Privacy Policy

1. Scope of This Policy

This Privacy Policy governs the public marketing website (kithcare.care or related subdomains) operated by Kith, Inc. ("Kith," "we," "us"). This website is an informational tool used to explain our technology, recruit pilot participants, and gather marketing inquiries.

No physiological, biometric, or remote patient monitoring data is collected, stored, or processed on this landing page.

2. Information Collected Automatically (Cookies and Tracking)

When you visit our landing page, we collect standard internet log information and visitor behavior patterns through cookies and web beacons.

Analytics Data: We use privacy-centric, localized web analytics to track page views, bounce rates, and referral paths to optimize marketing efficiency.
Third-Party Trackers: We explicitly disable third-party advertising tracking pixels (e.g., Meta Pixel, Google Conversion Tags) that pass unhashed visitor information across networks. We do not engage in behavioral remarketing targeted at seniors or their caregivers based on visits to this page.

3. Information You Provide Voluntarily

If you complete an inquiry form (e.g., "Request Info," "Request a Demo," or newsletter sign-ups), we collect:

First and Last Name.
Email Address and Phone Number.
Organization Name (for Home Health Agencies / B2B partners).

Information Prohibitions: Users are explicitly instructed not to input Protected Health Information (PHI), medical diagnoses, or personal health histories into public website text fields.

4. Data Retention and Disposal

Information submitted via our public marketing forms is encrypted in transit (TLS 1.3) and stored inside a secure customer relationship module. We retain this administrative marketing data for a maximum of 12 months following inactivity, after which it is programmatically scrubbed using secure digital erasure cycles.

5. Zero-Knowledge Architecture

To protect your fundamental privacy rights, the Kith application (separate from this marketing website) utilizes a strict Zero-Knowledge Architecture:

On-Device Local Inference: All raw camera frame arrays and high-resolution radar point-clouds are processed at the edge inside volatile device system RAM using CoreML and TensorFlow Lite.
No Video/Audio Transmission: Raw video frames and raw audio records are never transmitted to, or stored on, cloud servers.
Key Isolation: Decryption keys for encrypted physiological data summaries are stored locally inside the native device keychain/keystore. Kith employees, cloud hosting providers, and external infrastructure nodes do not possess the keys to decrypt your personal health history blobs.

6. Zero Commercial Monetization

Kith maintains an absolute ban on health data monetization. We do not share, sell, rent, lease, or disclose biometric, physiological, or user behavioral data to third-party advertising networks, data brokers, or commercial analytics trackers. Data routing is confined strictly to:

The designated family members inside your authenticated "Care Circle."
Your prescribing Home Health Agency (if deployed under a clinical framework).

7. Biometric and Physiological Data (App-Level)

When the Kith application is activated (separate from this website), the following data streams may be processed locally on-device:

Biometric Information (NY SHIELD Act Compliance): Micro-color fluctuations captured from the video camera feed to process Remote Photoplethysmography (rPPG) vitals, and vocal audio samples processed to measure muscle tremors (Jitter/Shimmer markers).
Physiological Sensor Data: Local mmWave radar point-clouds capturing room mapping, skeleton velocities, tracking postures (standing, sitting, lying down), and gait mechanics.

8. Regulatory Compliance

HIPAA

When deployed via a Medicare/Medicaid-enrolled Home Health Agency (HHA), Kith acts as a Business Associate under HIPAA. All processing of Protected Health Information (PHI) is bound by the Business Associate Agreement (BAA) executed with the healthcare provider.

FTC Health Breach Notification Rule

When downloaded directly from the App Store or Google Play Store without an institutional provider, Kith acts as a Vendor of Personal Health Records (PHRs) governed by the Federal Trade Commission (FTC) Act and the FTC Health Breach Notification Rule (HBNR).

NY SHIELD Act

For New York State residents, if data confidentiality, security, or integrity is compromised, Kith will issue a comprehensive breach notification to affected individuals and the New York State Attorney General within 30 days of discovery.

9. Mandatory Breach Notification Procedures

In the event of an unauthorized disclosure or data breach involving unencrypted personal health records, Kith will notify affected consumers and the Federal Trade Commission within the legally mandated timeframes following verification. For New York State residents, additional notification to the NY Attorney General will occur within 30 days of discovery.

10. Your Rights

You may request access to, correction of, or deletion of your personal information at any time by contacting us at privacy@kithcare.care. We will respond to verified requests within 30 business days.

11. Contact Information

For questions about this Privacy Policy, please contact:

Kith, Inc.
Privacy & Compliance Office
Email: privacy@kithcare.care