Privacy Policy

Last updated: 29 May 2026

This policy explains how Kahloon, LLC (“Kahloon”, “we”) handles personal information in Clinic by Kahloon (the “Service”). We keep it short and plain. Questions? Email info@kahloon.com.

1. Our role

When a clinic uses the Service to manage its patients, the clinic decides what data is collected and why — so the clinic is responsible for that data, and we process it on the clinic’s behalf (see our Data Processing Addendum). For account and billing information we collect directly from you, we are responsible.

2. Information we collect

Account information — name, email, and role, used to sign you in and identify you.
Clinical and patient information — records a clinic enters, such as patient details, visits, vital signs, prescriptions, and billing. This can include health information.
Payment information — handled by Stripe; we do not store full card numbers.
Usage and device information — basic logs needed to run, secure, and improve the Service.

3. Health information

Health information is sensitive, and we treat it that way. It is encrypted, access is restricted by role, and views and changes to clinical records are recorded in an audit log. We do not sell health information or use it for advertising.

4. How we use information

We use information to provide and secure the Service, process payments, provide support, meet legal obligations, and improve how the Service works. We do not sell personal information.

5. Who we share with

We share information only with service providers that help us run the Service, under appropriate confidentiality and security terms. These currently include:

Microsoft Azure — secure cloud hosting and storage.
Stripe — payment processing.
[Email provider] — sign-in and transactional emails.

We may also disclose information if required by law, or to protect rights and safety.

6. Where data is processed

Kahloon operates from the United States, and data may be stored and processed there or in other regions where our providers operate. Anyone can sign up from anywhere; by using the Service you understand your information may be processed outside your home country, with appropriate safeguards.

7. Security

We protect data with encryption in transit and at rest, role-based access controls, strict separation between each organisation’s data, and audit logging. No system is perfectly secure, but we work to keep your information safe.

8. Retention

We keep information for as long as an account is active or as needed to provide the Service, then delete or anonymise it within a reasonable period [retention periods to be confirmed], unless we must keep it longer for legal reasons.

9. Your rights

Depending on where you live, you may have rights to access, correct, or delete your information, or to object to certain processing. For patient records held by a clinic, contact the clinic directly; we will help them respond. For your account data, contact info@kahloon.com.

10. Children

Clinics may keep records for patients who are minors, as part of providing care. Those records are managed by the clinic under its own legal basis and consents. The Service is not intended for children to sign up on their own.

11. Changes

We may update this policy from time to time. If changes are material, we will give reasonable notice.

12. Contact

For any privacy question or request, email info@kahloon.com.