Kyntos Privacy PolicyOperated by Automation Katalyst LLCLast updated: May 5, 2026
IntroductionThis Privacy Policy explains how Automation Katalyst LLC ("Kyntos," "we," "us," or "our") collects, uses, discloses, and protects information about you when you use the Kyntos mobile application, website, and related services (collectively, the "Service"). It also explains the rights you have over your information and how to exercise them.Kyntos is a general wellness application focused on brain and nervous system wellness. We are not a HIPAA covered entity or business associate, and information you submit through the Service is not treated as Protected Health Information under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). You should not submit information through the Service that you are not comfortable being handled outside of the HIPAA framework.By using the Service, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.1. Information We CollectWe collect information in the following categories.1.1 Information You Provide DirectlyAccount information: your name, email address, date of birth, phone number, and password when you register.Subscription and billing information: payment is processed by Stripe, our third party payment processor. Kyntos does not collect or store your full credit card number, debit card number, or bank account details. Stripe provides us with limited information such as the last four digits of your card, card type, expiration date, billing zip code, and transaction status.Wellness inputs: assessment responses, cognitive and motor game scoring results, and any information you submit through interactive exercises or check ins within the Service.AI assistant conversations: the messages you send to the in app AI health assistant and the responses generated for you. These conversations are stored in your account so you can refer back to them.Communications: any information you provide when you contact us by email, through in app messaging, or by other means, including support requests, feedback, and survey responses.Marketing preferences: your consent choices regarding marketing communications and any preferences you set in your account.1.2 Information Collected AutomaticallyDevice information: device model, operating system and version, unique device identifiers, language settings, time zone, and mobile network information.Usage information: features accessed, screens viewed, session duration, in app actions, and timestamps of activity.Log data: IP address, access times, error logs, and crash reports generated when you use the Service.Cookies and similar technologies: when you use our website, we and our service providers may use cookies, pixels, local storage, and similar technologies to operate the site, remember your preferences, and understand how the site is used. You can control cookies through your browser settings, though some features of the site may not function properly if cookies are disabled.1.3 Information from Third PartiesPayment processor: Stripe provides us with transaction status, fraud signals, and limited card metadata as described above.Marketing platform: if you sign up for our marketing emails, our email service provider (currently expected to be Zoho) processes your contact information and engagement data, such as opens and clicks, and shares aggregated and individual engagement data back with us.1.4 Future Categories of InformationWe may, in the future, expand the Service to include additional types of information, including biomarker data such as blood test results, and integrations with wearable devices and other connected health hardware. Before we begin collecting any such additional categories of information, we will update this Privacy Policy and, where required by applicable law, obtain your consent.2. How We Use Your InformationWe use the information we collect for the following purposes.To provide, operate, and maintain the Service, including creating and managing your account, processing your subscription, delivering content and protocols, and personalizing your experience.To process payments and prevent fraudulent transactions through our payment processor.To enable the AI health assistant feature, including sending your messages to OpenAI for processing and storing your conversation history within your account so you can review prior interactions.To analyze how the Service is used so that we can improve features, fix bugs, develop new functionality, and understand which content is most useful to our users.To communicate with you about your account, your subscription, security alerts, customer support requests, and changes to our policies. These communications are transactional and you cannot opt out of them while you maintain an account.To send marketing communications about Kyntos, including newsletters, product updates, and promotional offers, only if you have separately consented to receive them. You can withdraw your consent at any time by using the unsubscribe link in any marketing email or by adjusting your account settings.To verify that you meet the minimum age requirement of 18 years to use the Service.To enforce our Terms of Service, protect the rights, property, or safety of Kyntos and its users, investigate suspected fraud or misconduct, and respond to legal requests.To comply with applicable legal obligations, including tax, accounting, and regulatory requirements.3. Legal Bases for Processing (EU and UK Users)If you are located in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the General Data Protection Regulation ("GDPR") and the United Kingdom GDPR to process your personal data:Performance of a contract: to provide the Service, manage your account, and process your subscription as required by our Terms of Service.Legitimate interests: to operate, secure, and improve the Service, prevent fraud, and communicate with you in ways you would reasonably expect, where these interests are not overridden by your rights and freedoms.Consent: for marketing communications, optional features, and any future processing of special category data such as biomarker data. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.Legal obligation: to comply with laws that apply to us, such as tax, consumer protection, and law enforcement requests.4. How We Share Your InformationWe do not sell your personal information, and we do not share it for cross context behavioral advertising. We share information only in the limited circumstances described below.4.1 Service ProvidersWe share information with third party vendors that perform services on our behalf. These vendors are contractually required to use the information only to provide services to us and to protect it appropriately. Our current and expected service providers include:Google Cloud Platform: cloud hosting, storage, and infrastructure for the Service.Stripe: payment processing, billing, and fraud prevention.OpenAI: processing of AI health assistant conversations. Messages you send to the assistant are transmitted to OpenAI through its API to generate responses. Under OpenAI’s API terms, OpenAI does not use API content to train its models by default. We do not transmit information to OpenAI for any purpose other than generating your assistant responses.Zoho: email and marketing communications platform (expected provider).Other operational vendors: providers of analytics, customer support tools, security monitoring, and similar back office services that we may engage from time to time.These relationships are structured as "service provider" or "processor" relationships under applicable privacy laws. The vendors are not permitted to use your information for their own marketing or to sell it.4.2 Legal and Safety DisclosuresWe may disclose your information if we believe in good faith that disclosure is necessary to (a) comply with a law, regulation, court order, subpoena, or other legal process; (b) enforce our Terms of Service; (c) detect, prevent, or address fraud, security, or technical issues; or (d) protect the rights, property, or safety of Kyntos, our users, or the public.4.3 Business TransfersIf Kyntos or Automation Katalyst LLC is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such transfer and any resulting changes to this Privacy Policy.4.4 With Your ConsentWe may share your information for any other purpose with your consent or at your direction.5. International Data TransfersKyntos is operated from the United States, and our service providers are located in the United States and other countries. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States and potentially other jurisdictions whose data protection laws may differ from those of your country of residence.When we transfer personal data of EU, UK, or Swiss users to countries that have not received an adequacy decision from the relevant authority, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, or other lawful transfer mechanisms. You may request a copy of the safeguards in place by contacting us at the address provided in the Contact section.6. Data RetentionWe retain your personal information for as long as your account is active and as necessary to provide the Service. We also retain information for the period necessary to comply with legal obligations, resolve disputes, prevent fraud and abuse, and enforce our agreements. When information is no longer needed, we will delete or de identify it.Specific retention periods include: account information for the life of your account plus a reasonable period after termination to handle disputes and legal obligations; payment records for the period required by tax and accounting laws (typically seven years in the United States); AI assistant conversation history for the life of your account, unless you delete specific conversations or your account; marketing engagement data until you unsubscribe and for a short period thereafter to honor your suppression preferences.7. Your Rights and ChoicesDepending on where you live, you may have certain rights regarding your personal information. We honor these rights for all users to the extent practicable, regardless of jurisdiction.7.1 Rights Available to All UsersAccess and review the information in your account through the in app settings.Update or correct your account information at any time through the Service.Delete your account and associated personal information by contacting us or using any in app deletion tool we make available.Opt out of marketing emails by clicking the unsubscribe link in any marketing email or by updating your preferences in your account settings.7.2 Additional Rights for Residents of California and Other U.S. StatesIf you are a resident of California, Colorado, Connecticut, Texas, Virginia, or another U.S. state with a comprehensive consumer privacy law, you may have the following rights:The right to know or access the categories and specific pieces of personal information we have collected about you.The right to correct inaccurate personal information.The right to delete personal information we have collected from you, subject to legal exceptions.The right to data portability, meaning a copy of your information in a portable format.The right to opt out of the sale or sharing of your personal information for cross context behavioral advertising. As stated above, we do not sell or share personal information for cross context behavioral advertising.The right to limit the use of sensitive personal information, where applicable.The right to be free from discrimination for exercising any of these rights.To exercise any of these rights, contact us using the information in the Contact section. We may need to verify your identity before responding to your request. You may also designate an authorized agent to make a request on your behalf, subject to verification.7.3 Additional Rights for Users in the European Economic Area, United Kingdom, and SwitzerlandIf you are located in the EEA, UK, or Switzerland, you have the following rights under the GDPR and UK GDPR:The right of access to your personal data and information about how it is processed.The right to rectification of inaccurate or incomplete personal data.The right to erasure of personal data ("the right to be forgotten") in certain circumstances.The right to restrict processing of your personal data in certain circumstances.The right to data portability for personal data you have provided to us.The right to object to processing based on legitimate interests, including objection to direct marketing.The right to withdraw consent at any time, where processing is based on consent.The right to lodge a complaint with your local supervisory authority. A list of EU data protection authorities is available at edpb.europa.eu, and the UK Information Commissioner’s Office is at ico.org.uk.To exercise these rights, contact us using the information in the Contact section. We will respond within the timeframes required by applicable law.8. SecurityWe use commercially reasonable administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. Measures include encryption of data in transit, access controls, secure cloud infrastructure provided by Google Cloud Platform, and ongoing monitoring.No method of transmission over the internet or electronic storage is completely secure, however, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for notifying us promptly of any suspected unauthorized access.9. Children’s PrivacyThe Service is intended for users 18 years of age and older. We do not knowingly collect personal information from anyone under the age of 18. If you believe a person under 18 has provided personal information to us, please contact us using the information below and we will take steps to delete the information and terminate any associated account.10. Third Party Services and LinksThe Service may contain links to third party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to those third party services. We encourage you to review the privacy policies of any third party service you interact with.11. AI Assistant DisclosuresThe Kyntos AI health assistant uses artificial intelligence technology provided by OpenAI to generate responses to your messages. Important things to know:Your conversations with the AI assistant are transmitted to OpenAI for processing through OpenAI’s API.We store your conversation history within your account so you can refer back to prior exchanges. You may delete individual conversations or your full history at any time through the Service or by contacting us.AI generated responses are produced automatically and may be inaccurate, incomplete, or out of date. The AI assistant is part of a general wellness Service and does not provide medical advice, diagnosis, or treatment. You should not rely on AI assistant responses as a substitute for consultation with a qualified healthcare provider.Do not include information in your AI assistant messages that you do not want transmitted to OpenAI or stored in your account, including sensitive identifiers, financial details, or information about other people.12. Do Not Track SignalsSome browsers transmit "Do Not Track" signals. Because there is no industry standard for how to respond to these signals, the Service does not currently change its behavior in response to them. We describe the choices available to you regarding tracking in this Privacy Policy.13. Changes to This Privacy PolicyWe may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top and provide reasonable notice through the Service or by email when required by law. Your continued use of the Service after the effective date of the updated Privacy Policy constitutes your acceptance of it.14. Contact InformationFor questions, requests, or complaints about this Privacy Policy or our handling of your personal information, please contact us at:Automation Katalyst LLCAttn: Kyntos PrivacyEmail: info@automationkatalyst.comMailing Address: 17448 Hwy 3, Suite 140, Webster, TX 77598
Kyntos has not yet appointed a representative under Article 27 of the GDPR or UK GDPR. If you are an EU, UK, or Swiss data subject and need to contact us regarding your personal data, please use the contact information above. We will appoint a local representative if and when our user base in the EEA, UK, or Switzerland makes one necessary.
By using Kyntos, you acknowledge that you have read and understood this Privacy Policy.