PRIVACY POLICY

Kandu Health™, Inc., its affiliated entities, and its partnered professional corporations in various states (collectively, “Kandu”) are committed to respecting your privacy and protecting your personal information, whether you are a Stroke Survivor, Care Partner, or other user (collectively, “you”). This Privacy Policy explains the types of personal information we may collect from visitors to our websites, including www.kanduhealth.com and all related websites, mobile apps, and web-based services, including the Kandu Mobile App (our “Sites”). This Policy also describes how we use personal information, the purpose for sharing and recipients of personal information, and your available rights and choices associated with that information.

This Privacy Policy is provided in a layered format. You can jump to a specific section by clicking on the section below:

For purposes of this Privacy Policy, “personal information” means any information that relates to an identified or identifiable individual. The personal information we collect through our Sites will be apparent by the context of the page, and may include but is not limited to the following types of information.

  1. Personal information you provide to us
    We may collect the following personal information about you that you choose to provide us when you use our Sites:
    • Account information. As part of signup for an account, Kandu may receive your first and last name, email address, user ID, phone number, date of birth, and gender.
    • Profile and demographic information. As part of your use of our Sites, you may presented with the opportunity to provide certain information about yourself in order to fill out your biography, such as demographic information for use in our “Connect” features. You may also have the opportunity to provide your photograph, voice recordings, and similar audio or visual information.
    • Health and medical information. In addition to any health and medical information that we may receive from your healthcare providers as described in Section 1(b) below, you may be presented with the opportunity to provide further information regarding your medical condition, treatment, impairments you are experiencing, and related health and medical information, and related information and observations about yourself via self-directed tools.
    • Information in communications and posted content. Kandu offers many ways for Stroke Survivors, Care Partners, and other users to connect with and communicate with each other as part of its community, including through posts to Kandu’s various communities and one-on-one messaging. Accordingly, any personal information that you choose to include in those communications, posts and related features will be collected by our Sites and used for the purposes described in this Privacy Policy.
    • Payment information. If you sign up for a paid product or service from us, you may be required to provide your payment card or bank account information.
  2. Information that we receive from your healthcare providers
    We may collect certain personal information and other data about you from your healthcare provider(s) in accordance with your agreement to use our Sites and the terms of our partnership with your healthcare provider(s). This may include your health and medical information, in addition to your contact information, demographic information, information regarding your healthcare team, and other similar information.
    Because some or all of this information may be provided in connection with your healthcare provider’s provision of healthcare to you, the information may be governed by federal law. We encourage you to review the privacy policies and notices of your healthcare provider to learn more information about how it is collected, used, and shared, and what rights you may have regarding that information.
  3. Information from other users
    Kandu may collect certain personal data about you that is included in content provided by other users (for example, people you share the account with and your Navigator) and used for the purposes described in this Privacy Policy.
  4. Information that we automatically collect
    Our website and related web-based services do not automatically collect personal information via cookies and other tracking technologies such as web beacons, embedded scripts, and tags (“Cookies”). Our mobile app, however, may collect personal information via Cookies, including:
      • Browser and device data, such as IP address, device identifier, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer and model, language, plug-ins, add-ons, and the language version of the Sites you are visiting; and
      • Usage data, such as geolocation data, browsing history, time spent on the Sites, pages visited, links clicked, language preferences, patterns of use, and the pages that led or referred you to our Site.
      Our mobile app also utilizes tracking technologies to collect and record your activities and movements throughout your browsing session within the application, including touches, movements, data entered, and device information and orientation (“Session Data”), for purposes of our own internal analytics and improving our products, services, and user experience. Such tracking may include recorded sessions, which we may play back for these purposes. We may share Session Data with our third-party analytics or service providers, which may change from time-to-time, for these purposes, who will use the Session Data solely on our behalf and for our benefit.
  5. Aggregated, anonymized, and deidentified information
    We may create aggregated, anonymous or de-identified data from personal information by removing data components that make the data personally identifiable to you or through obfuscation or other means. Our use of aggregated, anonymized and de-identified data is not subject to this Privacy Policy.
  1. Our products and services
    We use the personal information we collect to provide, maintain and improve our Sites and the services that Kandu offers through them (our “Services”). This includes:
    • To provide you with requested Services, as they are described when you first register on our Sites and as may be offered over the course of your use of our Sites;
    • To facilitate and support our community features;
    • To provide you with customer service and support, and to facilitate other communications that you request or that are required to render Services to you;
    • To process payments;
    • To provide you with information about new Services and other opportunities that we believe may be of interest to you, whether offered by us or third-party partners, and to personalize, measure, and improve such offers;
    • To perform analytics for new and existing Sites and Services, such as our user accounts and related features;
    • To maintain and improve the quality of our Sites and Services;
    • To grow our business, including to perform research and development, understand our user trends, and understand the effectiveness of our marketing;
    • To protect ourselves, you, and others; prevent fraud and other unlawful or unauthorized activity; and create and maintain a trusted, secure, and reliable online environment; and
    • To comply with our legal obligations; respond to subpoenas, court orders, or legal process; and to establish or exercise our legal rights or defense against legal claims.
  2. Digital marketing communications
    We may send you promotional email communications about Kandu, invite you to participate in events or promotions, or otherwise communicate with you for marketing purposes, consistent with your preferences and applicable law. For example, when we collect your contact information through your interaction with our Sites, we may use that information to follow up with you regarding an event or send you information that you have requested about Kandu or our third-party partners. You may opt out of receiving any, or all, of these communications from us by following further instructions provided in Your Rights and Choices.

You may have rights and choices regarding our use and disclosure of your personal information. Unless instructed otherwise, you can exercise these rights and choices by emailing us at [email protected].

  1. Opting out of receiving electronic communications from us. You will not receive promotional electronic communications from us unless you have opted in to receive such communications. If you no longer wish to receive promotional email communications from us, you may opt out via the unsubscribe link included in such emails or by contacting us at [email protected]. We will comply with your request as soon as reasonably practicable. Please note that if you opt out of receiving promotional emails from us, we may still send you important administrative messages that are required in order to provide you with our Services or for other reasons disclosed in this Policy.
  2. View or change your account personal information. You may be provided with the opportunity to review, correct, update, or delete certain of your personal information by submitting a request to [email protected]
  3. Your California privacy rights. California residents have certain rights with respect to our collection, use, and sharing of their personal information. Please review our California Privacy Notice for more information about those rights.
  4. Your Nevada privacy rights. Nevada residents have the right to request to opt out of any “sale” of their personal information under Nevada SB 220. While Kandu does not currently sell personal information, you may request to opt out of the future sale of your personal information. If you are a Nevada resident and would like to make such a request, please contact us using the information in the Contact Us section at the end of this Policy, and provide “Nevada Privacy Rights” in the subject line. You must include your full name, email address and postal address in your request so that we can verify your Nevada residence and respond. In the event we sell your personal information after the receipt of your request, we will make reasonable efforts to comply with such request.

You may have rights and choices regarding our use and disclosure of your personal information. Unless instructed otherwise, you can exercise these rights and choices by emailing us at [email protected].

  1. Opting out of receiving electronic communications from us. You will not receive promotional electronic communications from us unless you have opted in to receive such communications. If you no longer wish to receive promotional email communications from us, you may opt out via the unsubscribe link included in such emails or by contacting us at [email protected]. We will comply with your request as soon as reasonably practicable. Please note that if you opt out of receiving promotional emails from us, we may still send you important administrative messages that are required in order to provide you with our Services or for other reasons disclosed in this Policy.
  2. View or change your account personal information. You may be provided with the opportunity to review, correct, update, or delete certain of your personal information by submitting a request to [email protected]
  3. Your California privacy rights. California residents have certain rights with respect to our collection, use, and sharing of their personal information. Please review our California Privacy Notice for more information about those rights.
  4. Your Nevada privacy rights. Nevada residents have the right to request to opt out of any “sale” of their personal information under Nevada SB 220. While Kandu does not currently sell personal information, you may request to opt out of the future sale of your personal information. If you are a Nevada resident and would like to make such a request, please contact us using the information in the Contact Us section at the end of this Policy, and provide “Nevada Privacy Rights” in the subject line. You must include your full name, email address and postal address in your request so that we can verify your Nevada residence and respond. In the event we sell your personal information after the receipt of your request, we will make reasonable efforts to comply with such request.<

The security of your personal information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. We maintain appropriate technical, administrative and physical safeguards to help protect the security of your personal information against unauthorized access, destruction, loss, alteration, disclosure or misuse.

Our Sites are operated exclusively in the United States and intended for users located in the United States. We may transfer, store and use information we collect and maintain about you, including personal information outside of your state, province, country or other governmental jurisdiction. The data protection laws in the jurisdiction in which we process personal information may differ from those of your jurisdiction, and in certain circumstances, your personal information may be subject to access requests from governments, courts, law enforcement agencies or regulatory agencies in those other jurisdictions. By using the Sites or providing us with any information, you consent to the transfer and processing of your information, including personal information, in the United States as set forth in this Privacy Policy.

You must be at least 18 years old or older to register to use our Sites and the Services offered through them. The Sites are intended for a general audience and we do not knowingly collect personal information from children under age 18 through the Sites.

If you are a parent or guardian and you are aware that a child under age 13 has provided us with personal information without parental consent, please contact us at [email protected]. If we become aware that we have collected personal information from children under age 13 without verification of parental consent, we will take steps to remove that information from our servers.

This section of the Privacy Policy applies to any California residents about whom we collect Personal Information (“consumers”). The provisions contained within this section are intended to provide notices in compliance with the California Consumer Privacy Act of 2018 (“CCPA”). Any capitalized term used and not otherwise defined below has the meaning assigned to it in our Privacy Policy.

 

The CCPA provides California residents with rights to receive certain disclosures regarding the collection, use, and sharing of personal information, as well as rights to access, delete, and restrict the sale of certain personal information we collect about them. California residents also have the right not to receive discriminatory treatment by us for the exercise of your privacy rights under the CCPA. If you are a California resident, you may submit a request to exercise these righ­­ts by completing our online webform or by emailing us using the information provided in the Your Privacy Rights section below.

Consistent with California law, this section does not apply to any data that is already governed by certain other federal or state privacy protections, including but not limited to the Health Insurance Portability and Accountability Act (“HIPAA”) and the California Medica Information Act (“CMIA”).  This section also does not apply to information that Kandu may collect in its capacity as a service provider or business associate for another entity.  We encourage you to review the privacy policies and notices of your healthcare provider to learn more information about how it is collected, used, and shared, and what rights you may have regarding that information.

If you are a visually-impaired customer, a customer who has another disability or a customer who seek support in other language, you may access this California Privacy Notice by emailing us at [email protected].

    1. Personal Information We Collect
      For the purposes of this California Privacy Notice, except where a different definition is noted, “personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California consumer or household.  Personal information does not include publicly available information, information that has been de-identified or aggregated, or other information covered by certain sector-specific privacy laws such as HIPAA and the CMIA. Kandu collects Personal Information provided by consumers through the Site. Over the last twelve (12) months, we have collected the following categories of personal information from consumers:
      • Identifiers, including your first and last name; email address; phone number; physical address; user ID; date of birth; online identifiers as detailed below including IP address or device IDs; and/or other similar identifiers.
      • Payment and financial information, including your credit or debit card number and related payment card information; bank account and routing number; and/or other financial information.
      • Commercial information, which includes our Services that you have purchased, obtained, or considered; and/or other purchasing or consumer histories, tendencies, and preferences.
      • Information relating to Internet activity or other electronic network activity, which includes the information disclosed in Section 1(d) of our Privacy Policy.
      • Audio, electronic, visual, or similar information, which includes voice recordings, photographs, and other user-generated content that you submit to our Sites
      • Information not listed above and related to characteristics protected under California or federal law, which may include gender or gender identity; race or ethnicity; disabilities; information related to employment and other social determinants of health, and/or medical and health-related information, including stroke cause, stroke status, stroke treatment, and underlying health conditions.
      • Inferences based on the above information.
    2. What We Do With Your Personal Information
      Kandu may collect, use, or disclose personal information about you for the purposes detailed in Section 2 of our Privacy Policy.
    3. Sources of Collected Personal Information
      We may collect personal information from the following categories of sources:
        • From you, including via our Sites (including the Kandu Health App), in person, telephone, and/or social media
        • From your healthcare provider, such as your hospital or other provider
        • From Kandu’s parent company, Imperative Care, and affiliated entities.
        • Through our service providers, such as non-affiliated companies who help us provide Services to you
        • From our business partners and others, including those that may promote and/or offer products and services that may be of interest to you

      We may supplement the information described above with information we obtain from other sources, including from both online and offline data providers.

    4. Who We Share Personal Information With
      We limit our disclosure of the categories of personal information above to our service providers for one or more business purposes. We do not sell your personal information to third parties, including personal information of minors under 16 years of age.
    5. Your Privacy Rights
      If you are a California resident, you have the following rights under applicable California law in relation to your personal information, subject to certain exceptions:
        • Right to Know. You have the right to, up to twice in a 12-month period, request what personal information we collect, use, disclose, and/or sell, as applicable.
        • Right to Delete. You have the right to request under certain circumstances the deletion of your personal information that is collected by us.
        • Right to Opt-Out of Sale. You have the right to opt-out of the sale of your personal information by a business. However, as noted in subsection (d) above, we do not currently sell any personal information.
        • Right to Non-Discrimination. You have the right not to receive discriminatory treatment for the exercise of the privacy rights described above.

      How to submit a request. You may exercise any of the rights described in this section by emailing us at [email protected], by calling 833-KANDU-4U (833-526-3848), or by writing us at Kandu Health, 210 E. Hacienda Ave, Campbell, CA 95008-6617.

      Any request you submit to us is subject to an identification and residency verification process (“Verifiable Consumer Request”) as permitted by the CCPA. We will not fulfill your request unless you have provided sufficient information that enables us to reasonably verify that you are the consumer about whom we collected the personal information on. In order to verify you, you must provide us with your first and last name and email address. These rights are also subject to various exclusions and exceptions under applicable laws.

      You may also designate an authorized agent, in writing or through a power of attorney, to request to exercise the above rights on your behalf. The authorized agent may submit a request to exercise these rights by emailing the letter of authorization or power of attorney to [email protected].

      We currently do not collect household data. If we receive a Right to Know or Right to Delete request submitted by all members of a household, we will individually respond to each request. We will not be able to comply with any request by a member of a household under the age of 13, as we do not collect personal information from any person under the age of 13.

      We will respond to your request within forty-five (45) days after receipt of a Verifiable Consumer Request for a period covering twelve (12) months and for no more than twice in a twelve-month period. We reserve the right to extend the response time by an additional forty-five (45) days when reasonably necessary and provided consumer notification of the extension is made within the first forty-five (45) days.

      Direct marketing by third parties. We do not disclose personal information to third parties for their own direct marketing purposes. However, because California residents have the right to request information regarding such practices under California’s “Shine the Light” Law, please contact us using the information provided at the end of this Policy. You must include your full name, email address and postal address in your email or mail request so that we can verify your California residence and respond. “Personal information” under this California law means any information that identified, described, or was able to be associated with an individual at the time of disclosure.

      We will continue to update our business practices as direct regulatory guidance becomes available.

If you have any questions about this Privacy Policy or wish to exercise one of your privacy rights, please contact us by emailing [email protected] or contacting us using the following information:

210 E. Hacienda Ave
Campbell, CA 95008-6617

This Privacy Policy does not apply to third-party websites, products or services, even if they link to our Sites. We recommend you review the privacy practices of those third parties before connecting accessing third-party websites and sharing any personal information.

We also encourage you to review our Terms of Use to understand how your personal information will be treated as you make full use of our Sites. Unless otherwise defined in this Privacy Policy, capitalized terms used in this Privacy Policy have the same meanings as in our Terms of Use.

Effective date: 1/6/2023