Klararety Platform Privacy Policy

Introduction

At Klararety ("we," "our," or "us"), we are committed to protecting your privacy and the security of your information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our platform, website, mobile applications, and related services (collectively, the "Services").

We understand the sensitive nature of healthcare information and take our responsibility to protect your data seriously. This Privacy Policy is designed to comply with applicable data protection laws, including the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), the California Consumer Privacy Act ("CCPA"), the General Data Protection Regulation ("GDPR"), and other applicable privacy laws.

Please read this Privacy Policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

1. Key Terms

Before we dive into the details, let's clarify some key terms used throughout this Privacy Policy:

Personal Information:

Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.

Protected Health Information (PHI):

Individually identifiable health information transmitted or maintained in any form or medium by a covered entity or business associate, as defined under HIPAA.

De-identified Information:

Information that has been modified so that it no longer identifies or provides a reasonable basis to identify an individual.

Covered Entity:

A health plan, healthcare clearinghouse, or healthcare provider who transmits health information electronically, as defined by HIPAA.

Business Associate:

A person or entity that performs certain functions or activities involving the use or disclosure of PHI on behalf of, or provides services to, a Covered Entity.

2. Information We Collect

We collect several types of information from and about users of our Services, including:

2.1 Information You Provide to Us

You may provide us with various types of information when you register for, access, or use our Services, including:

• Account Information: When you create an account, we collect your name, email address, phone number, professional credentials (for healthcare providers), and login credentials.
• Profile Information: Information you provide in your user profile, such as your photograph, professional background, and specialties (for healthcare providers).
• Health Information: If you are a patient or end-user, we may collect health information you provide, including medical history, symptoms, diagnoses, treatments, medications, and other health-related information.
• Payment Information: If you subscribe to our paid Services, we collect payment details, billing address, and other financial information necessary to process your payment. Note that payment processing is handled by our third-party payment processors, and we do not store complete credit card information on our servers.
• Communications: When you contact us, we collect information you provide in your communications, including customer support inquiries, feedback, and testimonials.
• User Content: Information you post, upload, or otherwise share through our Services, such as comments, documents, or other content.

2.2 Information We Collect Automatically

When you access or use our Services, we may automatically collect certain information about your equipment, browsing actions, and patterns, including:

• Device Information: Information about your device and internet connection, including your device's unique device identifier, IP address, operating system, browser type, mobile network information, and device settings.
• Usage Information: Details of your visits to our Services, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Services.
• Location Information: We may collect information about your precise or approximate location as determined through data such as your IP address or mobile device's GPS when you enable location services.
• Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to track activity on our Services and to collect certain information. For more information, see the "Cookies and Tracking Technologies" section below.

2.3 Information from Third Parties

We may receive information about you from third parties, including:

• Healthcare Providers: If you are a patient, your healthcare provider may share your health information with us when using our Services to coordinate your care.
• Business Partners: We may receive information about you from our business partners, such as identity verification services, analytics providers, and marketing partners.
• Public Sources: We may collect information about you from publicly available sources, such as public healthcare provider directories or professional licensing boards.

3. How We Use Your Information

We use the information we collect for various purposes, including:

3.1 Providing and Improving Our Services

• To provide, maintain, and improve our Services.
• To process transactions and manage your account.
• To respond to your inquiries, comments, or concerns.
• To develop new products, services, features, and functionality.
• To monitor and analyze trends, usage, and activities in connection with our Services.
• To personalize your experience with our Services.

3.2 Communications

• To communicate with you about your account, services, updates, security alerts, and support messages.
• To provide information about products, services, or events that may be of interest to you, where you have consented to receive such communications.
• To respond to your inquiries, requests, and feedback.

3.3 Legal and Safety Purposes

• To comply with legal obligations and regulatory requirements.
• To enforce our terms, conditions, and policies.
• To protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or others.
• To investigate and prevent fraudulent transactions, unauthorized access to our Services, and other illegal activities.

3.4 With Your Consent

For any other purpose with your consent.

3.5 Aggregated and De-identified Data

We may use aggregated or de-identified information, which does not identify any individual, for any purpose permitted under applicable law, including for research, analytics, and improving our Services.

4. How We Share Your Information

We may share your information in the following circumstances:

4.1 With Your Consent

• We may share your information when you direct us to do so or provide your consent.
• For healthcare providers using our Services, we will share patient information as directed by you and as permitted by applicable law.

4.2 Service Providers

• We may share your information with third-party service providers who perform services on our behalf, such as hosting providers, payment processors, analytics providers, customer service providers, and marketing providers.
• These service providers are required to maintain the confidentiality and security of your information and are prohibited from using your information for any purpose other than providing services to us.

4.3 Business Transactions

• If we engage in a merger, acquisition, sale of assets, financing, or other corporate transaction, we may share or transfer your information as part of that transaction.
• In such cases, we will require the recipient to honor this Privacy Policy.

4.4 Legal Requirements

• We may disclose your information if required to do so by law or in response to valid requests from public authorities (e.g., a court or government agency).
• We may also disclose your information to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or others.

4.5 Healthcare Partners

• If you are a patient, we may share your information with your healthcare providers who use our Services and with other healthcare partners involved in your care, as permitted by applicable law.
• If you are a healthcare provider, we may share information about your practice with patients who use our Services to connect with providers.

4.6 Aggregated and De-identified Information

We may share aggregated or de-identified information, which cannot reasonably be used to identify you, for various purposes, including research, analysis, and improving our Services.

5. Your Rights and Choices

Depending on your location and applicable law, you may have certain rights regarding your personal information. These rights may include:

5.1 Access and Data Portability

• You have the right to access the personal information we hold about you.
• You may request a copy of your personal information in a structured, commonly used, and machine-readable format.

5.2 Correction

You have the right to request that we correct inaccurate or incomplete personal information about you.

5.3 Deletion

• You have the right to request the deletion of your personal information in certain circumstances.
• We may retain certain information as required by law or for legitimate business purposes.

5.4 Restriction and Objection

• You have the right to request that we restrict the processing of your personal information in certain circumstances.
• You have the right to object to the processing of your personal information in certain circumstances.

5.5 Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

5.6 Marketing Communications

• You can opt out of receiving marketing communications from us by following the unsubscribe instructions included in each communication or by contacting us.
• Even if you opt out of marketing communications, we may still send you administrative communications, such as service announcements and account-related messages.

5.7 Cookies and Tracking Technologies

You can manage your cookie preferences through your browser settings. For more information, see the "Cookies and Tracking Technologies" section below.

5.8 How to Exercise Your Rights

To exercise any of the rights described above, please contact us using the contact information provided at the end of this Privacy Policy. We may need to verify your identity before responding to your request. We will respond to your request within the time period required by applicable law.

6. Data Security

We have implemented appropriate technical and organizational measures designed to secure your information from accidental loss and from unauthorized access, use, alteration, and disclosure. These measures include:

• Encryption of sensitive information both in transit and at rest.
• Regular security assessments and penetration testing.
• Access controls and authentication mechanisms.
• Employee training on data protection and security practices.
• Physical, electronic, and procedural safeguards.
• Business continuity and disaster recovery plans.

Despite our efforts, no security system is impenetrable, and we cannot guarantee the security of our systems or your information. You are responsible for maintaining the secrecy of any credentials used to access your account and for taking appropriate measures to protect your own information.

If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us using the contact information provided at the end of this Privacy Policy.

7. Data Retention

We retain your information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider:

• The amount, nature, and sensitivity of the personal information.
• The potential risk of harm from unauthorized use or disclosure of your personal information.
• The purposes for which we process your personal information and whether we can achieve those purposes through other means.
• The applicable legal, regulatory, tax, accounting, or other requirements.

In some circumstances, we may anonymize your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

For personal health information, we comply with applicable laws, including HIPAA, regarding retention periods.

8. Children's Privacy

Our Services are not intended for children under the age of 18, and we do not knowingly collect personal information from children under 18. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information.

If you believe we might have any information from or about a child under 18, please contact us using the contact information provided at the end of this Privacy Policy.

9. International Data Transfers

We are based in the United States and the information we collect is governed by U.S. law. If you are accessing our Services from outside the United States, please be aware that information collected through our Services may be transferred to, processed, stored, and used in the United States and other countries where our data processors operate.

If we transfer your personal information from the European Economic Area (EEA), United Kingdom, or Switzerland to a country that has not received an adequacy decision from the European Commission, we will implement appropriate safeguards, such as standard contractual clauses, to protect your personal information.

By using our Services, you consent to the transfer of your information to the United States and other countries, which may have different data protection rules than those of your country.

10. HIPAA Compliance

10.1 Business Associate Agreement

If you are a Covered Entity under HIPAA and you use our Services in a way that involves PHI, we will enter into a Business Associate Agreement (BAA) with you. The BAA sets forth our obligations with respect to PHI and compliance with HIPAA.

10.2 Use and Disclosure of PHI

As a Business Associate, we will:

• Use or disclose PHI only as permitted or required by the BAA or as required by law.
• Use appropriate safeguards to prevent unauthorized use or disclosure of PHI.
• Report to you any use or disclosure of PHI not provided for by the BAA of which we become aware.
• Ensure that any subcontractors that create, receive, maintain, or transmit PHI on our behalf agree to the same restrictions and conditions.
• Make available PHI as required to fulfill your obligations to provide individuals with access to their PHI and accounting of disclosures.
• Return or destroy all PHI received from you or created or received on your behalf, if feasible, upon termination of the BAA.

10.3 Patient Rights

If you are a patient whose healthcare provider uses our Services, your PHI is protected under HIPAA. You have certain rights regarding your PHI, including the right to:

• Access your PHI.
• Request corrections to your PHI.
• Request restrictions on certain uses and disclosures of your PHI.
• Request an accounting of disclosures of your PHI.
• Request communications of your PHI by alternative means or at alternative locations.
• Receive notification of breaches of unsecured PHI.

To exercise these rights, please contact your healthcare provider directly, as they are the Covered Entity responsible for your PHI.

11. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information.

11.1 Right to Know

You have the right to request that we disclose certain information to you about our collection, use, disclosure, and sale of your personal information over the past 12 months.

11.2 Right to Delete

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.

11.3 Right to Opt-Out of Sale or Sharing

If we sell or share your personal information, you have the right to opt-out of the sale or sharing of your personal information.

11.4 Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

• Deny you goods or services.
• Charge you different prices or rates for goods or services.
• Provide you a different level or quality of goods or services.
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

11.5 Exercising Your California Privacy Rights

To exercise the rights described above, please submit a verifiable consumer request to us using the contact information provided at the end of this Privacy Policy.

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

The verifiable consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

12. European Privacy Rights

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) or similar data protection laws provide you with certain rights regarding your personal data.

12.1 Legal Basis for Processing

We will only collect and process your personal data where we have a legal basis to do so. Legal bases include:

• Consent: You have given us consent to process your personal data for a specific purpose.
• Contract: The processing is necessary for the performance of a contract with you.
• Legal Obligation: The processing is necessary for us to comply with a legal obligation.
• Legitimate Interests: The processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.

12.2 Data Protection Rights

In addition to the rights described in the "Your Rights and Choices" section, you have the right to:

• Withdraw Consent: If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.
• Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates data protection laws.

12.3 International Transfers

If we transfer your personal data from the EEA, United Kingdom, or Switzerland to a country that has not received an adequacy decision from the European Commission, we will implement appropriate safeguards, such as standard contractual clauses, to protect your personal data.

13. Cookies and Tracking Technologies

13.1 What Are Cookies

Cookies are small text files that are stored on your device when you visit a website. We and our third-party service providers use cookies and similar technologies (such as web beacons, pixels, and clear GIFs) to:

• Enable certain functions of our Services.
• Provide analytics.
• Store your preferences.
• Enable advertisements delivery, including behavioral advertising.

13.2 Types of Cookies We Use

• Essential Cookies: These cookies are necessary for our Services to function properly and cannot be switched off in our systems.
• Performance Cookies: These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our Services.
• Functional Cookies: These cookies enable the Services to provide enhanced functionality and personalization.
• Targeting Cookies: These cookies may be set through our Services by our advertising partners to build a profile of your interests and show you relevant advertisements on other sites.

13.3 Managing Cookies

Most web browsers allow you to manage your cookie preferences. You can set your browser to refuse cookies, or to alert you when cookies are being sent. The methods for doing so vary from browser to browser, and from version to version.

Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services.

13.4 Do Not Track Signals

Some web browsers may transmit "Do Not Track" signals to the websites and other online services with which the browser communicates. There is no standard that governs what, if anything, websites should do when they receive these signals. We currently do not take action in response to these signals.

14. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to those third-party services. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party services.

We encourage you to review the privacy policies of any third-party services you access through our Services.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes to this Privacy Policy, we will notify you by email or through our Services prior to the changes becoming effective.

We encourage you to review this Privacy Policy periodically to stay informed about our information practices. Your continued use of our Services after we make changes is deemed to be acceptance of those changes.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Effective Date: May 10, 2025
Last Updated: May 10, 2025