Kitt AI Privacy Policy

Account Information:

• Practitioner registration details (name, email, practice information) collected during account creation
• Authentication credentials managed via a secure OAuth2 flow

Clinical Audio:

• The Clinical Scribe feature captures consultation audio when activated by the practitioner
• Audio is processed in real-time for transcription purposes only and is not stored or retained after processing

Health Information:

• Clinical notes (e.g. SOAP notes, assessment details, diagnoses) as entered or generated through the Platform
• Treatment plans, exercise prescriptions, and clinical correspondence (GP letters, referrals, imaging requests, specialist reports)
• Client contextual memory data used to inform subsequent sessions

Integration Data:

• Where a practitioner enables integration with Nookal or Cliniko, client records, appointments, and notes are synced between the Platform and the connected practice management system
• Integration is optional and initiated by the practitioner

Usage Data:

• We collect minimal telemetry (e.g. feature-use counts, errors) to help us improve performance and reliability

• Client profile information (name, contact details) as entered by the practitioner
• Exercise completion and progress tracking data logged by the client
• Pain check-in responses and self-reported health metrics
• Questions and interactions with the Kitt AI assistant
• Recovery and adherence metrics derived from client activity

This data is used to support the client's care plan and to provide the practitioner with visibility into client progress and engagement between appointments.

To Provide Kitt Services:

• Transcribing consultations and generating clinical documentation via the Clinical Scribe
• Creating treatment plans and exercise prescriptions
• Generating clinical correspondence including GP letters, referrals, and imaging requests
• Providing client contextual memory to inform subsequent sessions
• Delivering treatment plans, exercises, and education to clients via Kitt Companion
• Enabling closed-loop care by providing practitioners with client adherence and progress data
• Syncing data with connected practice management systems (Nookal, Cliniko)

To Improve the Platform:

• Analysing anonymised usage metrics and error logs to prioritise feature development and bug fixes

To Manage Your Account:

• Maintaining your authenticated session and account preferences

• AI Processing Partners: Clinical data is sent to our AI-processing partner (e.g. Anthropic/Claude) solely to generate documentation, treatment plans, and other clinical outputs. They are bound by confidentiality and may not retain data beyond processing.
• Practice Management Systems: Where integration is enabled by the practitioner, data is shared with Nookal or Cliniko as necessary to sync records.
• Legal Requirements: If required by law or a court order.
• Consent: Where you explicitly request another third-party integration or data sharing.

• All data transmissions between the Platform and our servers (and between our servers and AI processing services) are encrypted via HTTPS/SSL
• All data is encrypted at rest using AES-256 encryption
• Infrastructure is hosted in Australia with strict access controls and data governance policies
• We implement industry-standard measures (firewalls, intrusion detection, periodic security reviews) to protect against unauthorised access, alteration, or destruction of data

• Audio recordings are not retained — audio is processed in real-time for transcription and discarded immediately after processing
• Clinical notes, treatment plans, exercise prescriptions, and generated documents are retained for as long as the practitioner's account is active
• Kitt Companion data (client progress, pain check-ins, exercise tracking) is retained for as long as the associated practitioner account is active
• Usage logs are retained for up to 12 months, then purged or anonymised
• Upon account closure, all associated data is deleted within 90 days unless retention is required by law

• Access the personal information we hold about you
• Request correction of any inaccuracies
• Lodge a complaint with us about a potential breach of privacy
• Request deletion of your data (subject to legal retention obligations)