Kinrio is built for cancer caregiving, which means our product has to answer basic privacy questions clearly: what information it handles, who can see it, what controls you have, and where the boundaries are.
Account details: Sign-in identifiers and basic profile information needed to keep the right caregiver connected to the right patient.
Patient and care details: Diagnoses, treatments, symptoms, biomarkers, scans, care-team contacts, appointments, and shared notes.
Uploaded documents and AI interactions: Data processed when you use features like scan summaries, document extraction, or AI chat.
Verified sign-in: We use Firebase Authentication. The backend verifies ID tokens before any patient data is returned.
Strict API routing: The app does not talk directly to the database. Patient reads and writes go securely through the Kinrio API.
Patient-scoped access: Access is tied to a specific patient and checked against server-side care-circle permissions before data is returned or changed.
End-to-End Encryption: Kinrio uses encrypted connections between the app, backend, and cloud services.
Secure Offline Storage: On supported native devices, offline cache storage uses encrypted MMKV. If encrypted persistence is unavailable, Kinrio falls back to memory-only cache instead of writing Protected Health Information (PHI) to an unencrypted disk.
Patient information is shared only inside a specific care circle, not as a global family account.
Admin approvals: Joining a care circle can require admin approval. Patient admins can remove members or adjust permissions when roles change.
Tiered access: Kinrio supports role differences, such as full-control admin access and view-only observer access, so not everyone gets the same level of editing power.
Kinrio Plus AI features are patient-level and use the saved patient context to answer questions, summarize reports, and help with visit preparation. Document flows can extract drafts from files (like visit summaries or NGS reports) to populate your workspace faster.
Note: AI output is assistive only. It is not medical advice and should not replace clinician guidance. Your patient data and uploaded documents are never used to train our AI models.
This isn't just policy language; these are real, product-level tools:
Security history
Review account-level events and patient activity logs directly inside the app (where your role allows access).
Biometric lock
Available on supported native devices, using your device's biometric system plus secure storage.
Data export
Request an export directly from your settings. The backend will generate it and send a secure download link via email.
Delete flows
Destructive actions are explicit and scoped. You can delete your account sign-in separately from deleting patient data.
This page summarizes how Kinrio currently approaches privacy and security at the product level. It does not replace the official privacy policy, terms, or any formal legal commitments that govern use of the service. Those materials should be reviewed alongside this summary when available.
