze usage, and improve user experience. See Section 8 for details.

1.3 Information from Third Parties

• Facility-Provided Data: VA medical centers and care facilities may provide resident information during onboarding, including demographic data, care plans, and medical history, subject to appropriate authorization and consent.
• Family-Provided Data: Family members may contribute photographs, stories, and biographical details about their veteran family member.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, personalize, and improve the Services, including AI-powered conversations, cognitive therapy (Legacy Quest), life-story preservation, indoor positioning, family engagement features, and Digital Presence.
• AI Personalization: To generate personalized content, memory games, storybooks, and conversation responses tailored to each individual veteran's life history and preferences.
• Clinical Reporting: To generate cognitive engagement metrics, session analytics, and care reports for authorized care team members.
• Safety and Wellbeing: To detect signs of cognitive decline, emotional distress, or crisis situations and facilitate appropriate responses, including referral to the Veterans Crisis Line (988, Press 1).
• Communication: To respond to inquiries, send service updates, and provide technical support.
• Security and Fraud Prevention: To protect the integrity of the Services, detect unauthorized access, and prevent fraud or abuse.
• Legal Compliance: To comply with applicable laws, regulations, and legal obligations.
• Analytics and Improvement: To analyze usage patterns and improve the Services. We use aggregated, de-identified data for this purpose whenever possible.

3. AI and Your Data

• No Model Training: Your personal data, veteran life-history data, conversations, voice recordings, and any data that could constitute PHI are never used to train, fine-tune, or improve third-party AI models. This includes models provided by Anthropic (Claude), Google (Gemini), or any other AI provider.
• Data Processing: AI models process your data in real-time to generate responses, content, and analytics. This processing is performed under our data processing agreements with AI providers, which prohibit the use of input data for model training.
• Data Retention by AI Providers: We select AI providers that do not retain input or output data beyond the immediate processing session, consistent with their enterprise and API terms of service.

4. How We Share Your Information

We do not sell your personal information. We may share information in the following circumstances:

• With Authorized Care Teams: Facility staff with appropriate role-based access may view resident data, session reports, and analytics as necessary for care delivery.
• With Family Members: Information is shared with family members only as authorized by the veteran, their legal representative, or the facility in accordance with applicable law and consent protocols.
• Service Providers: We engage third-party service providers (cloud hosting, payment processing, AI processing, analytics) who process data on our behalf under contractual obligations to maintain confidentiality and security.
• Legal Requirements: We may disclose information when required by law, court order, subpoena, or government investigation, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of the transaction, subject to the same privacy protections described in this Policy.
• With Your Consent: We may share information for purposes not described here with your explicit consent.

5. Data Security

We implement administrative, technical, and physical safeguards designed to protect your information, including:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256).
• Role-based access controls with the principle of least privilege.
• Audit logging of all data access and modifications.
• Regular security assessments and vulnerability monitoring.
• Logical isolation of facility data in multi-tenant environments.
• Incident response procedures for suspected data breaches.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention and Deletion

• We retain personal information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements.
• Veterans, authorized family members, or facility administrators may request deletion of veteran data at any time. Upon verified request, we perform a complete deletion of all associated data, AI-generated content, media, and records.
• Certain data may be retained in anonymized or aggregated form for analytical purposes after deletion of identifiable records.
• Audit logs required for compliance purposes are retained in accordance with applicable retention schedules and cannot be deleted on individual request.

7. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Portability: Request an export of your data in a structured, commonly used, machine-readable format.
• Restriction: Request that we limit our processing of your data in certain circumstances.
• Objection: Object to processing of your data for certain purposes.
• Withdrawal of Consent: Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@kindredlink.ai. We will respond within 30 days (or sooner if required by applicable law).

8. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

• Strictly Necessary: Required for the Services to function (authentication, security, load balancing). Cannot be disabled.
• Analytics: Help us understand how visitors interact with our website. We use privacy-focused analytics that do not track individual users across sites.
• Functional: Remember your preferences and settings (theme, language, session state).

We do not use advertising cookies, retargeting pixels, or sell cookie data to third parties. You may manage cookie preferences through your browser settings.

9. Children's Privacy

The Services are not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, contact us at privacy@kindredlink.ai.

10. International Data Transfers

Your information may be transferred to and processed in the United States and other jurisdictions where our service providers operate. These jurisdictions may have data protection laws that differ from those in your country of residence. By using the Services, you consent to the transfer of your information to the United States and other jurisdictions as described in this Policy. We implement appropriate safeguards for international transfers, including contractual protections with our service providers.

11. State-Specific Disclosures

California (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act, including the right to know, delete, correct, and opt out of the sale or sharing of personal information. We do not sell or share personal information as defined by California law. To exercise your rights, contact us at privacy@kindredlink.ai.

Virginia, Colorado, Connecticut, and Other States

Residents of states with comprehensive privacy laws may have similar rights. Contact us to exercise any applicable rights under your state's privacy law.

12. Third-Party Links and Services

The Services may contain links to third-party websites, applications, or services not operated by us. We are not responsible for the privacy practices or content of third-party services. We encourage you to review the privacy policies of any third-party services you access through our platform.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Services. We will notify you of material changes by posting the updated Policy on our website with a revised “Last Updated” date and, where required by law, by providing additional notice (such as email notification). Your continued use of the Services after the effective date of the updated Policy constitutes your acceptance of the changes.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at: