Kento Health Privacy Policy

Kento Health Privacy Policy

(For U.S. Geography)

Effective Date: February 16, 2026

Scope of this Privacy Policy

This Privacy Policy describes how Kento Health Inc. (“Kento Health,” “we,” “us,” or “our”) collects, uses, discloses, retains, and safeguards Personal Data in connection with our websites, mobile applications, digital platforms, clinician interfaces, connected device integrations, analytics systems, and related services (collectively, the “Service”).

This Privacy Policy applies to Personal Data that is not governed exclusively by our HIPAA Notice of Privacy Practices.

If there is a conflict between this Privacy Policy and our HIPAA Notice of Privacy Practices with respect to Protected Health Information (“PHI”), the HIPAA Notice shall control.

Our Service is intended solely for users located within the United States.

Agreement to Terms

By accessing or using our Service, you acknowledge and agree to this Privacy Policy and our Terms of Service, and you consent to our collection, use, disclosure, and processing of your Personal Data as described herein.

By registering for, visiting, or using our Service, you:

  • Confirm that you have read and understood this Privacy Policy;

  • Acknowledge that your use of the Service is governed by our Terms of Service;

  • Confirm that you have reviewed our HIPAA Notice of Privacy Practices, which describes how PHI may be used and disclosed for treatment, payment, healthcare operations, and other lawful purposes under the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”); and

  • Agree that in the event of any inconsistency between this Privacy Policy and the HIPAA Notice concerning PHI, the HIPAA Notice shall prevail.

If you do not agree to this Privacy Policy or the Terms of Service, you should not use the Service.

Protected Health Information (PHI)

Kento Health is committed to protecting the confidentiality, integrity, and availability of PHI received in connection with your use of the Service.

PHI includes information that:

  • Identifies you, or could reasonably be used to identify you; and

  • Relates to your past, present, or future physical or mental health condition;

  • The provision of healthcare services to you; or

  • Past, present, or future payment for healthcare services.


Depending on the deployment model, Kento Health may act as a Business Associate under a Business Associate Agreement (“BAA”) with a Covered Entity (such as a hospital or health system), or in limited circumstances as a Covered Entity directly.

When operating as a Business Associate:

  • The Covered Entity determines its official Designated Record Set;

  • Kento Health maintains Platform Records generated within its systems;

  • Handling of PHI is governed by HIPAA and the applicable BAA.

Federal and state laws may provide additional rights concerning access to and disclosure of PHI. For a comprehensive description of your HIPAA rights, please refer to our HIPAA Notice of Privacy Practices.

The Personal Data We Collect

  1. Personal Identifiers

  • Name

  • Sex, gender, age

  • Contact information (including address, email address, telephone number)

  • Social security number (where legally required)

  • Employer, insurer, or health system information

  • Other identifiers voluntarily provided

  1. Health Information

We may collect health-related information, including PHI, such as:

  • Medical history

  • Treatment information

  • Health status information

  • Biometric or device-generated data

  • Engagement and interaction data

  • Height, weight, blood pressure, and related metrics


Health information, including PHI, is considered Sensitive User Data.

  1. Financial Information

  • Payment details

  • Billing information

  • Insurance information

Payment processing may be performed by third-party payment processors.

  1. Other Information

  • Usage data

  • Preferences

  • Geolocation data

  • Demographic information

  • Messages transmitted through the Service

  • Audio or visual information (e.g., call recordings for quality assurance where permitted by law)

  • Device, browser, and configuration data

  • IP address and internet activity information

You are not required to provide all Personal Data described above. However, failure to provide information necessary to deliver the Service or comply with legal obligations may limit functionality.

How We Collect Personal Data

We collect Personal Data, including Sensitive User Data, through the following means:

Direct Collection

  • Through our website, applications, and digital platforms

  • When you create an account

  • When you enroll in or use our Service

  • Through direct communications with us

Indirect Collection

  • From employers, insurers, and health systems pursuant to bilateral agreements

  • From wearable devices and third-party integrations authorized by you

  • From third-party analytics providers

  • From publicly available databases where permitted by law


Automatic Collection – Cookies and Similar Technologies

We use cookies, pixels, beacons, and similar technologies to collect information automatically.

We use session-based and persistent cookies. You may adjust cookie settings through your browser preferences. Blocking cookies may affect functionality.

We do not currently respond to “Do Not Track” signals except as required by applicable law.

How We Use Personal Data 

We use, collect, process and disclose Personal Data, which includes Sensitive User Data, to: 

We use Personal Data to:

  • Provide and administer the Service

  • Facilitate healthcare engagement

  • Support healthcare providers

  • Process payments

  • Manage accounts

  • Improve performance and analytics

  • Enforce contractual rights

  • Comply with legal obligations

  • Protect against fraud, misuse, or security threats


We may use de-identified or aggregated information for research, analytics, product improvement, and reporting purposes.

How and with Whom We Share Personal Data

We may share Personal Data with:

  • Corporate affiliates

  • Employers, healthcare providers, insurers, and health systems pursuant to agreements

  • Service providers operating under contractual confidentiality and security obligations

  • Law enforcement or regulatory authorities when legally required

  • Professional advisors

  • Acquirers in corporate transactions

Kento Health does not sell Personal Data.

We may disclose de-identified or aggregated data that does not identify individuals.

Confidentiality and Security

Kento Health implements administrative, technical, and physical safeguards designed to protect Personal Data and PHI, including:

  • Encryption in transit and at rest

  • Role-based access controls

  • Multi-factor authentication

  • Access logging and audit monitoring

  • Secure development practices

  • Periodic security reviews

Access to PHI is restricted to authorized workforce members based on job function.

While we prioritize your Personal Data's safety, we cannot guarantee complete security due to unforeseen circumstances like unauthorized breaches or software malfunctions. Especially with email or text communications, it's imperative to note that these mediums might not be as secure as our application. Also, by downloading our mobile application from platforms like Apple App Store or Google Play, they might identify you as a user of our Service. If security concerns arise, please immediately reach out to the contact provided in this policy.

Breach Notification

In the event of a security incident involving PHI, Kento Health will comply with applicable breach notification requirements under HIPAA and relevant state laws.

When operating under a BAA, notification procedures are governed by the applicable agreement.

Data Minimization

We collect and retain only the Personal Data reasonably necessary to provide the Service, fulfill contractual obligations, comply with legal requirements, and manage operational risk.

Data Retention

Personal Data is retained only as long as necessary for the purposes for which it was collected, or longer if required by law, contractual obligation, or risk management considerations.

Retention determinations consider:

  • Legal and regulatory requirements

  • Contractual obligations

  • Sensitivity of the data

  • Risk of harm from unauthorized disclosure

Data that is no longer required is securely destroyed, erased, or anonymized in accordance with applicable laws.

Inactive accounts are defined based on absence of authenticated user interaction.

Residual copies may remain in secure backup systems for limited periods consistent with documented retention schedules.

Privacy Rights

To access, modify, or erase your Personal Data, or to understand our practices, connect with us at the provided email. Sometimes, we might not be able to fulfill certain requests due to operational or legal reasons. Please note that we may ask you to verify your identity before taking further action on your request. The verification methods we use may include requests to disclose your first name, last name, email address, location information, security question answer and other information.

  • Managing Your Information: You are responsible for keeping your Personal Data up-to-date. You can also ask us to correct inaccurate or incomplete Personal Data concerning you that you cannot update yourself.

  • Access to Your Information: You have the right to request information about the Personal Data we hold on you at any time. You can contact us and we will provide you with your Personal Data via email. If you require additional copies, we may need to charge a reasonable fee.

If you are a Californian resident, once per calendar year, you may request that we provide a list of companies to which we disclose your Personal Data for business purposes, and a list of the categories of such Personal Data that we share. You may request further information about our compliance with this law by contacting us. Please include “California Privacy Rights Request” in the first line of the description and your California mailing or street address. Please note that we are only required to respond to one request per client each year, and we are not required to respond to requests made by any other means, nor to requests made by non-California US residents. 

  • Right to Erasure: If you no longer want us to use your Personal Data to provide you with the latest news about our Service and/or other helpful information, you can request that we erase your Personal Data by contacting us. 

Please note, however, that we may retain some of your Personal Data as necessary for our legitimate interests, such as fraud detection and enhancing security. We may also retain and use your Personal Data to the extent necessary to comply with our legal obligations, such as keeping information for tax, legal reporting and auditing obligations, as well as professional obligations. Information you have shared with others (e.g. comments, community postings) may continue to be publicly visible. Additionally, some copies of your information (e.g. log records) may remain in our database, but are disassociated from personal identifiers. Residual copies may also be kept in our backup systems. If we have shared your Personal Data with service providers, we will let them know about the erasure where possible.

  • Right to Object to Direct Marketing: Under certain scenarios, you may get marketing messages from us. If you have already given your consent, but you prefer not to receive promotional information from us, you may unsubscribe by using the unsubscribe link situated at the bottom of any promotional message you receive from us or by contacting us by email. However, you cannot unsubscribe from essential communications about your account.

  • Restriction of Processing: You can ask us to block or suppress the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of that Personal Data or you object to us processing it, and we have no legitimate grounds that override yours. Such request alone does not stop us from storing your Personal Data.

  • Right to Portability: Whenever we process your Personal Data, by automated means based on your consent or based on an agreement, you have the right to get a copy of your Personal Data transferred to you or to another party. This only includes the Personal Data you have provided to us.

  • Automated Decision-Making: You have the right to elect not to be subject to a decision based solely on automated processing, including profiling (“Automated Decision-Making”). Our Service does not currently use Automated Decision-Making.

  • Consent Withdrawal: To the extent we base the collection, processing, and sharing of your Personal Data on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on such consent before its withdrawal.

  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. 

  • Right to Limit the Use of Sensitive Personal Data: If you are a resident of a state with laws that provide for a right to limit the use of sensitive Personal Data, as defined in the applicable law(s), you have the right to limit the use of your sensitive Personal Data to only those purposes that are necessary for us to provide the Service to you, by contacting us. 

For comprehensive details about your PHI rights, refer to our HIPAA Notice.

Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of those third parties.

Privacy Concerning Minors

The Service is not directed to minors below the age of majority in their jurisdiction without appropriate authorization. If we learn that we have inadvertently collected such information, we will take appropriate corrective action.

Policy Updates

We may update this Privacy Policy periodically. Material changes will be communicated in accordance with applicable law.

Termination

Upon termination of your account, Personal Data will be handled in accordance with applicable law, contractual obligations, and our Data Retention & Destruction Policy.

Queries and Feedback

For any concerns or feedback related to this Privacy Policy or our Service, please contact Kento Health’s Privacy Officer at: support@kentohealth.com or at the following address:

Kento Health Inc.
ATTN.: Privacy Officer

Phone : 514 641 2753

800 Rue du Square-Victoria suite 442, Montreal, 
QC H4Z 1C3 Canada

If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to lodge a complaint with the competent supervisory authority.

By using our Service, you acknowledge that you have read and understand this Privacy Policy.