Keensight Health Privacy Policy

Last Updated: March 25, 2026

Keensight Health, Inc. ("Keensight Health," "we," "us," or "our") respects your privacy and is committed to protecting personal information. This Privacy Policy explains how we collect, use, disclose, and otherwise process personal information in connection with our websites, applications, products, and services.

This Privacy Policy is designed to address the main ways people interact with Keensight Health today, including:

• visitors to our public-facing websites and landing pages;
• people who request a demo, sign up for early access, download educational materials, register for events, or otherwise communicate with us;
• individual users who create accounts to use the Keensight Health educational application or other self-serve educational or training offerings; and
• learners, educators, trainers, and other authorized users whose access to the Services is provisioned by a university, training program, employer, or other organization that has purchased or otherwise obtained access to Keensight Health products and services.

Important Educational Use Disclaimer. Keensight Health's educational applications are intended solely for training, simulation, coaching, and educational purposes. They are not designed to provide medical advice, diagnosis, or treatment, and they should not be used to make decisions about an actual person's care.

1. Applicability and Important Distinctions

(a) This Privacy Policy applies to website, marketing, account, and self-service educational product data.

This Privacy Policy applies to personal information we collect directly from you or about you when you:

• visit our websites;
• complete web forms, request a demo, or sign up for updates;
• communicate with us by email, phone, text, or other channels;
• create or use a self-service account for a Keensight Health educational application or another self-serve educational or training offering; or
• create an account or otherwise interact with our products and services in a manner not exclusively governed by a separate agreement with a customer organization.

(b) Organization-controlled data may be governed by separate customer agreements.

When a university, school, residency program, training program, employer, or other organization (each, an "Organization") uses Keensight Health products or services under a master software agreement, order form, data processing addendum, or similar agreement (collectively, a "Customer Agreement"), Keensight Health may process information on behalf of that Organization, including information submitted by or for the Organization through the Services ("Customer Data").

Where Keensight Health processes Customer Data on behalf of an Organization, our processing of that information is governed by the applicable Customer Agreement. In those cases, the Organization generally controls how that information is used as part of its training, education, workforce development, or internal operations, and requests relating to such information should generally be directed to that Organization.

(c) This policy is education-first and does not describe patient-care workflows.

This Privacy Policy is intended to describe Keensight Health's educational and training offerings, including simulated scenarios, role plays, coaching, feedback, and related product features. It does not describe a patient-care notice of privacy practices, and it should not be read as a representation that a particular product is intended for clinical care use.

(d) Separate terms may apply.

Your use of certain Keensight Health products or services may also be subject to separate terms of use, product terms, or customer agreements. If there is a conflict between this Privacy Policy and an applicable Customer Agreement with an Organization that controls your account or data, the Customer Agreement will control with respect to Customer Data processed on that Organization's behalf.

2. Information We Collect

The personal information we collect depends on how you interact with Keensight Health.

(a) Information you provide directly.

We may collect personal information you provide directly to us, such as:

• name;
• email address;
• phone number;
• employer, school, or organization name;
• title, role, specialty, department, program, or professional background;
• account credentials and profile information;
• billing or payment-related information, if you purchase a self-serve offering, including information collected and processed through Stripe or another payment processor;
• communications you send to us, such as questions, support requests, survey responses, and feedback; and
• any other information you choose to provide through web forms, emails, support channels, or other interactions.

Examples include when you:

• request a demo;
• sign up for early access, newsletters, or marketing communications;
• download educational content or register for an event or webinar;
• create an account for an educational application;
• communicate with us about our products or services; or
• submit feedback or respond to surveys.

(b) Information we collect when you use our websites and online services.

When you visit our websites or interact with our online services, we may automatically collect information such as:

• IP address;
• browser type and version;
• device identifiers and operating system information;
• pages viewed, referring pages, links clicked, and other usage information;
• dates, times, and duration of visits or sessions;
• approximate location derived from IP address; and
• information collected through cookies, pixels, local storage, and similar technologies.

We currently use technologies and service providers such as Google Analytics and HubSpot to help us understand website usage, manage communications and marketing workflows, and improve our websites and outreach efforts.

(c) Information we collect for self-serve educational and training products.

If you create or use a self-serve account for a Keensight Health educational or training product, we may collect information such as:

• account registration and profile information;
• training usage information;
• simulated role-play activity information;
• audio, transcripts, conversation data, prompts, responses, and related outputs generated in connection with simulated educational role plays or training interactions, where applicable;
• performance, feedback, scoring, and coaching-related outputs; and
• support, troubleshooting, and service-usage information.

(d) Information we collect for Organization-provisioned users.

If your access to Keensight Health products or services is provisioned by an Organization, we may collect account, profile, and service-usage information associated with your use of the Services, such as:

• your name, work or school email address, title, department, program, or organization affiliation;
• authentication or single sign-on information;
• device, browser, session, and log information;
• usage, support, and product performance information; and
• other information submitted to or generated through the Services as described in the applicable Customer Agreement.

(e) Information from third parties.

We may receive personal information from third parties, such as:

• organizations that provision or administer your access to Keensight Health products or services;
• business partners, referral partners, event sponsors, or co-marketing partners;
• analytics and marketing providers;
• identity, authentication, payment, or fraud-prevention providers; and
• publicly available sources such as professional networking sites or public registries, where permitted by law.

3. How We Use Personal Information

We may use personal information for the following purposes, as applicable:

• to provide, operate, maintain, support, secure, and improve our websites, products, and services;
• to create, manage, authenticate, and administer accounts;
• to enable simulated scenarios, role plays, coaching, scoring, feedback, and other educational features;
• to respond to inquiries, demo requests, support requests, and other communications;
• to send service-related, administrative, educational, onboarding, security, and support communications;
• to send marketing communications, newsletters, updates, event invitations, and other promotional materials, subject to applicable law and your choices;
• to personalize your experience with our websites, products, and services;
• to process transactions and manage billing for self-serve offerings, where applicable;
• to analyze website and product usage, performance, trends, and effectiveness;
• to conduct research and development, quality assurance, testing, and product improvement;
• to measure and improve the effectiveness of our marketing and outreach efforts;
• to enforce our agreements, terms, and policies;
• to detect, investigate, prevent, and address fraud, abuse, security incidents, and other harmful, unauthorized, or unlawful activity;
• to comply with legal, regulatory, contractual, and professional obligations; and
• for other purposes disclosed at the time of collection or otherwise permitted by law.

4. AI Features and Transparency

Some Keensight Health products and services use third-party artificial intelligence and machine-learning models to support simulated conversations, create transcripts, generate summaries, provide feedback or coaching observations, score training interactions, and support related features.

To provide these features, we may share the content reasonably necessary for those tools to work with service providers that help us operate AI-enabled functionality. Depending on the product and workflow, that content may include prompts, responses, audio, transcripts, conversation data, and related outputs from simulated educational interactions. These service providers may process this information only on our behalf, under written agreements that restrict their use of the information, require appropriate confidentiality and security protections, and prohibit unauthorized secondary use except as permitted by applicable law and contract.

We do not use your content to train our own AI models. We also seek to configure third-party AI service providers used for our Services so that customer content is not used to train their generalized models, except where a different arrangement is clearly disclosed and expressly agreed to.

AI-generated outputs may be inaccurate, incomplete, inconsistent, or inappropriate for a particular educational context. For that reason, AI-generated feedback, summaries, transcripts, scores, and simulations should be reviewed and used as educational support tools rather than as the sole basis for academic, employment, disciplinary, credentialing, clinical, or other consequential decisions. We may use automated and manual quality-assurance measures designed to identify and reduce unsafe, low-quality, or clearly erroneous outputs, but we do not guarantee that AI outputs will always be error-free.

We apply data minimization practices to AI-enabled workflows. This means we are designed to limit the personal information shared with AI service providers and internal reviewers to what is reasonably necessary for the relevant feature or operational purpose, and to avoid using identifiable content for product improvement where aggregated, de-identified, or otherwise non-identifiable information will reasonably suffice.

We may review and analyze transcripts, recordings, responses, and other content from simulated role-play sessions to better understand where learners commonly struggle, improve the quality of feedback and scoring, refine AI patient simulations, create new training scenarios or product features, provide support, troubleshoot problems, maintain security, investigate misuse, enforce our terms, or comply with legal obligations. Any review of identifiable content is limited to authorized personnel and contractors with a legitimate need to know, such as trained product, support, trust and safety, security, or engineering personnel, and is subject to role-based access controls, confidentiality obligations, least-privilege access restrictions, logging and monitoring, and periodic access review procedures. We do not permit broad or unrestricted employee access to transcripts or recordings.

Human oversight is used where we determine it is appropriate for quality assurance, safety, support, misuse investigation, model or feature evaluation, or other operational review. Where feasible and appropriate, we seek to use de-identified, redacted, sampled, or otherwise limited datasets for those purposes instead of full identifiable session content.

For product improvement, analytics, quality assurance, safety, and performance, we use aggregated, de-identified, or otherwise non-identifiable information whenever reasonably possible. We only use identifiable content for limited operational purposes where such use is reasonably necessary and subject to the controls described above.

Unless a different period is required by law, contract, or a documented business need, we retain role-play transcripts, audio, and related training interaction data for up to 12 months after collection and then delete or de-identify it according to our retention practices. We may retain aggregated or de-identified information for longer to support analytics, product improvement, security, and service performance.

5. How We Disclose Personal Information

We may disclose personal information to the following categories of recipients, as applicable:

(a) Service providers and vendors.

We may disclose personal information to vendors, contractors, and service providers that help us operate our business and provide our websites, products, and services, such as providers of:

• hosting, cloud infrastructure, and storage (for example, Microsoft Azure);
• analytics and diagnostics (for example, Google Analytics);
• customer relationship management, email, and communications tools (for example, HubSpot);
• payment processing (for example, Stripe);
• authentication and identity management;
• support and ticketing;
• security, logging, and fraud prevention;
• artificial intelligence and model infrastructure providers (for example, OpenAI or similar vendors used to power product features); and
• other business operations support.

We disclose personal information to these service providers only as reasonably necessary for them to perform services on our behalf and subject to appropriate contractual or legal safeguards.

(b) Organizations that provision or administer access.

If your account or access is provisioned, sponsored, or managed by an Organization, we may disclose personal information and service-related information to that Organization to the extent permitted by law and the applicable Customer Agreement, including for account administration, service delivery, billing, support, usage reporting, security, and compliance.

(c) Business partners and event partners.

We may disclose personal information to business partners, event sponsors, co-marketing partners, or referral partners where appropriate in connection with programs, events, content offers, joint outreach, or related business activities, subject to applicable law and any notice provided at the time of collection.

(d) Professional advisors and legal recipients.

We may disclose personal information to our professional advisors, such as lawyers, auditors, accountants, insurers, and bankers, where necessary in the course of the professional services they provide.

We may also disclose personal information to courts, regulators, law enforcement, government authorities, or other third parties when we believe disclosure is necessary to comply with law, protect rights or safety, investigate fraud or misuse, enforce our agreements, or respond to legal process.

(e) Corporate transactions.

We may disclose personal information in connection with an actual or contemplated merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or other corporate transaction, including during due diligence.

(f) With your direction or consent.

We may disclose personal information to other third parties at your direction or with your consent.

6. Cookies and Similar Technologies

We and our service providers may use cookies, pixels, local storage, and similar technologies to operate our websites and online services, remember preferences, maintain sessions, understand usage patterns, improve performance, and support analytics and marketing communications.

For example, we may use Google Analytics to measure and analyze website traffic and usage patterns, and HubSpot to support website forms, marketing automation, communications, and related analytics.

At this time, we do not use personal information for targeted advertising or cross-context behavioral advertising, and we do not sell personal information for advertising purposes.

Depending on the technologies we use and your jurisdiction, you may be able to manage your cookie preferences through your browser settings, any cookie banner or preference tool we make available, or the opt-out mechanisms described below.

7. Marketing Communications

We may send you marketing, educational, promotional, or event-related communications where permitted by law. You may opt out of marketing emails by using the unsubscribe link in the email or by contacting us.

8. De-Identified and Aggregated Information

We may create, use, and disclose de-identified, anonymized, or aggregated information derived from personal information or service usage information for lawful purposes, including analytics, product improvement, benchmarking, research, quality assurance, security, operations, and business reporting, provided that such information does not identify, and cannot reasonably be used to identify, an individual.

Where we process Customer Data on behalf of an Organization, our creation and use of de-identified or aggregated information remains subject to the applicable Customer Agreement.

9. Data Retention

We retain personal information for only as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Unless a different period is required by law or a Customer Agreement, we generally retain the following categories of information for the periods below:

• website analytics information: up to 12 months;
• demo requests, marketing contact information, and event registration information: until you opt out or for up to 12 months after our last meaningful interaction;
• self-serve account registration and profile information: while your account is active and for up to 12 months after account closure or prolonged inactivity;
• training data, including simulated role-play audio, transcripts, conversation data, and generated feedback: up to 12 months after creation, unless deleted sooner through available product settings or support processes;
• support and troubleshooting records: up to 12 months after the issue is closed; and
• billing and transaction records: for as long as reasonably necessary to comply with legal, tax, accounting, and audit obligations.

Where we process Customer Data on behalf of an Organization, retention and deletion of that data are governed by the applicable Customer Agreement.

10. Security

We use administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, use, disclosure, alteration, and destruction. However, no security measure is perfect or impenetrable, and we cannot guarantee absolute security.

If you believe your account or personal information has been compromised, please contact us promptly using the contact information below.

11. Your Privacy Rights and Choices

Depending on where you live and the nature of our relationship with you, you may have rights regarding your personal information, such as the right to:

• know or access the personal information we maintain about you;
• request correction of inaccurate personal information;
• request deletion of personal information;
• object to or limit certain processing;
• withdraw consent where our processing is based on consent;
• opt out of marketing communications;
• opt out of certain targeted advertising, profiling, or data-sharing practices, where applicable; and
• request portability of certain personal information, where applicable.

You may exercise applicable rights by contacting us using the contact information below.

Please note:

• we may need to verify your identity before responding to a request;
• some rights may be limited by law or subject to exceptions;
• if your personal information is controlled by an Organization that uses Keensight Health under a Customer Agreement, you should direct your request to that Organization in the first instance; and
• if we process your information solely on behalf of an Organization, we may refer your request to that Organization or act only on its instructions.

You may also designate an authorized agent to make certain requests on your behalf where permitted by law.

California Privacy Rights

If you are a California resident, you may have rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the "CCPA"), including the right to request:

• access to or knowledge of the personal information we have collected about you;
• correction of inaccurate personal information;
• deletion of personal information, subject to exceptions;
• portability of certain personal information;
• information about the categories of personal information we collect, the categories of sources from which we collect it, the business or commercial purposes for collection, use, and disclosure, and the categories of third parties to whom we disclose it; and
• to opt out of the sale or sharing of personal information, if applicable.

California residents may also have the right to limit the use and disclosure of sensitive personal information in certain circumstances.

We do not sell personal information and we do not share personal information for cross-context behavioral advertising.

We do not discriminate against individuals for exercising applicable privacy rights.

If we are required to recognize browser-based opt-out preference signals, such as the Global Privacy Control (GPC), we will do so in accordance with applicable law.

California residents may exercise applicable rights by contacting us at Legal@keensighthealth.com or through any request mechanism we make available.

12. Children and Minors

Our websites, products, and services are not directed to children under 13, and we do not knowingly collect personal information from children under 13 except as permitted by law.

Keensight Health educational applications and other self-serve educational offerings are intended only for individuals who are 18 years of age or older.

If you believe we have collected personal information from a child or minor in a manner not permitted by law, please contact us.

13. International Data Transfers

Keensight Health is based in the United States and may process personal information in the United States and other countries where we or our service providers operate. Those countries may have data protection laws that differ from the laws of your jurisdiction.

Where required by applicable law, we will use appropriate safeguards for cross-border transfers of personal information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated Privacy Policy and update the "Last Updated" date above. Where required by law, we will provide additional notice.

15. Contact Us

If you have questions about this Privacy Policy or our privacy practices, or if you would like to exercise applicable privacy rights, please contact us at:

Keensight Health, Inc.4228 146th Ave SE Bellevue, WA 98006 Legal@keensighthealth.com