KinrosterClinical Voice Assistant

Privacy Policy

Last updated: April 2026

Kinroster ("we," "our," or "us") is committed to protecting the privacy of our users and the individuals whose information is processed through our platform. This Privacy Policy describes how we collect, use, store, and share information when you use the Kinroster application and related services (collectively, the "Service").

1. Information We Collect

We collect the following categories of information in connection with your use of the Service:

  • Voice Recordings: Audio data captured during voice documentation sessions initiated by caregivers. These recordings are processed in real time and are not retained after transcription unless otherwise configured by your organization.
  • Transcripts: Text transcriptions generated from voice recordings, used to produce structured care documentation.
  • Patient Care Notes: Structured clinical notes, including resident observations, care activities, incident reports, and behavioral documentation generated by our AI from your voice input.
  • Account Information: Name, email address, role, and organizational affiliation provided during account registration and use.
  • Usage Data: Information about how you interact with the Service, including session timestamps, feature usage, and device information.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • AI-Powered Documentation: Processing voice recordings through our AI pipeline to generate structured, clinically relevant care notes.
  • Incident Detection: Automatically identifying and flagging potential incidents such as falls, behavioral changes, or medication concerns within care documentation.
  • Family Updates: Generating summaries and updates for authorized family members based on care documentation, where enabled by the organization.
  • Service Improvement: Analyzing aggregated, de-identified usage patterns to improve the accuracy and reliability of our AI models and overall Service quality.
  • Account Administration: Managing user accounts, authentication, and organizational access controls.

3. Data Storage and Security

All data is stored using Supabase, a secure cloud database platform. We implement the following security measures:

  • All data is encrypted at rest and in transit using industry-standard encryption protocols.
  • Row-Level Security (RLS) policies ensure that users can only access data belonging to their organization.
  • Role-based access controls restrict data access based on user roles within the organization.
  • Regular security audits and monitoring are conducted to identify and address potential vulnerabilities.

4. Third-Party Service Providers

We use the following third-party services to deliver the Service. Each provider processes data only as necessary to perform their designated function:

  • Vapi: Provides voice AI infrastructure for real-time voice interaction and call management.
  • Anthropic (Claude): Processes transcripts to generate structured care notes, detect incidents, and provide AI-powered clinical documentation assistance.
  • OpenAI (Whisper): Provides speech-to-text transcription for voice notes recorded outside the conversational Vapi flow. Audio is streamed directly to the transcription endpoint and is not persisted by Kinroster.
  • Resend: Delivers transactional email (family updates, clinician portal invitations). Email bodies include only the content needed for that notification.
  • Supabase: Hosts our database and authentication infrastructure.

We require all third-party providers to maintain appropriate security standards and to process data only in accordance with our instructions and applicable law. HIPAA Business Associate Agreements with each sub-processor are finalized at the time of customer onboarding alongside the BAA with Kinroster.

5. Data Retention

We retain care documentation and associated data for as long as your organization maintains an active account, or as required by applicable healthcare regulations and record-keeping requirements. Voice recordings are processed in real time and are not stored beyond the duration necessary to complete transcription, unless your organization has configured extended retention.

Upon account termination, we will delete or de-identify your data within 90 days, except where retention is required by law.

6. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal information.
  • Deletion: Request deletion of your personal information, subject to applicable legal retention requirements.
  • Data Export: Request a portable copy of your data in a commonly used, machine-readable format.
  • Opt-Out: Opt out of certain data processing activities where applicable.

To exercise any of these rights, please contact us using the information provided below.

7. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: support@kinroster.com