Health Data & HIPAA Disclosure

This Health Data & HIPAA Disclosure explains how Knit Healthcare, LLC ("Knit", "we", "us", or "our") handles health information and how laws such as the Health Insurance Portability And Accountability Act ("HIPAA") may apply when you use our services.

This disclosure is intended to be clear and transparent. It does not replace our Privacy Policy or Security Policy, which provide additional detail.

1. What Knit Is (and Is Not)

Knit is a consumer health data platform that helps individuals collect, organize, and understand their health and wellness information in one place.

• Knit is not a healthcare provider

• Knit does not provide medical advice, diagnosis, or treatment

• Knit does not replace your doctor or other healthcare professionals

2. Types of Data Knit May Handle

Depending on what you choose to connect or enter, Knit may handle different types of health-related data, including:

Wellness & Lifestyle Data

• Activity, steps, heart rate, sleep, and similar metrics

• Data from connected devices or apps

• Data you enter manually

Medical Record Data

• Medications

• Lab results

• Diagnoses and conditions

• Visit or encounter data

Medical records are accessed only when you explicitly authorize a connection, such as through patient-authorized record access standard (for example, SMART on FHIR).

3. User Control & Consent

You remain in control of your health data at all times.

• You choose which devices, apps, or medical records to connect

• You choose which data points to share

• You can revoke access at any time

• Knit does not require Social Security numbers or insurance IDs

If You Revoke Access

• New data stops flowing into Knit

• Previously shared data is removed from Knit's data-sharing systems

• Your previously collected data may still be visible to you in the app until you delete your account or data

4. HIPAA & Knit

Is Knit Covered by HIPAA?

Knit is not a HIPAA Covered Entity (such as a healthcare provider or health plan).

HIPAA may apply only to specific data flows when required by law or contract, such as when Knit works with certain healthcare data partners under appropriate agreements.

Until such arrangements are in place, HIPAA protections may not apply to all data stored in Knit.

5. Consumer Health Data vs. HIPAA Data

Some information in Knit may not be protected by HIPAA, including:

• Wellness and lifestyle data

• Data you manually enter

• Data from consumer devices or apps

Even when HIPAA does not apply, Knit applied consistent privacy and security safeguards across all health data.

6. Use of De-Identified and Aggregated Data

Knit may use and share de-identified or aggregated health data for purposes such as:

• Analytics and product improvement

• Research

• AI and model training

• Commercial partnerships with researchers, pharmaceutical companies, or healthcare organizations

Knit does not sell identifiable personal health information.

7. AI & Health Data

Knit may use health data to power insights, summaries, or AI-driven features.

• AI does not provide medical advice

• AI systems are not a substitute for professional care

• AI training uses only de-identified or aggregated data

• You will have the ability to opt out of having your data used for AI or language model training

8. Security & Breach Notification

Knit uses administrative, technical, and organizational safeguards designed to protect health data.

If a security incident occurs, Knit will:

• Investigate and respond appropriately

• Notify affected users as required by applicable law

9. Children's Health Data

Knit does not support accounts for individuals under 18 years old and does not knowingly collect health data from minors.

10. Changes to This Disclosure

We may update this Health Data & HIPAA Disclosure as laws, partnerships, or our services evolve. Updates will be posted on our website.

11. Contact Us

If you have questions or concerns about how your health data is handled, please contact us at:

Knit Healthcare, LLC
Email: hello@knithealthcare.com