Privacy Policy

1. Overview

Kyn Skyn Care ("we", "us") is committed to protecting your privacy and complying with the Health Insurance Portability and Accountability Act (HIPAA). This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our telehealth platform.

2. Information We Collect

Personal Information: Name, email address, phone number, date of birth, gender, and mailing address provided during registration and booking.

Protected Health Information (PHI): Medical history, skin conditions, symptoms, medications, allergies, skin photographs, consultation notes, prescriptions, and pharmacy information provided during the intake and consultation process.

Payment Information: Payment card details are processed securely by Stripe and are never stored on our servers.

3. How We Use Your Information

We use your information to facilitate telehealth consultations with licensed dermatologists, process prescriptions and send them to your selected pharmacy, process payments for services, send appointment confirmations and reminders, and improve our services. We do not sell your personal or health information to third parties.

4. HIPAA Compliance

We maintain administrative, technical, and physical safeguards to protect your PHI in compliance with HIPAA regulations:

• All data is encrypted in transit (TLS 1.2+) and at rest
• Medical data is stored on HIPAA-compliant infrastructure with signed Business Associate Agreements (BAAs)
• Access to PHI is restricted to authorized healthcare providers involved in your care
• Sessions automatically expire after 15 minutes of inactivity
• No tracking pixels, analytics, or advertising scripts are used on pages that display PHI
• Photographs are stripped of GPS and device metadata before transmission

5. Information Sharing

We share your information only with your treating healthcare provider for the purpose of your consultation, your selected pharmacy for prescription fulfillment, our HIPAA-compliant technology partners under signed BAAs (Ola Digital Health for telehealth infrastructure, Supabase for authentication, Stripe for payment processing), and as required by law or legal process.

6. Your Rights

Under HIPAA and applicable state laws, you have the right to access your medical records and request copies, request corrections to your health information, request restrictions on how your PHI is used or disclosed, receive an accounting of disclosures of your PHI, and file a complaint if you believe your privacy rights have been violated.

7. Data Retention

We retain your health information for the period required by applicable state and federal laws (typically 7-10 years for medical records). You may request deletion of your account at any time, subject to legal retention requirements.

8. Security Measures

We implement industry-standard security measures including HTTPS-only access with strict transport security, Content Security Policy headers preventing unauthorized scripts, server-side API proxying (credentials never reach your browser), automatic session expiration, and PHI rejection in URLs.

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or a prominent notice on our platform.

10. Contact Us

For privacy-related inquiries or to exercise your rights, contact our Privacy Officer at privacy@kynskyn.com.