PRIVACY POLICY

Effective date: December 20, 2024

Kandu Health™, Inc., its affiliated entities, and its partnered professional corporations in various states (collectively, “Kandu”) are committed to respecting your privacy and protecting your personal information, whether you are a Stroke Survivor, Care Partner, or other user (collectively, “you”). This Privacy Policy explains the types of personal information we may collect from visitors to our websites, including www.kanduhealth.com and www.kandustroke.com and all related websites, mobile apps, and web-based services, including the Kandu Mobile App (our “Sites”). This Policy also describes how we use personal information, the purpose for sharing and recipients of personal information, and your available rights and choices associated with that information.

Some of the information we collect, use, and disclose is done so for purposes of providing healthcare and regulated by the federal Health Insurance Portability and Accountability Act (“HIPAA”) and similar federal and state laws, including the privacy and security protections of those laws (collectively, “protected health information” or “PHI”). This Policy does not apply to PHI, and any overlapping coverage of PHI in this policy is incidental and provided to enhance your understanding of our data collection and use practices, and does not constitute a waiver of applicable exceptions to privacy and other laws that may apply to Kandu. You can find more information about our collection and use of PHI in our HIPAA Notice of Privacy Practices.

This Privacy Policy does not apply to third-party websites, products or services, even if they link to our Sites. We recommend you review the privacy practices of those third parties before connecting accessing third-party websites and sharing any personal data.

We also encourage you to review our Terms of Use to understand how your personal data will be treated as you make full use of our Sites. Unless otherwise defined in this Privacy Policy, capitalized terms used in this Privacy Policy have the same meanings as in our Terms of Use.

This Privacy Policy is provided in a layered format. You can jump to a specific section by clicking on the section below.

For purposes of this Privacy Policy, “personal data” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an identifiable individual. Personal data includes “personal information” as that term is defined in applicable privacy laws. The personal information we collect through our Sites will be apparent by the context of the page, and may include but is not limited to the following types of information.

  1.  Personal information you provide to us.
    We may collect the following personal data about you that you choose to provide us when you use our Sites:
    • Account information. As part of sign up for an account, Kandu may ask for your first and last name, email address, user ID, account password, phone number, date of birth, and gender.
    • Profile and demographic information. As part of your use of our Sites, you may be presented with the opportunity to provide certain information about yourself in order to fill out your biography, such as your preferred language, gender identity and contact information. You may also have the opportunity to provide your photograph, voice recordings, and similar audio or visual information.
    • Health and medical information. In addition to any health and medical information that we may receive from your healthcare providers as described in Section 1(b) below, you may be presented with the opportunity to provide further information regarding your medical condition, treatment, impairments you are experiencing, and related health and medical information, and related information and observations about yourself during sign up, via self-directed tools, or when you provide information to one of our navigators.
    • Information in communications and posted content. Kandu offers many ways for Stroke Survivors, Care Partners, and other users to connect with and communicate with each other as part of its community, including through posts to Kandu’s various communities and one-on-one messaging. Any personal data that you choose to include in those communications, posts, and related features will be collected by our Sites and used for the purposes described in this Privacy Policy.
    • Payment information. If you sign up for a paid product or service from us, you may be required to provide your medical insurance information, your payment card or bank account information, and billing address.
  2. Information we receive from your healthcare providers
    We may collect certain personal data and other data about you from your healthcare provider(s) in accordance with your agreement to use our Sites and the terms of our partnership with your healthcare provider(s). This may include your health and medical information, in addition to your contact information, demographic information, information regarding your healthcare team, and other similar information. Because some or all of this information may be provided in connection with your healthcare provider’s provision of health care to you, the information may be protected health information and therefore not subject to this Privacy Policy . We also encourage you to review our HIPAA Notice of Privacy Practices and the privacy policies and notices of your healthcare provider to learn more information about how it is collected, used, and shared, and what rights you may have regarding that information.
  3. Information we receive from our clients and business partners
    We may collect certain personal data about you from our clients and business partners, in order to provide clinical consultation and assessment of stroke survivors to determine patients who may benefit from their products and services, in accordance with your agreement to use our Sites and the terms of our partnership with our clients and business partners. This may include your health and medical information, in addition to your contact information, demographic information, and payment information.
  4. Information we receive from other users
    Kandu may collect certain personal data about you that is included in content provided by other users (for example, people you share the account with and your Navigator) and used for the purposes described in this Privacy Policy.
  5. Information we automatically collect
    Certain of our Sites use cookies and other tracking technologies such as web beacons, embedded scripts, and tags (“Cookies”), which collect information from you automatically as you use the Sites.
    Please note that www.kandustroke.com and the Kandu Mobile App does not collect personal data via Cookies. However, www.kanduhealth.com may collect personal data via Cookies, including:
    • Browser and device data, such as IP address, device identifier, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer and model, language, plug-ins, add-ons, and the language version of the Sites you are visiting; and
    • Usage data, such as geolocation data, browsing history, time spent on the Sites, pages visited, links clicked, language preferences, patterns of use, and the pages that led or referred you to our Sites.

The Kandu Mobile App and www.kanduhealth.com also utilize tracking technologies to collect and record your activities and movements throughout your browsing session within the application, including touches, movements, data entered, and device information and orientation (“Session Data”), for purposes of our own internal analytics and improving our products, services, and user experience. Such tracking may include recorded sessions, which we may play back for these purposes. We may share Session Data with our third-party analytics or service providers, which may change from time-to-time, for these purposes, who will use the Session Data solely on our behalf and for our benefit.
Please review our Cookie Policy below for more information about our use of these technologies.

Aggregated, anonymized, and deidentified information
We may create aggregated, anonymous or de-identified data from personal data by removing data components that make the data personally identifiable to you or through obfuscation or other means. Our use of aggregated, anonymized and de-identified data is not subject to this Privacy Policy.

We may use the personal data we collect for the following purposes:

  1. Our Services
    We use the personal data we collect to provide, maintain and improve our Sites and the services that Kandu offers through them (our “Services”). This includes:
    • To provide you with requested Services, as they are described when you first register on our Sites and as may be offered over the course of your use of our Sites;
      To facilitate and support our community features;
    • To provide you with customer service and support, and to facilitate other communications that you request or that are required to render Services to you;
    • To process payments;
    • To provide you with information about new Services and other opportunities that we believe may be of interest to you, whether offered by us or third-party partners, and to personalize, measure, and improve such offers;
    • To perform analytics for new and existing Sites and Services, such as our user accounts and related features;
    • To maintain and improve the quality of our Sites and Services;
    • To grow our business, including to perform research and development, understand our user trends, and understand the effectiveness of our marketing;
    • To protect ourselves, you, and others; prevent fraud and other unlawful or unauthorized activity; and create and maintain a trusted, secure, and reliable online environment; and
    • To comply with our legal obligations; respond to subpoenas, court orders, or legal process; and to establish or exercise our legal rights or defense against legal claims.
  2. Digital marketing communications
    We may send you promotional email communications about Kandu, invite you to participate in events or promotions, or otherwise communicate with you for marketing purposes, consistent with your preferences and applicable law. For example, when we collect your contact information through your interaction with our Sites, we may use that information to follow up with you regarding an event or send you information that you have requested about Kandu or our third-party partners. You may opt out of receiving any, or all, of these communications from us by following further instructions provided in Your Privacy Rights and Choices.

We may disclose your personal data with the following categories of third parties:

  1. Third parties related to compliance and harm prevention. We may share personal data as we believe necessary (i) to comply with applicable law, rules and regulations; (ii) to enforce our contractual rights; (iii) to investigate possible wrongdoing in connection with the Site and Services; (iv) to protect and defend the rights, privacy, safety and property of Kandu, you and others; and (v) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities.
  2. Our affiliates. We may share personal data with our affiliates to provide our Sites and Services and for internal administrative purposes. We require such affiliates to comply with the terms of this Privacy Policy.
  3. Our service providers. We share personal data with our service providers to provide services on our behalf, such as payment processing, analytics, advertising, hosting, marketing, customer and technical support, and other services. These third parties have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use the information for any other purpose.
  4. Our healthcare provider partners. We may share personal data with our partner healthcare providers as may be consistent with those partners’ policies , applicable law, and the context in which you provided the data.
  5. Our care partners. We may share personal data with our care partners consistent with those partners’ policies, applicable law, and the context in which you provided the data.
  6. Other business partners. We partner with businesses and organizations who may offer products and services that we believe may be of interest with you. In certain cases, we may share personal data with these partners consistent with this Policy and the context in which you provided the information to us.
  7. Our advertising and marketing partners and third party advertising platforms. We may share your personal data for marketing and advertising purposes, including targeted and behavioral advertising, subject to the further disclosures, restrictions, and rights noted throughout this Privacy Policy.
  8. Third parties related to a change of ownership. If Kandu is involved in a merger, acquisition asset sale, or other corporate combination, your personal data may be transferred. We will provide notice before your personal data is transferred and/or becomes subject to a different privacy policy.

Category of Personal Data

Identifiers, including:

  • Name
  • Address
  • Email address
  • Phone number
  • Date of birth
  • Account username
  • IP address
  • Unique device identifiers
  • Mobile app identifiers
  • Device operating system information

Sources

  • You, including via your use of our Sites.
  • Our service providers, such as non-affiliated companies who help us provide Services to you.
  • Our clients and business partners and others, including those that may promote and/or offer products and services that may be of interest to you.

Processing Purposes

  • Contact you and provide information
  • Provide customer service
  • Perform identity and age verification as required under applicable law
  • Provide and maintain the Sites and Services
  • Facilitate interactive features
  • Internal analytics
  • Market our Services
  • Market the products and services of others
  • Internal business purposes, including general business administration
  • Audit, compliance, legal, policy, procedure, and regulatory obligations
  • Customer claims and fraud investigation and prevention
  • Systems and data security
  • Protecting the safety of our employees and others
  • Targeted Advertising
  • For any purpose consistent with your preferences

Categories of Third Party Recipients (excluding our service providers)

  • Our healthcare provider partners
  • Our advertising and marketing partners
  • Third party advertising platforms*

*We do not provide data collected on kandustroke.com and the Kandu Mobile App to these recipients

Category of Personal Data

Financial information, including:

  • Bank account number
  • Credit card number
  • Debit card number
  • Health Insurance information
  • Billing address
  • Any other financial information

Sources

  • Same sources as noted for “Identifiers”

Processing Purposes

  • Provide and maintain the Service
  • Internal business purposes, including general business administration

Categories of Third Party Recipients (excluding our service providers)

  • N/A

Category of Personal Data

Internet or other electronic network activity information, including:

  • Browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages
  • Content and information about your communications through the Sites
  • Information using cookies and tracking technologies
  • Mobile operating system information
  • Mobile internet browser type
  • Diagnostic data

Sources

  • Same sources as noted for “Identifiers”

Processing Purposes

  • Same purposes as noted for “Identifiers”

Categories of Third Party Recipients (excluding our service providers)

  • Our advertising and marketing partners
  • Third party advertising platforms*

*We do not provide data collected on kandustroke.com and the Kandu Mobile App to these recipients

Category of Personal Data

Geolocation Data, including:

  • Global Positioning System (“GPS”) data
  • Locational information based upon your IP address
  • Cell network data

Sources

  • Same sources as noted for “Identifiers”

Processing Purposes

  • Internal business purposes, including general business administration
  • Customer claims and fraud investigation and prevention
  • Systems and data security
  • Protect the safety of our employees and others

Categories of Third Party Recipients (excluding our service providers)

  • N/A

Category of Personal Data

Professional or employment-related information, including:

  • Employer name
  • Employment history
  • Professional licenses or registrations

Sources

  • Same sources as noted for “Identifiers”

Processing Purposes

  • Facilitate interactive features
  • Internal analytics
  • Market our products and services
  • Market the products and services of others
  • For internal business purposes, including general business administration

Categories of Third Party Recipients (excluding our service providers)

  • Our advertising and marketing partners
  • Third party advertising platforms*

*We do not provide data collected on kandustroke.com and the Kandu Mobile App to these recipients

Category of Personal Data

Audio, electronic, visual, or similar information, including:

  • Any original text, audio recordings, photos, videos, music, and other media you may share on the Services
  • Your name, voice, and/or likeness when you participate in sweepstakes, contests, promotions, and other Company programs

Sources

  • Same sources as noted for “Identifiers”

Processing Purposes

  • Same sources as noted for “Identifiers”

Categories of Third Party Recipients (excluding our service providers)

  • Our advertising and marketing partners
  • Third party advertising platforms*

*We do not provide data collected on kandustroke.com and the Kandu Mobile App to these recipients

Category of Personal Data

Characteristics or protected classifications, including:

  • Age
  • Date of birth or age range
  • Gender or gender identity
  • Marital status
  • Military or veteran status
  • National origin
  • Criminal history or records
  • Income level
  • Racial or ethnic origin
  • Sexual orientation

Sources

  • Same sources as noted for “Identifiers”

Processing Purposes

  • For internal business purposes, including general business administration
  • Customer claims and fraud investigation and prevention
  • Systems and data security
  • Protecting the safety of our employees and others
  • Internal analytics

Categories of Third Party Recipients (excluding our service providers)

  • N/A

Category of Personal Data

Sensitive information or sensitive data, including:

  • Account log-in information
  • Mental or physical health condition or diagnosis
  • Personal data collected and analyzed concerning health
  • Consumer health data, as further described in our Consumer Health Data Privacy Notice

Sources

  • Same sources as noted for “Identifiers”

Processing Purposes

  • Same sources as noted for “Identifiers”

Categories of Third Party Recipients (excluding our service providers)

  • Our advertising and marketing partners
  • Third party advertising platforms*

*We do not provide data collected on kandustroke.com and the Kandu Mobile App to these recipients

Category of Personal Data

Inferences about you using any of the above

Sources

  • Same sources as noted for “Identifiers”

Processing Purposes

  • Any of the above purposes

Categories of Third Party Recipients (excluding our service providers)

  • Our advertising and marketing partners
  • Third party advertising platforms*

*We do not provide data collected on kandustroke.com and the Kandu Mobile App to these recipients

The security of your personal data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. We maintain appropriate technical, administrative and physical safeguards to help protect the security of your personal data against unauthorized access, destruction, loss, alteration, disclosure or misuse.

We will retain your personal data only for as long as is necessary for the purposes set out in this Policy. We will retain and use your personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. We will also retain certain personal data for internal analysis purposes. This information is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Services, or we are legally obligated to retain this data for longer time periods.

Our determination of precise retention periods will be based on (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position, including regard to applicable statutes of limitations, litigation or regulatory investigations.

Our Sites are operated exclusively in the United States and intended for users located in the United States. We may transfer, store, and use information we collect and maintain about you, including personal data outside of your state, province, country or other governmental jurisdiction. The data protection laws in the jurisdiction in which we process personal data may differ from those of your jurisdiction, and in certain circumstances, your personal data may be subject to access requests from governments, courts, law enforcement agencies or regulatory agencies in those other jurisdictions. By using the Sites or providing us with any information, you consent to the transfer and processing of your information, including personal data, in the United States as set forth in this Privacy Policy.

You must be at least 18 years old or older to register to use our Sites and the Services offered through them. The Sites are intended for a general audience and we do not knowingly collect personal data from children under age 18 through the Sites.

If you are a parent or guardian and you are aware that a child under age 13 has provided us with personal data without parental consent, please contact us at [email protected]. If we become aware that we have collected personal data from children under age 13 without verification of parental consent, we will take steps to remove that information from our servers.

You may have rights and choices regarding our use and disclosure of your personal data. Unless instructed otherwise, you can exercise these using the information in the Contact Us section at the end of this Privacy Policy.

  1. Opting out of receiving electronic communications from us. You will not receive promotional electronic communications from us unless you have opted in to receive such communications. If you no longer wish to receive promotional email communications from us, you may opt out via the unsubscribe link included in such emails or by contacting us at [email protected]. We will comply with your request as soon as reasonably practicable. Please note that if you opt out of receiving promotional emails from us, we may still send you important administrative messages that are required in order to provide you with our Services or for other reasons disclosed in this Policy.
  2. View or change your account personal data. You may be provided with the opportunity to review, correct, update, or delete certain of your personal data by submitting a request to [email protected].
  3. U.S. privacy rights. Certain U.S. jurisdictions provide residents with certain rights with respect to their personal data or personal data as defined under applicable law. These rights are subject to the specific laws of that jurisdiction and that certain other rights might apply. Please review our California Privacy NoticeNevada Privacy NoticePrivacy Notice for Residents of Other U.S. States; and Consumer Health Data Privacy Notice for more information on rights and terms specific to your location or place of residence.

Depending on your place of residency or location, one or more of the jurisdiction-specific notices below may apply to you. If so, please use the following information to exercise your rights. Please note that any request you submit to us is subject to an identification and residency verification process as permitted under applicable law, as well as certain other procedural requirements that may be noted in the sections below. Additionally, all requests are subject to certain exceptions under applicable law, which may vary. If you are a visually-impaired customer, a customer who has another disability or a customer who seeks support in other language, you may access your privacy rights by emailing us at [email protected].

  1. How we verify and respond to requests.
    If you wish to exercise any of the rights listed in the jurisdiction-specific notices below, please send your request(s) using one of the following methods:
    • Email [email protected]
    • Mail: Kandu Health, 7033 Hayvenhurst Ave, Van Nuys, CA 91406
    • Phone: 833-KANDU-4U (833-526-3848)
    • We do not charge a fee to process or respond to your verifiable consumer request unless its excessive, repetitive, manifestly unfounded, or in accordance with applicable law.  If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
  2. How we verify and respond to requests.
    Except where otherwise noted, we will respond to your request within forty-five (45) days after receipt and we reserve the right to extend the response time by an additional forty-five (45) days when reasonably necessary and provided consumer notification of the extension is made within the first forty-five (45) days. As described below, in some jurisdictions, an authorized agent may submit a request to exercise your rights on your behalf. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. However, we cannot respond to your request or provide you with personal data if we cannot verify or authenticate your identity or authority to make the request and confirm that the personal data relates to you. Generally, a rights request must include:
    • Sufficient information that allows us to reasonably verify you are the person about whom we collected personal data or an authorized representative, which must include, at a minimum, your first and last name and email address.
    • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to the request.

You are not required to create an account with us to submit a verifiable or authenticated consumer request. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal data associated with that specific account. We will only use personal data provided in a verifiable or authenticated consumer request to verify your (or your authorized agent’s as applicable) identity or authority to make the request.

Depending on applicable law, you may be limited in how many verifiable or authenticated consumer request you make within a twelve (12) month period. If we have collected information on your minor child, you may exercise the above rights on behalf of your minor child. Additionally, in some jurisdictions, you may designate an authorized agent to submit a request on your behalf, and if so, we may require proof of the agent’s authorization by you and/or verification of the agent’s own identity.

This California Privacy Notice applies to any California residents about whom we collect personal data (“consumers”). The provisions contained within this section are intended to provide notices in compliance with the California Consumer Privacy Act of 2018 (“CCPA”). Any capitalized term used and not otherwise defined below has the meaning assigned to it in our Privacy Policy.

For the purposes of this California Privacy Notice, except where a different definition is noted, “personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household. Personal information does not include publicly available information, information that has been de-identified or aggregated, or other information subject to certain federal and state regulation. For purposes of this section, “publicly available information” includes: information is made available from federal, state, or local government records information that a business has a reasonable basis to believe is lawfully available to the general public, either through widely distributed media, or by the consumer and information that is made available by a person to whom the consumer has disclosed the information if the consumer has not restricted the information to a specific audience. Personal information does not include publicly available information, information that has been de-identified or aggregated, or other information subject to certain sector-specific privacy laws such HIPAA and the California Medical Information Act (“CMIA”).

This section does not apply to information that Kandu may collect in its capacity as a service provider or business associate for another entity. We encourage you to review the privacy policies and notices of your healthcare provider to learn more information about how it is collected, used, and shared, and what rights you may have regarding that information.

If you are a visually-impaired customer, a customer who has another disability or a customer who seek support in other language, you may access this California Privacy Notice by emailing us at [email protected].

  1. Personal Information We Collect
    Over the last twelve (12) months, we have collected the following categories of personal information from consumers:
    • Identifiers, including your first and last name; email address; phone number; physical address; user ID; date of birth; online identifiers as detailed below including IP address or device IDs; and/or other similar identifiers.
    • Payment and financial information, including your health insurance information, credit or debit card number and related payment card information; bank account and routing number; and/or other financial information.
    • Professional or employment-related information, including your employer name, employment history, professional licenses or registrations, or employment identification number.
    • Commercial information, including Services that you have purchased, obtained, or considered; and/or other purchasing or consumer histories, tendencies, and preferences.
    • Information relating to Internet activity or other electronic network activity, which includes Cookies, as discussed further in our Cookie Policy.
    • Audio, electronic, visual, or similar information, which includes voice recordings, photographs, and other user-generated content that you submit to our Sites.
    • Information not listed above and related to characteristics protected under California or federal law, which may include gender or gender identity; race or ethnicity; disabilities; information related to employment and other social determinants of health, and/or medical and health-related information, including stroke cause, stroke status, stroke treatment, and underlying health conditions.
    • Inferences based on the above information.
  2. What We Do With Your Personal Information
    Kandu may collect, use, or disclose Personal Information about you for the following purposes:
    • To provide you with requested Services, as they are described when you first register on our Sites and as may be offered over the course of your use of our Sites;
    • To facilitate and support our community features;
    • To provide you with customer service and support, and to facilitate other communications that you request or that are required to render Services to you;
    • To process payments;
    • To provide you with information about new Services and other opportunities that we believe may be of interest to you, whether offered by us or third-party partners, and to personalize, measure, and improve such offers;
    • To perform analytics for new and existing Sites and Services, such as our user accounts and related features;
    • To maintain and improve the quality of our Sites and Services;
    • To grow our business, including to perform research and development, understand our user trends, and understand the effectiveness of our marketing;
    • To protect ourselves, you, and others; prevent fraud and other unlawful or unauthorized activity; and create and maintain a trusted, secure, and reliable online environment; and
    • To comply with our legal obligations; respond to subpoenas, court orders, or legal process; and to establish or exercise our legal rights or defense against legal claims.
  3. Sources of Collected Personal Information
    We may collect personal information from the following categories of sources:
    • From you, including via our Sites (including the Kandu Health App), in person, telephone, and/or social media.
    • From your healthcare provider, such as your hospital or other provider.
    • From Kandu’s parent company, Imperative Care, and affiliated entities.
    • Through our service providers, such as non-affiliated companies who help us provide Sites and Services to you
    • From our business partners and others, including those that may promote and/or offer products and services that may be of interest to youWe may supplement the information described above with information we obtain from other sources, including from both online and offline data providers.
  4. Who We Share Personal Information With
    We limit our disclosure of the categories of personal information above to our service providers for one or more business purposes. “Business purposes” means the reasonably necessary and proportionate use of personal information for our operational purposes, other purposes described in this Privacy Policy, for the operational purposes of our service providers and contractors, as well as other purposes compatible with the context in which the personal information was collected. We do not and have not sold personal information to third parties for any monetary value. However, our use of certain Cookies (such as on www.kanduhealth.com and the Kandu App) for cross-context behavioral advertising purposes is considered a “sale”/”share” of personal information as defined under California law. As a reminder, we do not collect personal information via Cookies on www.kandustroke.com. We do not sell personal information of minors under 16 years of age.
  5. Sensitive personal information. Certain of the personal information that we collect may constitute “sensitive personal information” as defined by California law, including account log-in information, mental or physical health condition or diagnosis, or personal information collected or analyzed concerning health.
  6. Your California Privacy Rights
    If you are a California resident, you have the following rights under applicable California law in relation to your personal information, subject to certain exceptions:
    • Right to Know and Access. You have the right to know what personal information we collect, use, disclose, and sell and/or share, as those terms are defined under applicable law. You may ask us to provide you a portable copy of this information up to two times in a rolling twelve-month period.
    • Right to Delete. You have the right to request under certain circumstances that we, as well as our service providers and contractors, delete the personal information that we collect about you.
    • Right to Correct. You have the right to require the correction of inaccurate personal information that is collected by us.
    • Right to Limit Use and Disclosure. You have the right to limit the use or disclosure of your sensitive personal information to only the uses necessary for us to provide goods or services to you. We will not use or disclose your sensitive personal information after you have exercised your right unless you subsequently provide consent for the use of your sensitive personal information for additional purposes.
    • Right to Opt-Out of Sale and/or Sharing. You have the right to opt-out of the sale and/or sharing of your personal information by a business.
    • Right to Non-Discrimination. You have the right not to receive discriminatory treatment for the exercise of the privacy rights described above.
    • Sharing with third parties for their own direct marketing purposes. We do not disclose this personal information to third parties for their own purposes without your consent. If you wish to request information regarding such practices under California’s “Shine the Light” Law, please Contact Us via email or mail. You must include your full name, email address and postal address in your email or mail request so that we can verify your California residence and respond.How to exercise your rights. You may exercise any of the rights described in this section by following the instructions in Exercising Your Privacy Rights above.
  7. Notice of Right to Opt-Out
    As mentioned above, we “sell”/“share” a limited set of personal information with third parties, as those terms are defined by the CCPA, through our use of certain Cookies (such as on www.kanduhealth.com). We do not “sell”/”share” personal information via Cookies on the Kandu Mobile App or on www.kandustroke.com. If you wish to opt-out of the “sale”/“sharing” of the limited personal information that is gathered via Cookies when you visit the Sites, please exercise your preferences to do so on our Sites or by emailing us at [email protected].
    However, our use of certain Cookies (such as on www.kanduhealth.com and the Kandu App) may be considered a “sale”/”share” of personal information as defined under California law. As a reminder, we do not collect personal information via Cookies on the Kandu Mobile App or on www.kandustroke.com.

We will continue to update our business practices as direct regulatory guidance becomes available.

While we do not “sell” personal information as defined by Nevada law, Nevada residents have the right to request to opt out of the future “sale” of their personal data under Nevada SB 220. If you are a Nevada resident and would like to make such a request, please contact us using the information in the Contact Us section at the end of this Policy, and provide “Nevada Privacy Rights” in the subject line. You must include your full name, email address, and postal address in your request so that we can verify your Nevada residence and respond. In the event we sell your personal data after the receipt of your request, we will make reasonable efforts to comply with such request.

Additionally, Nevada SB 370 provides Nevada residents with rights to receive certain disclosures and access regarding the collection, use, sale, and sharing of consumer health data, as defined below. For information regarding the consumer health data that we collect, how we use it, what sources it is derived from, to whom we disclose it, as well as the rights of Nevada residents and our responsibilities under SB 370, please see our Consumer Health Data Privacy Notice.

This Privacy Notice contains additional information for residents of Colorado, Connecticut, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Utah, and Virginia regarding personal data as defined in Collection of Personal Data that we collect, how we use it, what sources it is derived from, and who we disclose it to, and provides information regarding your rights, and our responsibilities, under applicable laws and regulations.

The provisions contained within this section are intended to provide notices in compliance with the Colorado Privacy Act, the Connecticut Data Privacy Act, the Delaware Personal Data Privacy Act, the Iowa Consumer Data Protection Act, the Montana Consumer Data Privacy Act, the Nebraska Data Privacy Act, the New Hampshire Privacy Act, the New Jersey Privacy Act, the Oregon Consumer Data Privacy Act, the Texas Data Privacy and Security Act, the Utah Consumer Privacy Act, and the Virginia Consumer Data Protection Act (collectively, the “State Privacy Laws”).

The State Privacy Laws provide or will provide rights to residents of Colorado, Connecticut, Delaware (beginning January 1, 2025), Iowa (beginning January 1, 2025), Montana (beginning October 1, 2024), Nebraska (beginning January 1, 2025), New Hampshire (beginning January 1, 2025), New Jersey (beginning January 15, 2025), Oregon, Texas, Utah, and Virginia respectively, to receive certain disclosures and access regarding collection, use, sale, and sharing of personal data.

This section does not apply to information we collect from visitors of www.kanduhealth.com, information we otherwise collect from an individual in a business-to-business or employment context, or data that is already subject to certain federal and state regulations, such as protected health information.

  1. Our Personal Data Practices
    The Summary of Kandu Data Use chart above explains what kinds of personal data we may collect or have collected, how we collect it, why we collect it, and who we may disclose it to. More detail about what we do with your personal information is found in the Collection of Personal DataUse of Personal Data, and Disclosing Personal Data sections of this Policy.As stated above, we do not collect or share personal data with third parties via Cookies on the Kandu Mobile App or www.kandustroke.com for purposes of cross-context behavioral advertising.
  2. Your Privacy Rights
    If you are a resident of Colorado, Connecticut, Utah, or Virginia, you have the following rights under applicable law in relation to your personal data, subject to certain exceptions:
    • Right to know and access. You have the right to know what personal data we collect, use, disclose, and/or sell or share as those terms are defined under applicable law. You may ask us to provide you a portable copy of this information up to two times in a rolling twelve-month period.
    • Right to delete and erase. You have the right to request under certain circumstances that we, as well as our service providers and contractors, delete the personal data that we collect about you.
    • Right to correct inaccurate personal data. If you are a resident of Connecticut, Colorado, Delaware, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, or Virginia, you have the right to request the correction of inaccurate personal data.
    • Right to non-discrimination. You have the right not to receive discriminatory treatment for the exercise of the privacy rights described above.
    • Right to opt out. You have the right to opt-out of targeted advertising, our sale of your personal data, and profiling decisions that could produce legal or similarly significant effects concerning the consumer.
    • Rights concerning sensitive personal data. If you are a Connecticut, Colorado, Delaware, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, or Virginia resident, we cannot process your sensitive data or your sensitive data inferences, or use your personal data for certain purposes without your affirmative consent. If you are an Iowa or Utah resident, you have the right to opt out of having your sensitive personal data processes.

The Connecticut Data Privacy Act provides Connecticut residents with additional rights to receive certain disclosures and access regarding the collection, use, sale, and sharing of consumer health data, as defined below. For information regarding the consumer health data that we collect, how we use it, what sources it is derived from, to whom we disclose it, as well as the rights of Connecticut residents and our responsibilities under the CTDPA, please see our Consumer Health Data Privacy Notice.

How to exercise your rights. You may exercise any of the rights described in this section by following the instructions in Exercising Your Privacy Rights above.

How to appeal decisions about your rights. Connecticut and Virginia residents can appeal our decisions concerning privacy rights requests, as follows:

  • Colorado residents. If you are a Colorado resident and want to appeal our decision with regard to a request that you have made, please Contact Us. Within forty-five (45) days of receipt of an appeal, we will inform you in writing of any action taken or not taken, including an explanation of our reasons in reaching the decision. If the appeal is denied, you may contact Colorado’s Office of the Attorney General by phone at (720) 508-6000 or by submitting a form here.
  • Connecticut residents. If you are a Connecticut resident and want to appeal our decision with regard to a request that you have made, please Contact Us. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken, including an explanation of our reasons in reaching the decision. If the appeal is denied, you may contact Connecticut’s Office of the Attorney General by phone at (860) 808-5420 or by submitting a form here.
  • Delaware residents. If you are a Delaware resident and want to appeal our decision with regard to a request that you have made, please Contact Us. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken, including an explanation of our reasons in reaching the decision. If the appeal is denied, you may contact Delaware’s Department of Justice by phone at (302) 683-8800 or by submitting a form here.
  • Iowa residents. If you are an Iowa resident and want to appeal our decision with regard to a request that you have made, please Contact Us. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken, including an explanation of our reasons in reaching the decision. If the appeal is denied, you may contact Iowa’s Office of the Attorney General by phone at (888) 777-4590 or by submitting a form here.
  • Montana residents. If you are a Montana resident and want to appeal our decision with regard to a request that you have made, please Contact Us. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken, including an explanation of our reasons in reaching the decision. If the appeal is denied, you may contact Montana’s Office of the Attorney General by phone at (406) 444-4500 or by submitting a form here.
  • Nebraska residents. If you are a Nebraska resident and want to appeal our decision with regard to a request that you have made, please Contact Us. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken, including an explanation of our reasons in reaching the decision. If the appeal is denied, you may contact Nebraska’s Office of the Attorney General by phone at (402) 471-2683 or by submitting a form here.
  • New Hampshire residents. If you are a New Hampshire resident and want to appeal our decision with regard to a request that you have made, please Contact Us. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken, including an explanation of our reasons in reaching the decision. If the appeal is denied, you may contact New Hampshire’s Office of the Attorney General by phone at (603) 271-3658 or by submitting a form here.
  • New Jersey residents. If you are a New Jersey resident and want to appeal our decision with regard to a request that you have made, please Contact Us. Within forty-five (45) days of receipt of an appeal, we will inform you in writing of any action taken or not taken, including an explanation of our reasons in reaching the decision. If the appeal is denied, you may contact New Jersey’s Office of the Attorney General by phone at (800) 242-5846 or by submitting a form here.
  • Oregon residents. If you are an Oregon resident and want to appeal our decision with regard to a request that you have made, please Contact Us. Within forty-five (45) days of receipt of an appeal, we will inform you in writing of any action taken or not taken, including an explanation of our reasons in reaching the decision. If the appeal is denied, you may contact Oregon’s Office of the Attorney General by phone at (877) 877-9392 or by submitting a form here.
  • Texas residents. If you are a Texas resident and want to appeal our decision with regard to a request that you have made, please Contact Us. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken, including an explanation of our reasons in reaching the decision. If the appeal is denied, you may contact Texas’s Office of the Attorney General by phone at (800) 621-0508 or by submitting a form here.
  • Virginia residents. If you are a Virginia resident and want to appeal our decision with regard to a request that you have made, please Contact Us or notify the Office of the Attorney General of Virginia online here. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken, including an explanation of our reasons in reaching the decision. If the appeal is denied, you may contact Virginia’s Office of the Attorney General by phone at (804) 786-2071, written correspondence to 202 North 9th Street, Richmond, Virginia 23219, or online here.

We may change this Privacy Policy from time to time to reflect new services or changes in our data practices or relevant laws. The “effective date” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes are effective when we post the revised Privacy Policy on the Sites. If we make any material changes to this Privacy Policy, we will take reasonable measures to notify you via email and/or a prominent notice on our Sites prior to the change becoming effective, and will update the effective date at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes.

If you have any questions about this Privacy Policy or wish to exercise one of your privacy rights, please contact us by emailing [email protected] or contacting us using the following information:

Kandu Health
7033 Hayvenhurst Ave
Van Nuys, CA 91406

Join Our Team

Terms of Use

Privacy Policy

© 2024 Kandu Health. All rights reserved

8073.869.E