Zone Blue Logo

KITT Privacy Policy

Last updated: 21 May 2025

Introduction

KITT ("we," "us," or "our") is committed to protecting the privacy of practitioners in Australia who use our Chrome extension ("Extension"). This Privacy Policy explains how we collect, use, disclose and store your personal and health-related information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth).

Scope

This Policy applies only to practitioners located in Australia using the KITT Extension in conjunction with their Nookal practice management system.

Information We Collect

Authentication Information:

  • Practitioner sign-in credentials are collected via a secure OAuth2 flow
  • We store only a cryptographically-secured access token in your browser's chrome.storage.local

Health Information:

  • When you click "Generate Letter," KITT reads patient notes (e.g. assessment details, diagnoses, treatment plans) displayed on your Nookal client page
  • These notes are transmitted over SSL to our AI service for drafting GP referral and update letters

Usage Data & Website Content:

  • We collect minimal telemetry (e.g. feature-use counts, errors) to help us improve performance
  • We also read and write text content on the Nookal page only when you explicitly invoke the "Generate Letter" action

How We Use Your Information

To Provide KITT Services:

  • Drafting GP referral and update letters from your patient notes
  • Injecting generated correspondence back into Nookal for your review and editing

To Improve Our Extension:

  • Analysing anonymous usage metrics and error logs to prioritise feature development and bug fixes

To Manage Your Account:

  • Maintaining your authenticated session so you aren't prompted to sign in on every browser restart

Disclosure of Your Information

We will not sell, trade or rent your personal or patient information. We may disclose data only in the following circumstances:

  • Service Providers: Our AI-processing partner (e.g. Claude) receives your patient notes and template instructions solely to generate letters. They are bound by confidentiality and may not retain data beyond processing.
  • Legal Requirements: If required by law or a court order.
  • Consent: You explicitly request another third-party integration.

Data Storage and Security

  • All data transmissions between the Extension and our servers (and between our servers and the AI service) are encrypted via HTTPS/SSL
  • Access tokens are stored in chrome.storage.local and encrypted at rest by the browser
  • We implement industry-standard measures (firewalls, intrusion detection, periodic security reviews) to protect against unauthorised access, alteration, or destruction of data

Data Retention

  • Patient notes and generated letters are retained on our servers only as long as necessary to complete the drafting process
  • Authentication tokens persist in your browser until you explicitly sign out or uninstall the Extension
  • Usage logs are retained for up to 12 months, then purged or anonymised

Your Rights under the Privacy Act

Under the Australian Privacy Principles you have the right to:

  • Access the personal information we hold about you
  • Request correction of any inaccuracies
  • Lodge a complaint with us about a potential breach of privacy

Third-Party Links

Our Extension may include links to third-party sites (e.g. Nookal's website). This Policy does not govern those sites—you should review their privacy notices separately.

Changes to This Policy

We may update this Policy to reflect changes in our practices or legal requirements. We will post the updated Policy in our Extension's settings page and indicate the "Last updated" date above.

Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact:

Zoneblue Privacy Officer
Email: support@zoneblue.ai
Address: 253-255 David Low Way, Peregian Beach QLD 4573