Privacy Policy

Presence Health, Inc. d/b/a Kiri · Effective Date: May 13, 2026

1. Introduction and Acceptance

This Privacy Policy ("Policy"), together with Kiri's Terms of Use and any other agreements incorporated by reference, describes how Presence Health, Inc., d/b/a Kiri ("Kiri," "we," "us," or "our") collects, uses, discloses, retains, and protects information when you access or use the Kiri mobile application (the "App"), our website at www.saykiri.com (the "Site"), and any related features or services (collectively, the "Services").

PLEASE READ THIS POLICY CAREFULLY. BY ACCESSING OR USING THE SERVICES IN ANY MANNER, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THIS POLICY. IF YOU DO NOT AGREE TO THIS POLICY IN ITS ENTIRETY, YOU MUST IMMEDIATELY DISCONTINUE ALL ACCESS TO AND USE OF THE SERVICES.

Your use of the Services is also governed by our Terms of Use, incorporated herein by reference. In the event of any conflict between this Policy and our Terms of Use regarding privacy matters, this Policy shall govern.

We reserve the right to amend this Policy at any time at our sole discretion. Material changes will be communicated by updating the Effective Date above and, where required by applicable law, by providing notice to registered users. Your continued use of the Services following the posting of any amendment constitutes acceptance of the modified Policy.

2. Scope and Applicability

2.1 This Policy Applies To

  • Registered users and account holders of the Services
  • Parents, legal guardians, or caregivers who create accounts on behalf of infants and children
  • Visitors to the Site, whether or not they create an account
  • All information collected through the App, Site, and any associated features or integrations

2.2 This Policy Does Not Apply To

  • Third-party websites, services, or platforms to which we provide links or integrations
  • Independent healthcare providers or health systems with whom you independently choose to share information
  • Personal information processed by third parties under their own privacy policies

We are not responsible for the privacy practices of any third party. We encourage you to review the privacy policies of any third-party services you access in connection with the Services.

3. Information We Collect

We collect information in three principal ways: (a) information you voluntarily provide, (b) information collected automatically as you use the Services, and (c) information received from third-party sources.

3.1 Information You Provide

(a) Account and Identity Information

  • Full name and username
  • Email address and account password (stored in hashed, salted form; never stored in plaintext)
  • Billing and payment information, processed exclusively by our third-party payment processor; we do not store full payment card numbers

(b) Child Profile and Health-Related Information

Kiri is designed for parents and caregivers to log detailed information about their infant or child. You may voluntarily provide the following, which collectively constitutes sensitive personal information under applicable law:

  • Child's name, date of birth, sex, blood type, and gestational age
  • Sleep schedules, duration, quality, and behavioral patterns
  • Feeding, nursing, formula, and nutritional intake records
  • Diapering frequency and characteristics
  • Growth metrics including weight, length/height, and head circumference
  • Symptoms, conditions, illnesses, temperatures, and health observations
  • Medication names, dosages, and administration records
  • Vaccination and immunization records
  • Developmental milestones, behavioral observations, and caregiver notes
  • Photographs, videos and images you upload
  • Physician and healthcare provider information, to the extent entered by you
  • Lab reports you upload

You are under no obligation to provide any of the above. However, certain features of the Services may not function without it.

(c) Voice and Audio Data

If you elect to use voice-enabled features of the Services:

  • We may collect, transmit, and process audio recordings submitted through the App
  • Audio input may be transcribed into text and structured data using automated processing
  • Audio data is retained only for as long as needed to complete transcription and improve recognition performance
  • We do not use audio recordings for biometric identification or speaker recognition
  • You may disable voice features at any time through App settings without affecting access to other features

(d) Communications and Support

  • Inquiries, feedback, and correspondence submitted through customer support channels
  • Records of communications between you and Kiri personnel
  • Survey responses and testimonials, if voluntarily submitted

3.2 Information Collected Automatically

When you access or use the Services, we and our service providers may automatically collect the following through cookies, SDKs, and similar technologies:

  • Device identifiers (e.g., device ID, advertising ID, IDFA/GAID, where permitted)
  • Device type, model, manufacturer, and operating system version
  • Internet Protocol (IP) address and approximate geographic location derived therefrom (non-precise)
  • Browser type, language preference, and referring URL
  • App version, installation ID, and session data
  • Log data, including timestamps, feature usage, and interaction records
  • Crash reports, performance diagnostics, and error logs

3.3 Cookies and Similar Tracking Technologies

We use cookies and similar technologies on our Site for the following purposes. The Kiri mobile App does not use browser cookies; the technologies described below apply only to www.saykiri.com.

  • Strictly Necessary: Required to operate core features including authentication and session management. These cannot be disabled without impairing core functionality.
  • Product Analytics: We use PostHog (PostHog Inc., processed in PostHog's US data region) to understand how visitors arrive at and interact with our website and to capture exception and error data for debugging. Depending on PostHog's default configuration, this may include automatic capture of pageviews, clicks on interactive elements, and session replay data (a video-like playback of anonymous on-page interactions). PostHog requests are routed through our own domain (a reverse proxy at /ingest/*) to keep tracking same-origin. We do not send personally identifiable account information to PostHog.
  • Site Analytics: We use Google Analytics 4 (GA4), provided by Google LLC, loaded through our Google Tag Manager container. GA4 captures pages viewed, time on page, referring source, approximate geographic region (derived from IP), device and browser type, and anonymous session identifiers, to help us measure traffic and understand which content is useful. We do not send personally identifiable account information to GA4.
  • Conversion Measurement: When you click the “Download Free on iOS” button on www.saykiri.com, an anonymous conversion event is sent to the TikTok advertising platform (TikTok Inc.) via our Google Tag Manager container. The purpose is to measure the effectiveness of influencer marketing campaigns that drive app downloads. TikTok may use this conversion event for ad attribution, audience modeling, and retargeting under TikTok's privacy policy. The TikTok pixel does not fire on any other interaction with our website. We do not send personally identifiable account information to TikTok.
  • Tag Container: Google Tag Manager (GTM) is the umbrella loader for GA4 and the TikTok conversion pixel described above. GTM itself does not set tracking cookies; it loads other tags subject to the rules we configure in our GTM container.
  • Functional: Enable the Site to remember your preferences and settings.

Global Privacy Control. We honor browser-issued Global Privacy Control (GPC) signals as opt-out requests for the sale or sharing of personal information under California and other state privacy laws.

Browser-level controls. You may manage cookies through your browser settings, including blocking or deleting cookies on a per-site basis. To opt out of specific trackers, Google publishes a Google Analytics Opt-out Browser Add-on (tools.google.com/dlpage/gaoptout) that disables GA4 across all websites; TikTok and PostHog respect standard browser tracking-protection settings, including those enabled by Brave, Firefox Strict mode, and Safari Intelligent Tracking Prevention.

3.4 Information from Third-Party Sources

We may receive limited information from the following categories of third-party sources:

  • Product analytics providers (currently PostHog Inc. for www.saykiri.com). Information received is limited to website usage data as described in Section 3.3.
  • Site analytics providers (currently Google LLC for www.saykiri.com, via Google Analytics 4 and Google Tag Manager). Information received is limited to aggregated and de-identified website usage data.
  • Advertising platforms for conversion measurement only (currently TikTok Inc.). Information received is limited to anonymous download conversion events from www.saykiri.com.
  • Cloud infrastructure providers that host our Services.
  • Authentication providers (if you use a third-party sign-in option).
  • Integration partners you affirmatively authorize to connect to your Kiri account.

We do not send personally identifiable account information to any analytics, tag management, or advertising provider. All such information is subject to this Policy and processed only to the extent necessary to provide the Services.

4. How We Use Information

We process personal information only for the purposes described below or for additional purposes disclosed at the time of collection. Where required by law, we identify the applicable legal basis for each category of processing.

4.1 Service Delivery and Account Management

  • To create, manage, and authenticate your account
  • To provide, operate, and maintain all features of the Services
  • To enable tracking, logging, and reporting functionality
  • To generate AI-assisted summaries, insights, and personalized content based on your logged data
  • To process payments and manage billing relationships
  • To facilitate any sharing features you affirmatively elect to use

4.2 Product Development and Improvement

  • To analyze usage patterns and application performance
  • To develop, test, and improve features and functionality
  • To train and refine AI and machine learning models, using only de-identified or aggregated data; we do not use personally identifiable information to train AI models without your separate, explicit consent
  • To conduct internal research, analytics, and quality assurance

4.3 Communications and Support

  • To respond to your inquiries and support requests
  • To send service-related notices, including security alerts, updates, and administrative messages
  • To send optional marketing communications where you have provided consent or where otherwise permitted by applicable law; each such communication includes a clear opt-out mechanism

4.4 Safety, Security, and Integrity

  • To detect, investigate, and prevent unauthorized access, fraud, and other prohibited activity
  • To enforce our Terms of Use and other applicable policies
  • To protect the rights, property, and safety of Kiri, our users, and the public

4.5 Legal Obligations and Regulatory Compliance

  • To comply with applicable laws, regulations, and binding legal processes
  • To respond to lawful requests from governmental or regulatory authorities
  • To exercise or defend legal claims and maintain legally required records

4.6 De-Identified and Aggregated Data

We may derive de-identified or aggregated data from personal information. Such data does not identify any individual and does not constitute personal information under applicable law. We may use, share, and commercialize de-identified or aggregated data for any lawful purpose, including research, analytics, product improvement, and publication of industry insights. We maintain reasonable technical and organizational safeguards designed to prevent re-identification.

5. Artificial Intelligence and Automated Processing

IMPORTANT NOTICE REGARDING AI-GENERATED OUTPUTS

All AI-generated outputs provided through the Services are informational only and do not constitute medical advice, clinical diagnosis, prognosis, or treatment recommendations. Do not make healthcare decisions based solely on information generated by the Services. Always consult a qualified, licensed healthcare professional.

5.1 AI Features and Functionality

Kiri uses artificial intelligence, machine learning, and natural language processing technologies to deliver certain features of the Services, including:

  • Processing and structuring user-provided data into organized records and timelines
  • Generating summaries, trend analyses, and observational insights based on your logged data
  • Providing informational guidance and general wellness information drawn from publicly available knowledge sources
  • Transcribing and processing voice inputs into structured text
  • Identifying patterns across logged events to surface potential observations for caregiver awareness

5.2 Material Limitations and Disclaimers

The following limitations apply to all AI-generated and automated outputs provided through the Services:

  • AI-generated outputs are informational only and do not constitute, and are not intended to constitute, medical advice, diagnosis, prognosis, or treatment recommendations of any kind
  • Kiri is not a licensed healthcare provider, medical device manufacturer, or clinical decision support system under applicable federal or state law
  • AI outputs may be incomplete, inaccurate, outdated, or inapplicable to your child's specific health circumstances
  • No AI-generated output should be used as a substitute for professional consultation with a licensed physician, pediatrician, nurse practitioner, or other qualified healthcare professional
  • Kiri expressly disclaims all liability arising from any reliance on AI-generated or automated outputs in connection with any healthcare decision
  • In accordance with California Assembly Bill 489 (effective January 1, 2026), neither the Kiri platform nor its developers are licensed or certified to diagnose, treat, or practice in any physical or mental health condition. No output of the Services should be construed as implying such licensure or certification

5.3 AI Data Practices

  • We use only de-identified and aggregated data to train and improve AI models used within the Services
  • We do not use personally identifiable information to train AI models without your separate, explicit consent
  • We do not share your identifiable personal information with third-party AI model providers for the purpose of training those providers' general-purpose or foundational models
  • AI-generated outputs supplement caregiver awareness; they do not replace caregiver judgment or professional medical guidance

5.4 No Automated Consequential Decision-Making

We do not use automated processing, including AI or machine learning, to make final decisions that produce legal effects or similarly significant effects concerning individuals without human review. All AI-generated outputs are designed to inform caregiver awareness only. Kiri does not use AI outputs to determine eligibility for services, benefits, or any outcome of material consequence to users.

Where required by applicable law, including California's CPRA regulations on automated decision-making technologies and the EU AI Act, we will implement required disclosures and opt-out mechanisms.

6. Disclosure and Sharing of Information

We do not sell, rent, or lease personal information that directly identifies you or your child to third parties. We may disclose information as described below.

6.1 At Your Direction

You may elect to share reports, logs, summaries, or other data with third parties, including healthcare providers and co-caregivers. Any such sharing is performed at your direction and under your control. We are not responsible for the subsequent actions of third parties with whom you choose to share your information.

6.2 Service Providers and Data Processors

We engage third-party vendors who perform functions on our behalf, including cloud hosting and infrastructure, data analytics, AI processing, customer support, and payment processing. These providers are contractually required to:

  • Process personal information only pursuant to our documented instructions
  • Implement and maintain appropriate administrative, technical, and physical security safeguards
  • Refrain from disclosing personal information to additional parties without our authorization
  • Delete or return personal information upon termination of the service engagement

6.3 Business Transfers

In connection with any merger, acquisition, reorganization, asset sale, or similar transaction, your information may be transferred to a successor entity. We will provide notice of any such transfer, and any successor will be required to honor this Policy or provide you with advance notice of material changes and an opportunity to exercise applicable rights before such changes take effect.

6.4 Legal Process and Protection of Rights

We may disclose information when we have a good-faith belief that such disclosure is necessary to:

  • Comply with applicable law, regulation, court order, subpoena, or other binding legal process
  • Respond to requests from governmental authorities or regulatory bodies with proper jurisdiction
  • Protect the legal rights, property, safety, or security of Kiri, our users, employees, or the public
  • Investigate, prevent, or act upon suspected fraud, illegal activity, or violations of our Terms of Use

Where permitted by law, we will endeavor to provide advance notice to affected users prior to legally compelled disclosure.

6.5 De-Identified and Aggregated Information

We may share de-identified or aggregated information with partners, researchers, analytics providers, and other third parties for purposes including analytics, research, and product improvement. Such information does not identify any individual and is subject to contractual restrictions designed to prevent re-identification.

6.6 Affiliates

We may share information with our affiliated entities, subsidiaries, and parent companies for purposes consistent with this Policy and subject to the same protections described herein.

7. Healthcare Privacy: Voluntary HIPAA-Aligned Standards

IMPORTANT NOTICE REGARDING HIPAA

Kiri is not a HIPAA covered entity, a healthcare provider, a health plan, or a healthcare clearinghouse as those terms are defined under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations (45 C.F.R. Parts 160, 162, and 164). Kiri does not operate under any Business Associate Agreement with any covered entity. Information you provide through the Services is not Protected Health Information (PHI) as defined under HIPAA. Kiri's HIPAA-aligned practices described below are voluntary commitments, not legal obligations.

7.1 Our Voluntary Commitment to Healthcare-Grade Standards

Although Kiri is not legally required to comply with HIPAA, we recognize that our users entrust us with sensitive information about their children's health and development. We believe that information of this nature warrants the same level of care and rigor that HIPAA demands of regulated healthcare organizations. Accordingly, we have voluntarily adopted security and privacy practices modeled on HIPAA's Privacy Rule and Security Rule as a framework for responsible data stewardship.

This voluntary alignment reflects our commitment to our users, not a legal representation that HIPAA applies to our Services or that the information you provide constitutes PHI. Nothing in this Section creates, expands, or implies any legal obligation under HIPAA on Kiri or any right under HIPAA for users.

7.2 HIPAA-Aligned Security Practices We Voluntarily Maintain

Consistent with HIPAA's Security Rule standards, Kiri has implemented the following administrative, technical, and physical safeguards:

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS 1.2 or higher).
  • Encryption at Rest: Sensitive user data stored on our servers is encrypted using AES-256 or equivalent industry-standard encryption.
  • Access Controls: Role-based access controls and least-privilege principles limit access to personal information to authorized personnel who require it for their job functions.
  • Authentication: Multi-factor authentication is required for personnel accessing systems that store or process user data.
  • Audit Logging: We maintain audit logs of access to sensitive data to support accountability and anomaly detection.
  • Workforce Training: Personnel who handle user data receive regular privacy and security awareness training.
  • Vendor Oversight: Third-party service providers who access user data are subject to security review and contractual data protection requirements.
  • Incident Response: We maintain written incident response procedures and business continuity plans consistent with HIPAA's Breach Notification Rule standards.

7.3 HIPAA-Aligned Privacy Practices We Voluntarily Maintain

Consistent with HIPAA's Privacy Rule principles, Kiri voluntarily commits to the following:

  • Minimum necessary use: We access and process only the information necessary for the stated purpose
  • Purpose limitation: We do not use health-related information for purposes materially inconsistent with those disclosed in this Policy without your consent
  • User access and correction: We provide you with meaningful access to, and the ability to correct, your personal information
  • Accountability: We maintain internal policies and designate responsible personnel for privacy and security oversight

7.4 Future Integration with Healthcare Systems

Kiri may in the future explore integrations with electronic health record (EHR) systems or other healthcare platforms. If and when such integrations are developed, we will assess whether those activities require entry into Business Associate Agreements or other formal healthcare compliance arrangements, and we will update this Policy accordingly. No such integrations are currently operational, and no BAAs are currently in effect.

7.5 FTC Health Breach Notification Rule

To the extent our Services involve the collection of personal health records not subject to HIPAA, we comply with the Federal Trade Commission's Health Breach Notification Rule, 16 C.F.R. Part 318, as amended. In the event of a breach of security involving unsecured personal health record information, we will notify affected individuals and the FTC in accordance with applicable legal timelines, and will notify media where required.

8. Children's Privacy

8.1 Intended User Base

The Services are designed exclusively for use by adults who are parents, legal guardians, or authorized caregivers of infants and young children. The App is not directed to, and is not intended for direct use by, children under the age of 13. We do not knowingly collect personal information directly from children under 13.

8.2 Parental and Guardian Responsibility

All child-related information entered into the Services is submitted by an adult caregiver on behalf of the child. By using the Services, you represent and warrant that you are at least 18 years of age and that you are the parent or legal guardian of any child whose information you submit, or have been expressly authorized by such parent or guardian to do so.

8.3 COPPA

Because the Services are directed to adult caregivers rather than children, the Children's Online Privacy Protection Act (COPPA) and the FTC's implementing rules (16 C.F.R. Part 312), including the 2025 amendments effective June 23, 2025, are not generally applicable to our collection of information from registered adult users. Nevertheless, Kiri voluntarily observes the following practices consistent with COPPA's protective intent:

  • We do not knowingly permit children to create accounts or submit information directly
  • We do not use child-related information for behavioral advertising or third-party marketing
  • We do not share child-related information with advertising networks or data brokers
  • We apply data minimization principles to all child-related information
  • Parents and guardians may access, correct, and request deletion of all information they have submitted on behalf of their child at any time

8.4 Discovered Collection from Minors

If we discover or receive credible notice that a child under 13 has created an account or submitted personal information directly, we will promptly delete that information and terminate the associated account. If you believe a minor has submitted information in violation of this Policy, please contact us at support@saykiri.com.

8.5 Applicable State Children's Privacy Laws

Where applicable, we comply with state-level children's privacy requirements, including the Connecticut Data Privacy Act (as amended, effective October 1, 2024), the Florida Digital Bill of Rights (effective July 1, 2024), and other state laws imposing heightened obligations with respect to the processing of data relating to minors. We do not engage in data practices that create a heightened risk of harm to minors as defined under applicable state law.

9. Data Retention and Deletion

9.1 Retention During Active Account

We retain your personal information for as long as your account remains active and for such additional period as is reasonably necessary to fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes, and enforce our agreements.

9.2 Account Deletion and Post-Deletion Retention

When you request deletion of your account from the App Settings menu, we will delete or irreversibly anonymize all personally identifiable information associated with your account immediately after you confirm your deletion request.

Following completion of deletion, we retain only anonymized or aggregated data derived from your information. This retained data does not identify you or your child, cannot reasonably be re-linked to you, and may be retained and used indefinitely for analytics, research, and product improvement.

Notwithstanding the foregoing, we may retain certain information for longer periods where required by law, regulation, or court order, or where necessary to exercise or defend legal claims. In such cases, access to retained information is restricted to personnel with a legitimate legal need.

9.3 Specific Retention Periods

  • Account and profile data: Deleted immediately upon verified account deletion request.
  • Child health and care logs: Deleted immediately upon verified account deletion request.
  • Voice, photos, video and audio recordings: Deleted upon completion of processing; not retained beyond the active session unless you have saved a recording within the App, in which case it is deleted with your account.
  • Usage and log data: Retained in identifiable form while your account is active; anonymized or deleted within 30 days of account deletion.
  • Support and communications records: Retained for the duration of the account and for a reasonable period thereafter as needed to resolve any open matters.
  • Anonymized and aggregated data: Retained indefinitely; this data does not constitute personal information.
  • Legal hold data: Retained for the duration of any applicable legal hold, after which normal retention schedules apply.

9.4 How to Request Deletion

You may request deletion of your account and personal information by navigating to Settings within the App or by contacting us at support@saykiri.com. We will confirm receipt of your request and complete deletion within 30 days. We may ask you to verify your identity before processing a deletion request.

10. Data Security

We implement and maintain a comprehensive information security program that includes administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, loss, or destruction. Our measures include, without limitation:

  • Encryption of data in transit using TLS 1.2 or higher
  • Encryption of sensitive data at rest using AES-256 or equivalent standards
  • Role-based access controls limiting access to personal information to authorized personnel
  • Multi-factor authentication for systems accessing personal information
  • Regular security assessments, penetration testing, and vulnerability scanning
  • Audit logging and monitoring for anomaly and intrusion detection
  • Written incident response and business continuity procedures
  • Contractual security requirements for all third-party vendors handling user data

No method of electronic transmission or storage is completely secure. We do not guarantee the absolute security of your information. In the event of a data breach affecting your personal information, we will notify you and any required regulatory authorities in accordance with applicable law and within legally required timeframes.

In the event of a breach involving health-related personal information subject to the FTC Health Breach Notification Rule, we will provide required notifications within sixty (60) days of discovery, or within any shorter period required by applicable state law.

11. Your Rights and Choices

Depending on your jurisdiction, you may have rights with respect to your personal information as described below. We will respond to verifiable requests within the timeframes required by applicable law.

11.1 Rights Available to All Users

  • Right to Access: You may request a copy of the personal information we hold about you.
  • Right to Correction: You may request that we correct inaccurate or incomplete personal information.
  • Right to Deletion: You may request deletion of your account and personal information, as described in Section 9.
  • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Right to Opt Out of Marketing: You may opt out of promotional communications at any time using the unsubscribe link in any marketing email or by contacting us.

11.2 California Residents: Voluntary CCPA/CPRA Commitments

Kiri is not currently subject to the California Consumer Privacy Act (CCPA) or California Privacy Rights Act (CPRA) based on our current size and revenue. However, as a matter of voluntary policy and in anticipation of future growth, we extend the following CCPA/CPRA-aligned rights to California residents:

  • Right to Know: The right to know the categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of third parties to whom we disclose it.
  • Right to Delete: The right to request deletion of personal information, subject to exceptions described in Section 9.
  • Right to Correct: The right to request correction of inaccurate personal information.
  • Right to Opt Out of Sale or Sharing: We do not sell personal information that directly identifies you. To measure the effectiveness of influencer marketing campaigns that drive app downloads, we use the TikTok conversion pixel, which fires only when you click the “Download Free on iOS” button on www.saykiri.com. This sends an anonymous conversion event to TikTok, which may use it for ad attribution, audience modeling, and retargeting under TikTok's privacy policy. Aside from this single conversion event, we do not engage in broad cross-context behavioral advertising and do not transmit your activity to ad networks. We honor GPC signals as opt-out requests.
  • Right to Limit Sensitive Personal Information: We limit our use of sensitive personal information to the purposes disclosed in this Policy.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of the rights described in this Policy.
  • Automated Decision-Making: AI-generated outputs in the Services are informational only and do not constitute final automated decisions. As CPPA rulemaking on automated decision-making technologies is finalized, we will implement any required disclosures and opt-out mechanisms.

To submit a request, contact us at support@saykiri.com. We may verify your identity before processing your request. You may designate an authorized agent to submit requests on your behalf with appropriate written authorization.

11.3 Residents of Other U.S. States

Residents of Connecticut, Virginia, Colorado, Texas, Utah, Nevada, and other states with comprehensive consumer privacy laws may have analogous rights under those laws, including rights to access, correct, delete, and opt out of certain processing. We will honor such rights to the extent required by applicable state law. Contact us at support@saykiri.com.

11.4 In-App Controls

You may access, correct, update, or delete your account information directly through the App's Settings menu. Account deletion through the App initiates the 30-day deletion process described in Section 9.

12. International Data Transfers

Presence Health, Inc. is headquartered in the United States. The Services are operated primarily from the United States. By using the Services, you acknowledge that your personal information will be transferred to, stored, and processed in the United States and, where our service providers operate, potentially in other jurisdictions.

If you access the Services from outside the United States, including from the European Economic Area, the United Kingdom, or other jurisdictions with data protection laws that differ from those of the United States, the laws of the United States may not afford the same level of protection as those of your home jurisdiction. Where applicable law requires, we implement appropriate transfer safeguards, which may include Standard Contractual Clauses or other legally recognized mechanisms. Inquiries regarding transfer mechanisms may be directed to support@saykiri.com.

13. Third-Party Links and Integrations

The Services may contain links to, or integrations with, third-party websites or services not owned or controlled by Kiri. This Policy does not apply to those third-party services. We assume no responsibility for the content, privacy practices, or security of any third party. We encourage you to review the privacy policy of each third-party service you access through the Services.

Third-party integrations you affirmatively connect to your account may enable those parties to access information from your account as described in their own privacy policies. You may disconnect integrations at any time through App settings.

14. Liability Limitations and Disclaimers

THE FOLLOWING PROVISIONS MATERIALLY AFFECT YOUR LEGAL RIGHTS. PLEASE READ THEM CAREFULLY.

14.1 No Medical Advice

THE SERVICES, INCLUDING ALL AI-GENERATED OUTPUTS, INSIGHTS, SUMMARIES, AND INFORMATIONAL CONTENT, ARE PROVIDED FOR TRACKING AND INFORMATIONAL PURPOSES ONLY. NOTHING IN THE SERVICES CONSTITUTES, OR IS INTENDED TO CONSTITUTE, PROFESSIONAL MEDICAL ADVICE, CLINICAL DIAGNOSIS, PROGNOSIS, OR TREATMENT RECOMMENDATIONS. YOUR USE OF THE SERVICES DOES NOT ESTABLISH A PHYSICIAN-PATIENT RELATIONSHIP OR ANY OTHER PROFESSIONAL HEALTHCARE RELATIONSHIP BETWEEN YOU AND KIRI. ALWAYS CONSULT A QUALIFIED, LICENSED HEALTHCARE PROFESSIONAL REGARDING ANY MEDICAL CONDITION, SYMPTOM, TREATMENT, OR MEDICATION.

14.2 No Warranty

THE SERVICES, INCLUDING ALL AI-GENERATED OUTPUTS, ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS WITHOUT WARRANTY OF ANY KIND. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, KIRI EXPRESSLY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING WITHOUT LIMITATION IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, NON-INFRINGEMENT, AND AVAILABILITY. KIRI DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, VIRUS-FREE, OR THAT DEFECTS WILL BE CORRECTED.

14.3 Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, KIRI'S TOTAL CUMULATIVE LIABILITY FOR ANY AND ALL CLAIMS ARISING UNDER OR RELATED TO THIS POLICY, INCLUDING ANY CLAIM RELATED TO UNAUTHORIZED ACCESS TO OR DISCLOSURE OF PERSONAL INFORMATION, SHALL NOT EXCEED THE GREATER OF (A) THE TOTAL AMOUNTS PAID BY YOU TO KIRI IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE CLAIM OR (B) ONE HUNDRED DOLLARS ($100.00). THIS LIMITATION APPLIES TO ALL THEORIES OF LIABILITY, INCLUDING CONTRACT, TORT (INCLUDING NEGLIGENCE AND STRICT LIABILITY), STATUTE, AND ANY OTHER LEGAL OR EQUITABLE THEORY, EVEN IF KIRI HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND EVEN IF A REMEDY FAILS OF ITS ESSENTIAL PURPOSE.

14.4 Exclusion of Consequential Damages

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL KIRI, ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, OR SERVICE PROVIDERS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOSS OF PROFITS, LOSS OF DATA, LOSS OF GOODWILL, BUSINESS INTERRUPTION, OR THE COST OF SUBSTITUTE SERVICES, ARISING OUT OF OR IN CONNECTION WITH THIS POLICY OR YOUR USE OF THE SERVICES, HOWEVER CAUSED.

14.5 Indemnification

You agree to defend, indemnify, and hold harmless Kiri, its affiliates, officers, directors, employees, agents, licensors, and service providers from and against any and all claims, liabilities, damages, judgments, awards, losses, costs, expenses, and fees (including reasonable attorneys' fees) arising out of or relating to: (a) your violation of this Policy; (b) your violation of any applicable law or regulation; (c) your negligence or willful misconduct; or (d) any third-party claim arising from your disclosure of information to such third party through the Services.

14.6 Alignment with Terms of Use

The limitations, disclaimers, and indemnification provisions in this Section are consistent with and supplemental to those in our Terms of Use. In the event of any conflict between this Policy and our Terms of Use with respect to liability matters applicable to privacy, the provision most protective of Kiri shall apply to the extent permitted by applicable law.

15. Changes to This Privacy Policy

We reserve the right to modify this Policy at any time at our sole discretion. If we make material changes, we will update the Effective Date at the top of this Policy and, where practicable, provide in-App notification or email notice to registered users. Changes are effective upon posting unless otherwise stated.

Your continued use of the Services following the posting of changes constitutes acceptance of the modified Policy. If you do not agree to the modified Policy, you must discontinue use of the Services. Where required by applicable law, we will seek renewed consent for significant changes affecting your privacy rights.

16. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, or to exercise any rights described in this Policy, please contact us:

Presence Health, Inc. d/b/a Kiri

Email: support@saykiri.com

Website: www.saykiri.com

We will acknowledge receipt of your request and respond within the timeframes required by applicable law. For account deletion requests, please see Section 9.4. For California CCPA/CPRA requests, you may also submit requests by emailing support@saykiri.com with the subject line "Privacy Rights Request."

If you are not satisfied with our response, you may have the right to lodge a complaint with the relevant data protection authority in your jurisdiction, including the California Privacy Protection Agency (CPPA) for California residents.

© 2026 Presence Health, Inc. d/b/a Kiri. All rights reserved. | Version 4.0 | Effective May 13, 2026

Changes in Version 4.0: Added disclosure of website analytics and conversion tracking (PostHog product analytics, Google Tag Manager, Google Analytics 4, and TikTok conversion pixel) in Sections 3.3 and 3.4. Reframed the cross-context behavioral advertising language in Section 11.2 to acknowledge the TikTok download conversion pixel. No changes to data the Kiri app collects.

Questions about this policy? Contact us