KINTELLE PRIVACY POLICY

Version 1.1 - April 15, 2025

1. INTRODUCTION

Kintelle and its affiliated legal entities ("Kintelle," "we," "our," or "us") respect your privacy. This Privacy Policy describes how we collect, use, disclose, and protect information in relation to our website, mobile applications, and related services (collectively, the "Platform").

This Privacy Policy applies to all information collected through the Platform, including any personal information, protected health information, and financial information. By accessing or using the Platform, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

2. INFORMATION WE COLLECT

2.1 Personal Information

We may collect the following categories of personal information:

• Identifiers: Name, email address, phone number, postal address, account username and password, IP address, and device identifiers.

• Financial Information: Insurance information, benefit details, payment method information, and financial account details.

• Health Information: Information related to your fertility treatment journey, medical history, diagnostic test results, treatment plans, and other health-related information you choose to provide.

• Communications: Information you provide when contacting us, including customer support inquiries and feedback.

• Usage Data: Information about how you use the Platform, including pages visited, features used, and time spent on the Platform.

2.2 Protected Health Information

If you provide us with protected health information ("PHI") as defined under the Health Insurance Portability and Accountability Act ("HIPAA"), our use and disclosure of such information will be governed by our HIPAA policies and applicable Business Associate Agreements where relevant. This may include information about your medical diagnoses, treatment plans, and healthcare providers.

2.3 User Content

We collect any content you voluntarily provide to the Platform, including document uploads, form submissions, and responses to questionnaires or surveys.

2.4 Automatically Collected Information

We may automatically collect certain information when you visit, use, or navigate the Platform, including:

• Device Information: Computer or mobile device information, operating system, browser type, and other technical information.

• Usage Information: Information about your interaction with the Platform, including pages visited, features used, time spent, and referring websites.

• Location Information: General location information derived from your IP address or more precise location if you grant permission.

2.5 Cookies and Similar Technologies

We may use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing behavior and to better personalize your experience. These technologies help us remember your preferences, understand how you use the Platform, and improve its features and content.

You can control cookie preferences through your browser settings. However, disabling cookies may limit your ability to use certain features of the Platform.

3. HOW WE USE YOUR INFORMATION

We use your information for the following purposes:

3.1 Provide and Maintain the Platform

• Process and complete transactions

• Establish and maintain user accounts

• Provide customer support and respond to inquiries

• Enable features and functionality of the Platform

• Generate personalized financial projections and recommendations

• Process document uploads and extract relevant information

3.2 Improve and Develop the Platform

• Analyze usage patterns and user preferences

• Test and develop new features and functionality

• Fix bugs and resolve technical issues

• Conduct research and analysis to improve user experience

3.3 Communicate With You

• Send administrative communications regarding the Platform

• Provide updates about your account or the services

• Respond to your inquiries and support requests

• Send marketing communications (with your consent where required)

3.4 Ensure Security and Compliance

• Verify user identity and prevent fraud

• Ensure the security of the Platform

• Enforce our Terms and Conditions

• Comply with applicable laws and regulations

  
  

4. HOW WE SHARE YOUR INFORMATION

We may share your information in the following circumstances:

4.1 With Your Consent

We may share your information when you specifically direct us to do so, provide your explicit consent and/or when operating on behalf of another organization as governed by a Business Associate Agreement.

4.2 Service Providers

We may share your information with third-party service providers who perform services on our behalf, such as web hosting, data analysis, payment processing, and customer service. These service providers have access to your information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

4.3 Business Transfers

If Kintelle is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of company assets, your information may be transferred or disclosed as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

4.6 Business Transactions and Corporate Transfers

If Kintelle is involved in a corporate transaction such as a merger, acquisition, reorganization, or sale of all or substantially all of its assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Platform of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information. We will ensure that any such transfer will be done in compliance with applicable data protection laws, including requiring the new entity to honor the commitments we've made in this Privacy Policy.

4.7 Legal Obligation Disclosures

We may disclose your information to comply with a legal obligation if we believe in good faith that such action is necessary to:

a) Comply with a legal obligation, court order, subpoena, or other legal process; b) Protect and defend the rights or property of Kintelle; c) Prevent or investigate possible wrongdoing in connection with the Platform; d) Protect the personal safety of users of the Platform or the public; e) Protect against legal liability; f) Respond to valid requests by public authorities (e.g., a court or government agency).

When possible and permitted by law, we will attempt to notify you when we are required to provide your information to third parties in connection with a legal obligation.

4.8 De-identified or Aggregated Data

We may share de-identified or aggregated information, which cannot reasonably be used to identify you, with third parties for research, analysis, and similar purposes.

5. DATA SECURITY

We implement appropriate technical and organizational measures to protect the security, confidentiality, and integrity of your information. However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.

For information classified as protected health information under HIPAA, we maintain physical, technical, and administrative safeguards in compliance with HIPAA Security Rule requirements.

6. DATA RETENTION

We will retain your information for as long as your account is active, as necessary to provide you with the services, comply with our legal obligations, resolve disputes, and enforce our agreements. When we no longer need to use your information and there is no need for us to keep it to comply with our legal or regulatory obligations, we will either remove it from our systems or depersonalize it so that we cannot identify you.

7. YOUR PRIVACY RIGHTS AND CHOICES

Depending on your location, you may have certain rights regarding your personal information:

7.1 Access and Portability

You may request a copy of your personal information that we hold.

7.2 Correction

You may request that we correct inaccurate or incomplete information about you.

7.3 Deletion

You may request that we delete your personal information, subject to certain exceptions provided by law.

7.4 Restriction and Objection

You may request that we restrict the processing of your information or object to our processing of your information.

7.5 Withdrawal of Consent

Where we rely on your consent to process your information, you have the right to withdraw your consent at any time.

7.6 Exercising Your Rights

To exercise these rights, please contact us at hello@kintelle.com with the subject line "Privacy Rights Request." We will respond to your request within a reasonable timeframe and in accordance with applicable law.

8. CHILDREN'S PRIVACY

The Platform is not intended for individuals under the age of 18. We do not knowingly collect or solicit information from anyone under 18 years of age. If we learn that we have collected personal information from a child under 18 without verification of parental consent, we will delete that information as quickly as possible. If you believe we might have any information from or about a child under 18, please contact us at hello@kintelle.com.

9. STATE-SPECIFIC PRIVACY RIGHTS

9.1 California Privacy Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

• The right to know what personal information we collect, use, disclose, and sell

• The right to delete personal information

• The right to opt-out of the sale of personal information

• The right to non-discrimination for exercising your rights

• The right to limit the use and disclosure of sensitive personal information

To exercise these rights, please contact us as described in Section 7.6.

9.2 Other State Privacy Laws

Residents of Virginia, Colorado, Connecticut, and other states with comprehensive privacy laws may have similar rights regarding their personal information. We will comply with applicable state privacy laws that govern how we collect, use, and share your information.

10. INTERNATIONAL DATA TRANSFERS

The Platform is operated in the United States. If you are located outside of the United States, please be aware that information we collect will be transferred to, processed, and stored in the United States. The data protection laws of the United States may differ from those of the country in which you are located, and your information may be subject to access requests from governments, courts, or law enforcement in the United States according to the laws of the United States.

11. HIPAA COMPLIANCE

11.1 Business Associate Agreement

When we receive, create, transmit, or maintain protected health information on behalf of a covered entity or another business associate under HIPAA, we do so in accordance with the terms of a Business Associate Agreement with that entity. We have implemented administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of protected health information as required by HIPAA.

11.2 Minimum Necessary Standard

We follow the "minimum necessary" standard under HIPAA, which requires reasonable efforts to limit the use or disclosure of, and requests for, protected health information to the minimum necessary to accomplish the intended purpose.

11.3 Your HIPAA Rights

If your information is subject to HIPAA, you have certain rights regarding your protected health information, including the right to:

• Access and receive a copy of your protected health information

• Request amendments to inaccurate or incomplete information

• Receive an accounting of certain disclosures of your protected health information

• Request restrictions on certain uses and disclosures

• Request confidential communications

To exercise these rights, please contact your healthcare provider directly.

12. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on the Platform with an updated effective date. If we make material changes, we will notify you through the Platform or by other means, such as email, prior to the changes becoming effective. Your continued use of the Platform after the effective date of the revised Privacy Policy constitutes your acceptance of the changes.

13. DATA BREACH NOTIFICATION

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to your personal information, we will notify you and relevant regulatory authorities (if required) without undue delay and in accordance with applicable law.

14. CONTACT US

If you have any questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact us at:

Email: hello@kintelle.com Subject: Privacy Inquiry

We will respond to your inquiry within a reasonable timeframe.

15. DATA PROTECTION TECHNOLOGIES

We employ various technological measures to protect the integrity of our Platform and the data contained within it. These technologies may include:

15.1 Access Monitoring

We implement systems to identify and prevent suspicious access patterns, unauthorized data collection, scraping activities, and excessive usage that may indicate automated access attempts. These systems may log and analyze access patterns, page requests, request frequency, and similar metrics.

15.2 Technical Safeguards

We may, at our discretion, utilize various technical safeguards including, but not limited to:

• Rate limiting and request throttling

• Browser fingerprinting

• CAPTCHA and human verification systems

• IP-based access controls

• Session monitoring

• Traffic pattern analysis

• Machine learning algorithms to detect abnormal usage patterns

• API access controls and authentication requirements

• Content delivery security measures

15.3 Prohibited Access Detection

We maintain systems designed to detect attempts to scrape, extract, or programmatically access our Platform outside of our approved interfaces. When such activities are detected, we may:

• Block access from the originating IP address or range

• Implement progressive security measures

• Preserve forensic evidence for potential legal action

• Report violation patterns to relevant internet service providers or authorities

Using automated tools, bots, scripts, or other technological means to access, scrape, copy, or monitor our Platform without our express permission violates our Terms and Conditions and may violate computer fraud and abuse laws, anti-hacking statutes, intellectual property laws, and other regulations.

16. HEALTH DATA PROVISIONS

16.1 Health Information Safeguards

When we process health information, we comply with applicable regulations including HIPAA. Specific safeguards include:

• Encryption of health data in transit and at rest

• Access controls limiting staff access to health information

• Security assessments and testing

• Workforce training on handling sensitive health information

• Physical, technical, and administrative safeguards

• Subprocessor due diligence and contractual obligations

• Periodic compliance audits

16.2 De-identification Practices

When we de-identify health information:

• We follow HIPAA Expert Determination or Safe Harbor methods

• We maintain a formal de-identification policy and procedures

• We implement technical safeguards against re-identification

• We require contractual commitments from recipients of de-identified data

• We maintain records of our de-identification processes

16.3 HIPAA Authorization

If you provide information that constitutes PHI for which you are the individual, you acknowledge that your provision of this information to Kintelle may, in certain circumstances, require a valid HIPAA authorization. You agree that your acceptance of this Privacy Policy constitutes your authorization for Kintelle to use and disclose your PHI as described in this Privacy Policy, to the extent such authorization is required under HIPAA.

17. FINANCIAL DATA PROVISIONS

17.1 Financial Information Protection

We implement the following protections for financial information:

• Encryption of financial data in transit and at rest

• Compliance with PCI DSS standards where applicable

• Limited retention of financial account information

• Minimal collection of payment details

• Restricted access to financial information on a need-to-know basis

• Secure transmission of financial data to authorized third parties

17.2 Aggregated Financial Insights

We may generate aggregated insights from financial information to improve our services. When doing so:

• We remove personally identifiable information

• We combine data from multiple users to prevent re-identification

• We use statistical methods to mask individual data points

• We only share aggregated insights that cannot reasonably identify individual users

  
  

18. CONTACT US

If you have any questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact us at:

Email: hello@kintelle.com Subject: Privacy Inquiry

We will respond to your inquiry within a reasonable timeframe.