Kip Labs, Inc.
Last Updated: May 29, 2016
Collection and Use of Information
Information Collected or Received from You
Our primary goals in collecting information are to provide and improve our Services, to administer your use of the Services, and to enable you to enjoy and easily navigate our Services.
If you create an account as a patient (“Patient Account”) or as a Clinician (“Clinician Account”), we may collect certain information that can be used to identify you, such as your name, email address, and phone number (“PII”). We may also collect your gender, date of birth and other information that is not considered PII because it cannot be used by itself to identify you.
By signing up to Kip you grant Kip permission to coordinate and manage bookings between you and your clinician. You also grant Kip access to data required to perform the job of coordinating and managing bookings including and limited to: your first name + last initial, phone number, email, appointment date, time, and provider name. We access the minimum amount of data required to do our job and this information is only used to coordinate bookings. Kip has permission to share this information with your clinician.
If you have a Patient Account, the Services collect active data, which requires input from you, and also passive data, meaning that once you authorize access, the data will be collected periodically without any additional action or input required. Active data includes tracking whether you did or did not take action on your care plan, as well as notes, ratings, and messages. These communications are customized by your Clinician and help gather data about your current state and situation so that your Clinician can better understand how you are doing and how certain situations affect you. Passive data may include Cookies (defined below) and information about the time you spent using the Services.
Our servers automatically record certain information about how a person uses our Services (we refer to this information as “Log Data”), including both Account holders and non-Account holders (either, a “User”). Log Data may include information such as a User’s Internet Protocol (IP) address, browser type, operating system, the web page that a User was visiting before accessing our Services, the pages or features of our Services to which a User browsed and the time spent on those pages or features, search terms, the links on our Services that a User clicked on and other statistics. We use Log Data to administer the Services and we analyze (and may engage third parties to analyze) Log Data to improve, customize and enhance our Services by expanding their features and functionality and tailoring them to our Users’ needs and preferences. We may use a person’s IP address to generate aggregate, non-identifying information about how our Services are used. Information Sent by Your Mobile Device. We collect certain information that your mobile device sends when you use our Services, like a device identifier, user settings and the operating system of your device, as well as information about your use of our Services.
When you use our App, we may collect and store information about your location by converting your IP address into a rough geo-location or by accessing your mobile device’s GPS coordinates or coarse location if you enable location services on your device. We may use location information to improve and personalize our Services for you. If you do not want us to collect location information, you may disable that feature on your mobile device.
We will not share any PII that we have collected from or regarding you except as described below:
We may engage third-party services providers to work with us to administer and provide the Services. These third-party services providers have access to your PII only for the purpose of performing services on our behalf and are expressly obligated not to disclose or use your PII for any other purpose.
We may share aggregated information and non-identifying information with third parties for industry research and analysis, demographic profiling and other similar purposes. Any aggregated information shared in these contexts will not contain your PII. Such information shall be de-identified and handled in conformance with the Health Insurance Portability and Accountability Act of 1996 and its privacy and security regulations (“HIPAA”). We may also use Mixpanel to provide us with analytics data regarding our Users’ interactions with our Services. You can opt out by visiting https://mixpanel.com/optout/.
We offer you choices regarding the collection, use and sharing of your PII and we’ll respect the choices you make. Please note that if you decide not to provide us with the PII that we request, you may not be able to access all of the features of the Services.
Our Site does not have the capability to respond to “Do Not Track” signals received from various web browsers.
We take reasonable administrative, physical and electronic measures designed to protect the information that we collect from or about you (including your PII) from unauthorized access, use or disclosure. When you enter sensitive information on our forms, we encrypt this data using SSL or other technologies. Please be aware, however, that no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we cannot guarantee the absolute security of any information.
Your PII may be transferred to, and maintained on, computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you’re located outside the United States and choose to provide your PII to us, we may transfer your PII to the United States and process it there.
The child’s Clinician is responsible for confirming receipt of a consent form for the child before providing an access code, and for providing parents or legal guardians access to their child’s Patient Account so that the parent or legal guardian may review, modify or delete any PII contained in the child’s Patient Account. The child’s parent or legal guardian has the right to refuse further collection, use, and/or disclosure of their child’s PII by notifying the child’s Clinician. If we learn that we have received PII from a child under 13 without the child’s Clinician having obtained written consent from the child’s parent or guardian, we will delete the child’s Patient Account. Please contact us at firstname.lastname@example.org if you believe that a child under 13 may have created a Patient Account without the consent of the child’s parent or legal guardian.
Use of Protected Health Information
If you have registered a Patient Account with Kip Labs, you have agreed to the Patient Terms of Service which describe our practices and your obligations with regard to your protected health information (“PHI”). Please read and review the Patient Terms of Service carefully as they are a contract between you and Kip Labs. We may use your PHI in the following ways: As part of the Services, we may deliver your PHI to your Clinician. Your Clinician should give you a notice of privacy practices that describe how your Clinician uses and discloses your PHI, including through the Services. As directed by your Clinician, we may give your PHI to other Clinicians or health care providers for the purposes of your treatment. We may also disclose your PHI to individuals who are not health care providers such as your teacher, but if the person to whom we are directed to disclose your PHI is not a health care provider, we’ll only disclose your PHI to that person if you provide a release form to your Clinician allowing us to do so. Your Clinician's ability to disclose your PHI for these and similar purposes is restricted by applicable federal law and state law, including HIPAA and the applicable privacy laws of the state in which you reside. If you wish to restrict the disclosures that your Clinician makes of your PHI, you should make a request directly to your Clinician. To the extent your PHI becomes part of your Clinician’s health records, you may not be able to delete it. We may also use your PHI to operate our Services, and we may give it to our services providers to assist us in providing Services. We may disclose it if we are compelled to do so by law, including valid legal process.
We may aggregate your PHI with that of other patients who use the Services, and share such aggregated information with health care providers and their business associates for health care operations purposes, or other purpose(s) in accordance with applicable state and federal law.
In order to maintain the security of your Patient Account, we may monitor and keep a log of access to it, and we may maintain the log until we determine it is no longer needed.
We may use IP addresses and device identifiers to analyze trends, administer the Services and gather broad demographic information for aggregate use. We do not link IP addresses and device identifiers to PII or PHI.
We are permitted to remove personal identifiers from your PII, including PHI, so that it cannot reasonably be used to identify you. We may use your PHI collected through the Services to create de-identified information (i.e., information that does not identify you).
As part of the Patient Terms of Service, you transfer and assign to us all right, title and interest in and to all such de-identified information, and you agree that we may use, disclose, market, license and sell such de-identified information for any purpose without restriction, and that you have no interest in such de-identified information, or in the proceeds of any sale, license, or other commercialization thereof.