Privacy Policy

1. INTRODUCTION AND SCOPE

1.1 Welcome to Hikigai

Welcome to Hikigai. We are committed to protecting your privacy and handling your personal information with care and transparency. This Privacy Policy describes our practices concerning the collection, use, disclosure, and protection of information when you use our medication adherence platform and related services.

1.2 Services Covered

This Privacy Policy applies to:

• Hikigai Mobile Applications for iOS and Android devices (the "Patient App")
• Hikigai Web Portal for healthcare providers and clinicians (the "Clinician Portal")
• SMS and Voice Reminder Services
• Electronic Health Record (EHR) Integration Services
• Any other services, features, or functionalities we provide (collectively, the "Services")

1.3 Geographic Scope

Our Services are designed for and intended to be used within the United States and India. This Privacy Policy applies to users accessing our Services from within the United States and India. If you access our Services from outside the United States or India, you do so at your own risk and are responsible for compliance with local laws. By using our Services from outside the United States or India, you acknowledge and consent to the transfer and processing of your information in the United States / India.

1.4 Agreement to This Policy

By creating an account, downloading our mobile application, accessing our web portal, or using any of our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this Privacy Policy, please do not use our Services.

1.5 Relationship to Other Agreements

This Privacy Policy works in conjunction with:

• Our Terms of Service
• Any Business Associate Agreements (BAAs) between Hikigai and your healthcare provider
• Any additional consents you provide for specific features or services

In the event of a conflict between this Privacy Policy and a BAA, the BAA shall control with respect to Protected Health Information.

2. WHO WE ARE AND HOW TO CONTACT US

2.1 About Hikigai

Hikigai is a healthcare technology company that provides AI based Healthcare solutions. We develop and maintain mobile and web applications that help patients and doctors for better care and treatment.

Legal Name: Hikigai, Inc.

Business Address: Novi, Michigan, United States

2.2 Contact Information

For questions, concerns, or requests related to this Privacy Policy or our privacy practices:

General Privacy Inquiries:

• Email: info@hikigai.ai
• Address: Hikigai, Inc., Novi, Michigan, USA

We will respond to your inquiry within 30 days for general privacy matters and within the timeframes required by applicable law for formal rights requests.

3. IMPORTANT DEFINITIONS

To help you understand this Privacy Policy, here are key terms we use:

• "Personal Information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.
• "Protected Health Information" or "PHI" means individually identifiable health information that is created, received, maintained, or transmitted by us in electronic, paper, or oral form, and that relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or payment for health care, as defined under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
• "De-identified Information" means information that has been modified to remove all identifiers that could be used to identify an individual, in accordance with HIPAA de-identification standards.
• "Aggregated Information" means information that has been combined with information about other users and from which individual identities have been removed, such that the information no longer identifies or is reasonably linkable to a particular individual.
• "Business Associate" means an entity that performs certain functions or activities on behalf of, or provides certain services to, a covered entity (such as your healthcare provider) that involve the use or disclosure of PHI, as defined under HIPAA.
• "Covered Entity" means a health plan, healthcare clearinghouse, or healthcare provider that transmits health information electronically, as defined under HIPAA.
• "Service Provider" means an entity that processes personal information on behalf of a business for a business purpose, as defined under applicable state privacy laws such as the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
• "You," "Your," or "User" refers to the individual using our Services, whether as a patient, caregiver, or authorized representative.

4. OUR ROLE: BUSINESS ASSOCIATE, SERVICE PROVIDER, AND CONTROLLER

Understanding our role in handling your information is important because it determines our obligations and your rights.

4.1 As a HIPAA Business Associate

When your healthcare provider uses Hikigai to manage your medication adherence, we act as a Business Associate to that healthcare provider (the Covered Entity). In this role:

• We handle your PHI on behalf of and under the direction of your healthcare provider
• We are bound by a Business Associate Agreement (BAA) with your provider
• We must comply with HIPAA Privacy and Security Rules
• Your healthcare provider remains the primary controller of your PHI
• Your provider determines what PHI is shared with us and for what purposes
• You exercise most of your HIPAA rights through your healthcare provider

Examples of PHI we handle as a Business Associate:

• Prescribed medication information received from your provider's EHR
• Clinical notes and instructions related to your medication regimen
• Diagnosis or problem list information used for safety checks
• Allergy information used for contraindication warnings
• Adherence data that we report back to your provider

4.2 As a Service Provider Under State Privacy Laws

For personal information we collect directly from you for our own operational purposes (such as account creation, app functionality, analytics, and customer support), we may act as a Service Provider under state privacy laws like California's CCPA/CPRA. In this role:

• We process personal information on your behalf for specific business purposes
• We are contractually restricted in how we can use this information
• We cannot sell or share your personal information for cross-context behavioral advertising
• We cannot retain, use, or disclose your personal information for any purpose other than performing our services

4.3 As a Controller/Business

For certain activities, we act as a Controller or Business (under various privacy frameworks), making independent decisions about how personal information is processed. This includes:

• Determining how to implement and improve our Services
• Conducting our own analytics to enhance user experience
• Managing customer relationships and providing support
• Ensuring security and preventing fraud
• Complying with legal obligations

In these situations, you have direct privacy rights against us as described in Section 9 and Section 14 of this Policy.

4.4 Dual Roles and Context

Because we operate in multiple capacities, the same piece of information might be governed by different rules depending on the context:

Example: Your medication list received from your provider's EHR is PHI governed by HIPAA and our BAA. However, your app usage patterns and device information we collect directly from your device may be personal information governed by state consumer privacy laws.

We maintain appropriate technical and organizational measures to ensure each type of information is handled according to the applicable legal framework.

5. INFORMATION WE COLLECT

We collect several categories of information to provide, maintain, and improve our Services. The information we collect depends on how you use our Services and your settings.

5.1 Information You Provide Directly to Us

A. Account and Profile Information

When you create an account or update your profile, we collect:

• Full name (first name, last name, middle initial)
• Email address (for account access, notifications, and communications)
• Mobile phone number (for SMS reminders, voice calls, and account security)
• Date of birth (to verify age eligibility and personalize reminders)
• Account credentials (username, password hash - we never store passwords in plain text)
• Display initials or nickname (for personalized in-app messages)
• Profile photo (optional, for account personalization)
• Time zone and preferred language
• Accessibility preferences (such as text size, screen reader compatibility settings)

B. Medication Management Inputs

To help you manage your medications, we collect:

• User-initiated medication entries (if you manually add medications not prescribed through integrated providers)
• Adherence tracking actions:
  • Marking doses as taken, skipped, or missed
  • Recording actual time of dose administration
  • Notes or comments about why a dose was missed
• Photos of medications (if you choose to use this feature for identification)
• Reminder preferences:
  • Preferred reminder channels (push notification, SMS, voice call, in-app alarm)
  • Reminder timing preferences (e.g., 15 minutes before, at time of dose)
  • Snooze duration settings
  • Do Not Disturb time windows
  • Content sensitivity settings (whether to include medication names in reminders)
• Refill reminders and pharmacy information (if you choose to use this feature)
• Custom schedules or modifications to reminder timing

5.2 Information We Receive from Your Healthcare Provider

A. EHR Integration Data

When your healthcare provider uses Hikigai and integrates our Services with their Electronic Health Record (EHR) system, we receive clinical information including:

Medication Information:

• Drug name (generic and brand names)
• National Drug Code (NDC) if available
• Strength and dosage
• Route of administration (oral, topical, injection, etc.)
• Frequency and timing instructions
• Quantity prescribed
• Number of refills
• Start date and end date (if applicable)
• Specific administration instructions (e.g., "take with food")
• Indication (condition being treated)
• Prescriber information (name, NPI, contact information)

Clinical Context:

• Diagnosis/problem list (only if necessary for medication safety features, such as checking for contraindications or providing context-appropriate reminders)
• Allergy information (to enable drug-allergy interaction warnings)
• Active conditions (that may affect medication timing or interactions)
• Recent lab results (only if specifically relevant to medication monitoring, such as INR levels for warfarin)
• Encounter information (date of visit, visit type, ordering provider)

EHR Identifiers:

• Patient identifier in the provider's system
• Medical Record Number (MRN)
• Encounter ID

Integration Technical Data:

• FHIR resource IDs
• HL7 message segments (for legacy integrations)
• Synchronization timestamps
• Data mapping logs (to ensure accurate data transfer)

B. Provider Communications

We may receive:

• Updates or modifications to your medication regimen
• Clinical notes specifically flagged for adherence monitoring
• Prior authorization or insurance information (if relevant to medication access)
• Provider instructions about how to configure your reminders

5.3 Information Collected Automatically from Your Device

A. Device and Technical Information

When you use our mobile app or web portal, we automatically collect:

Device Identifiers:

• Device ID or advertising identifier (IDFA for iOS, AAID for Android)
• Device model and manufacturer
• Operating system and version
• Screen resolution and display settings
• Device language settings
• Mobile network carrier name

App Information:

• Hikigai app version
• App installation date
• App session start/end times
• Session duration
• Features used during each session

Geolocation Data:

• Coarse location (city, state level) derived from IP address or network information
• Time zone (to ensure reminders are delivered at correct local times)
• GPS coordinates (only if you explicitly grant location permission for a feature like finding nearby pharmacies)

We do NOT continuously track your precise location. Any precise location data is collected only when you actively use a location-based feature and have granted permission.

B. App Usage and Interaction Data

To understand how you use our Services and improve your experience:

• Pages or screens viewed within the app
• Features accessed (e.g., adherence calendar, medication list, reports)
• Buttons clicked or tapped
• Time spent on each screen
• Navigation paths (how you move through the app)
• Search queries within the app
• Notification interaction (opened, dismissed, snoozed)
• Frequency of app opens
• Settings changes you make

C. Performance and Diagnostic Data

To maintain and improve app stability and performance:

• Crash reports (including stack traces, memory usage, device state at time of crash)
• Error logs (application errors, failed operations)
• Performance metrics (app load times, response times, battery usage)
• API call success/failure rates
• Network latency measurements

These reports are automatically generated and may contain technical information about your device and app state, but are designed to minimize personal information.

5.4 Information from Third-Party Integrations

A. Health Platforms and Wearables (Optional)

If you choose to connect third-party health platforms or wearable devices to Hikigai, we may collect:

From Apple Health:

• Steps taken
• Sleep data (duration, quality)
• Heart rate measurements
• Activity levels
• Other health metrics you explicitly authorize

From Google Fit / Samsung Health:

• Similar fitness and activity data
• Workout information
• Biometric data you choose to share

From Wearable Devices (e.g., Fitbit, Garmin, Apple Watch):

• Activity tracking data
• Sleep patterns
• Heart rate variability
• Medication reminder confirmations (if supported by the device)

Important: These integrations are entirely optional. You control exactly what data is shared through the respective platform's permission settings. We only access data that you explicitly authorize, and we use it solely to provide enhanced adherence insights (for example, correlating sleep quality with adherence patterns).

B. Pharmacy Integrations (Future Feature)

If and when we integrate with pharmacy systems (currently not available), we may collect:

• Prescription fill and refill dates
• Medication pick-up status
• Remaining refills
• Pharmacy contact information

5.5 SMS and Voice Communication Data

A. Message Delivery Information

For SMS and voice reminders, we collect:

• Phone number (recipient)
• Message delivery status (sent, delivered, failed, undelivered)
• Delivery timestamps
• Carrier information
• Opt-out requests (STOP messages)
• Help requests (HELP messages)

B. Content and Sensitivity

Default (Sensitive Content Concealed):

• By default, our SMS and voice reminders do NOT include sensitive details like specific medication names
• Example: "It's time for your medication" or "Reminder: Take your 2:00 PM dose"

Opt-In (Full Content):

• If you explicitly opt in, we will include medication names and instructions
• Example: "Time to take your Lisinopril 10mg"

Minimal Content Logging:

• We maintain minimal logs of message content as required by telecommunications carriers and for troubleshooting
• These logs are encrypted and retained only as long as necessary
• We do not analyze message content for marketing or non-service purposes

5.6 Cookies and Similar Technologies (Web Portal)

Our web portal (primarily used by clinicians) uses cookies and similar technologies:

A. Strictly Necessary Cookies

These cookies are essential for the website to function and cannot be disabled:

• Session cookies (to keep you logged in)
• Authentication tokens (to verify your identity)
• Load balancing cookies (to optimize performance)
• Security cookies (to detect abuse and protect against CSRF attacks)

B. Analytical Cookies (with Your Consent)

With your consent, we use analytics cookies to understand how our web portal is used:

• Usage statistics (pages visited, time on site, bounce rate)
• Performance monitoring (page load times, error rates)
• Feature usage (which tools and reports clinicians use most)

We use privacy-friendly analytics services and, where possible, anonymize or pseudonymize this data.

C. Third-Party Cookies

We limit third-party cookies to essential services:

• Content Delivery Network (CDN) cookies (to deliver assets efficiently)
• Video player cookies (if we embed tutorial videos)

We do not allow advertising or social media tracking cookies.

Managing Cookies: You can control cookies through your browser settings. However, disabling necessary cookies may prevent you from using certain features of our web portal. See Section 15 for more details.

5.7 Information We Do NOT Collect

To be transparent about our data practices, here are types of information we do NOT collect:

• Detailed financial information (credit card numbers, bank accounts) — payments, if any, are processed by third-party payment processors
• Genetic or biometric information (fingerprints, facial recognition, DNA) except for device-level biometric authentication (which stays on your device)
• Contents of your other apps or personal files on your device
• Contact lists unless you explicitly provide caregiver contacts
• Social media account information (we don't require or integrate with social media)
• Browsing history outside of our Services

6. HOW WE USE YOUR INFORMATION

We use the information we collect to provide, maintain, improve, and protect our Services. Here's a detailed breakdown of our uses:

6.1 Core Service Delivery

To Provide Medication Reminders and Adherence Tracking:

• Delivering personalized reminders via push notifications, SMS, voice calls, or in-app alarms at the times you or your provider have specified
• Tracking whether you've taken, skipped, or missed doses
• Maintaining your medication schedule and adjusting for time zone changes
• Synchronizing your medication regimen with your healthcare provider's EHR in real-time
• Calculating and displaying adherence rates and patterns

To Personalize Your Experience:

• Customizing reminder content based on your sensitivity preferences
• Adapting the user interface based on your accessibility settings
• Suggesting optimal reminder times based on your adherence patterns (with AI-assisted insights)
• Providing relevant tips and educational content based on your medications

6.2 Safety and Clinical Decision Support

Medication Safety Features:

• Duplication checks: Identifying if you're prescribed multiple medications with the same active ingredient
• Interaction warnings: Alerting you and your provider to potential drug-drug interactions
• Contraindication alerts: Warning if a new medication conflicts with your documented conditions or allergies
• Dosing validation: Flagging unusual dosing schedules that may indicate an error
• Time-sensitive medication handling: Special protocols for medications that require precise timing (e.g., antibiotics, anticoagulants)

Clinical Data Synchronization:

• Reporting your adherence data back to your healthcare provider's EHR
• Updating your provider when you consistently miss doses or report side effects
• Flagging patterns that may require clinical intervention

6.3 Adherence Insights and Reporting

Visualizations and Analytics:

• Generating adherence calendars showing your medication-taking patterns
• Creating missed dose reports for your review and your provider's records
• Providing adherence percentage calculations (daily, weekly, monthly)
• Comparing adherence across multiple medications

Predictive Insights (AI-Powered):

• Identifying patterns associated with missed doses (e.g., time of day, day of week)
• Detecting early warning signs of adherence decline
• Suggesting behavioral interventions (e.g., habit stacking, reminder timing adjustments)
• Recommending proactive outreach by your care team when high-risk patterns emerge

6.4 Communication and Support

Customer Support:

• Responding to your inquiries, questions, and requests
• Troubleshooting technical issues you report
• Providing guidance on how to use features
• Investigating and resolving complaints

Service Notifications:

• Sending you important updates about our Services (e.g., scheduled maintenance, new features)
• Notifying you of changes to this Privacy Policy or our Terms of Service
• Alerting you to security issues affecting your account

6.5 Service Improvement and Development

Product Development:

• Analyzing how users interact with our app to identify usability issues
• Testing new features with user feedback
• Conducting A/B testing to optimize user experience (with appropriate privacy safeguards)
• Developing new functionalities based on user needs

Research and Analytics:

• Studying aggregated adherence patterns to understand broader trends (using only de-identified data)
• Evaluating the effectiveness of different reminder strategies
• Publishing research findings to advance the field of medication adherence (all published data is de-identified and aggregated)

Quality Assurance:

• Monitoring app performance and reliability
• Identifying and fixing bugs
• Optimizing server and database performance
• Ensuring cross-platform compatibility

6.6 Security, Fraud Prevention, and Legal Compliance

Security Measures:

• Investigating security incidents
• Enforcing our Terms of Service

Legal Obligations:

• Complying with applicable laws, regulations, and legal processes
• Responding to subpoenas, court orders, or lawful requests from authorities
• Enforcing our legal rights and defending against legal claims
• Cooperating with regulatory investigations when required

Regulatory Compliance:

• Meeting HIPAA Privacy and Security Rule requirements
• Complying with FDA regulations applicable to medical device software (if applicable)
• Adhering to TCPA requirements for SMS and voice communications
• Following state-specific privacy laws (CCPA, CPRA, CDPA, etc.)

6.7 Business Operations

Internal Operations:

• Managing our business operations and infrastructure
• Conducting financial and accounting activities
• Managing vendor and partner relationships
• Maintaining business continuity and disaster recovery plans

Business Transactions:

If we undergo a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred to the successor entity.

7. ARTIFICIAL INTELLIGENCE AND MACHINE LEARNING

Hikigai uses artificial intelligence (AI) and machine learning (ML) technologies to enhance medication adherence and provide personalized insights. We are committed to using AI responsibly, transparently, and in compliance with all applicable regulations.

7.1 How We Use AI

Adherence Pattern Recognition:

• Purpose: Detect patterns in your medication-taking behavior
• How it works: Our AI analyzes your adherence history to identify times of day, days of the week, or circumstances when you're most likely to miss doses
• Benefits: Enables proactive interventions and personalized reminder strategies

Predictive Risk Modeling:

• Purpose: Identify early warning signs of adherence decline
• How it works: ML models evaluate multiple factors (recent adherence trends, medication changes, missed appointments) to predict when you may be at risk of stopping your medications
• Benefits: Allows your care team to reach out proactively before adherence deteriorates significantly

Personalized Reminder Optimization:

• Purpose: Find the most effective reminder strategy for you
• How it works: AI evaluates which reminder types, timings, and content formats result in the highest adherence for individuals with similar characteristics
• Benefits: Increases effectiveness of reminders without requiring trial and error

Natural Language Processing (Limited Use):

• Purpose: Understand free-text notes you provide about missed doses
• How it works: NLP analyzes your notes (e.g., "forgot because of morning meeting") to categorize reasons for non-adherence
• Benefits: Helps identify addressable barriers to adherence

Smart Scheduling Suggestions:

• Purpose: Recommend medication schedule adjustments
• How it works: AI considers your typical daily routine, adherence patterns, and medication requirements to suggest optimal dosing times
• Benefits: Makes medication regimens more compatible with your lifestyle

7.2 AI Training and Your Data

PHI is NOT Used for General Model Training:

• We DO NOT use your Protected Health Information (PHI) to train general-purpose AI models.
• Your medication information, clinical data, and personal health details are never used to train models that would be deployed for other organizations or users

Use of De-Identified Data:

• De-identification is performed in accordance with HIPAA standards (Expert Determination or Safe Harbor method)
• De-identified data cannot reasonably be used to re-identify you

Internal AI Models:

• Our AI models are developed and deployed internally
• We do not share your data with third-party AI companies for model training
• Any third-party AI tools we use (e.g., for natural language understanding) are configured to prohibit data retention or model training

7.3 Human Oversight and AI Limitations

Human Review:

• You can always override AI suggestions and customize your settings

AI Limitations:

• AI models are not perfect and may occasionally produce incorrect predictions
• AI is a tool to augment, not replace, clinical judgment by your healthcare provider
• You should never rely solely on AI insights for medical decisions

Transparency:

• When AI influences your experience (e.g., suggested reminder times), we indicate that AI was involved
• You can view explanations for why certain recommendations were made (to the extent technically feasible)
• You can provide feedback on AI-generated insights to help improve accuracy

7.4 Your Control Over AI Features

Feedback Mechanisms:

• You can rate the usefulness of AI-generated suggestions
• You can report inaccurate or unhelpful AI outputs
• Your feedback helps us improve our models

7.5 Bias and Fairness

We are committed to ensuring our AI models are fair and do not perpetuate biases:

• Diverse Training Data: We strive to train models on diverse, representative datasets
• Bias Testing: We regularly test models for disparate impacts across different demographic groups
• Fairness Audits: We conduct periodic audits to ensure AI recommendations are equitable
• Continuous Improvement: We address identified biases through model refinement and updates

7.6 AI Governance

AI Ethics Committee:

• We maintain an internal committee that oversees AI development and deployment
• The committee reviews AI use cases for ethical considerations
• External advisors may be consulted for complex ethical questions

Regulatory Compliance:

• Our AI systems comply with applicable FDA regulations if they meet the definition of a medical device
• We adhere to emerging AI regulations and guidance from regulatory bodies
• We participate in industry initiatives to promote responsible AI use in healthcare

8. HOW WE SHARE AND DISCLOSE INFORMATION

We do not sell your Personal Information or PHI. However, we do share information in specific circumstances as described below. All sharing is governed by applicable laws including HIPAA, state privacy laws, and contractual obligations.

8.1 Sharing with Your Healthcare Provider

EHR Integration and Care Coordination:

• What we share: Adherence data (which doses were taken/missed, timing of doses, patterns of non-adherence), medication-related notes you provide, technical data about app usage related to your medication regimen
• Why we share: To enable your healthcare provider to monitor your progress, adjust treatment plans, and provide appropriate care
• Legal basis: HIPAA allows disclosure of PHI for treatment purposes; your provider's BAA with us governs this sharing
• Frequency: Real-time synchronization or periodic updates as configured by your provider

Provider Portal Access:

• Authorized clinicians at your healthcare organization can access your adherence information through our Clinician Portal
• Access is logged and limited to those with a legitimate treatment relationship with you
• Your provider determines which staff members have access

Clinical Alerts:

• We may automatically notify your provider of clinically significant events (e.g., consistent non-adherence to a critical medication, user-reported adverse effects)
• These alerts are configured based on your provider's preferences and clinical protocols