HIPAA Notice

1. Who We Are

KinGuardian by Kaspyan Group operates kinguardian.app, a caregiving coordination platform that helps family members, personal caregivers, and care teams organize health-related information, documents, medications, and care communications for their loved ones.

We are not a covered entity under the Health Insurance Portability and Accountability Act (HIPAA), 45 C.F.R. Parts 160 and 164. We do not provide healthcare services, submit insurance claims, or operate as a health plan or healthcare clearinghouse.

2. What This Means For You

Because KinGuardian is not a HIPAA Covered Entity:

• The HIPAA Privacy Rule does not directly govern how we handle the health information you enter into the platform. Your healthcare providers, insurers, and hospitals remain responsible for their own HIPAA-compliant handling of your medical records.
• Information you upload, enter, or share through KinGuardian is governed by our Privacy Policy and Terms of Service, not by HIPAA directly.
• You control what health information you enter into KinGuardian and who on your care team can access it.

Despite not being required to comply with HIPAA as a Covered Entity, we have voluntarily adopted privacy and security practices aligned with HIPAA standards because we believe your health information deserves the highest level of protection.

3. How We Protect Health Information

We implement the following protections for all health-related information stored in KinGuardian:

• Encryption in transit and at rest. All data transmitted to and from KinGuardian is encrypted using TLS 1.2 or higher. Data at rest is encrypted using industry-standard AES-256 encryption.
• Role-based access control. Care circle members access only the data their assigned role permits (Owner, Co-Caregiver, Viewer, Physician, Family Guest). No one outside your care circle can access your data.
• Row-Level Security (RLS). Database-level policies enforce that every query is scoped to the authenticated user's care circles. Even an internal query cannot return data belonging to another circle.
• Minimal data sharing. We do not sell your health information. We share it only with the service providers necessary to operate the platform (listed in our Privacy Policy) and only under strict data processing agreements.
• Audit logging. Material actions (document access, AI analysis, care team changes) are logged for security review.
• No use for AI training. Health information you enter is never used to train AI models outside of your own session context.

4. Information We Handle

Through normal use of KinGuardian, you may enter or upload the following categories of health-related information:

• Personal identifiers (name, date of birth, gender, address) for care recipients
• Medical record numbers, insurance policy numbers, and claim numbers
• Diagnoses, medications, allergies, lab results, and imaging reports
• Physician names, clinic names, appointment history, and care notes
• Scanned or photographed medical documents, discharge summaries, and letters
• Insurance Explanations of Benefits (EOBs) and billing statements
• Legal documents related to healthcare decisions (e.g., POA, POLST, advance directives)

You decide what to enter. You are not required to upload actual medical records — KinGuardian functions as a personal organizational tool, and you control the scope of information stored.

5. Your Rights Over Your Information

Although HIPAA’s patient rights provisions apply to your healthcare providers (not to KinGuardian), we provide equivalent rights over the data you store with us:

• Access. You can view all data you have entered at any time through the KinGuardian application.
• Correction. You can edit or delete records, documents, medications, and other information you have entered.
• Deletion. You can delete your account and all associated data by contacting us at support@kinguardian.app. Data is deleted or anonymized within 30 days.
• Portability. You can request an export of your data in a machine-readable format.
• Objection. You can withdraw consent and stop using KinGuardian at any time. Terminating your account stops all processing of your data.

6. When KinGuardian May Act as a Business Associate

If KinGuardian is used by a HIPAA Covered Entity (for example, a physician practice deploying KinGuardian for care coordination of their patients), KinGuardian may be acting as a Business Associate under HIPAA. In such cases:

• A Business Associate Agreement (BAA) must be executed between KinGuardian and the Covered Entity before any Protected Health Information (PHI) is processed.
• Use of KinGuardian without a signed BAA, where PHI of patients of a Covered Entity is involved, is not permitted.
• To request a Business Associate Agreement, contact support@kinguardian.app.

Typical individual and family users of KinGuardian are not Covered Entities, and no BAA is required for personal use of the platform.

7. Third-Party Service Providers

KinGuardian uses the following third-party service providers that may process health-related information stored on the platform. Each operates under a data processing agreement or equivalent contractual safeguards:

This product uses the Blue Button APIs but is not endorsed or certified by the Centers for Medicare & Medicaid Services or the U.S. Department of Health and Human Services.

8. Security Incident Notification

In the event of a security incident that results in unauthorized access to health-related information stored in KinGuardian, we will:

• Investigate and contain the incident promptly.
• Notify affected users via the email address on file within a reasonable timeframe (targeting no more than 72 hours after discovery for significant incidents).
• Describe what information was affected, what we have done to address it, and steps you can take to protect yourself.
• Notify relevant regulatory authorities where required by applicable law.

9. Contact Us

If you have questions about this HIPAA Notice, our privacy practices, or would like to request a Business Associate Agreement, please contact us: