Privacy Policy.
Our privacy framework is built to exceed the requirements of the Australian Privacy Act 1988 and the Health Records Act 2001.
Regulatory Oversight
In compliance with CA AB 489 (2026), KuraPath explicitly discloses when clinical insights are AI-generated without immediate licensed medical oversight. Our 'Verified' status is reserved for practitioner-reviewed outputs.
Evidence Anchoring
We adhere to the EU AI Act transparency requirements. Every synthesis is anchored in peer-reviewed clinical research (RAG), avoiding 'black box' logic to ensure explainability and reliability.
Data Sovereignty & Residency
All health data is stored within sovereign cloud infrastructure with secure encryption. We strictly adhere to the Australian Privacy Principles regarding cross-border data flows.
1. Collection of Sensitive Information
KuraPath collects health information including laboratory results, biometric data, and personal health histories. This information is classified as "Sensitive Information" under the Privacy Act 1988 (Cth). We collect this only with your explicit, informed consent for the sole purpose of providing personalized health guidance.
We only take the data you give us, specifically to help you understand your health. We never collect 'shadow' profiles.
2. Use of AI and Machine Learning
Unlike legacy platforms, KuraPath uses specialized Clinical Evidence Engines to process clinical data. We enforce strict personal identity protection. Before any data reaches a large language model, your identity is detached from the clinical values. No user data is used to train third-party models.
3. Notifiable Data Breaches (NDB)
We maintain a rigorous response plan in accordance with Part IIIC of the Privacy Act. In the unlikely event of a data breach that is likely to result in serious harm, we are legally committed to notifying both the affected individuals and the privacy regulator within 72 hours.
4. Your Right to Erasure
You hold the absolute right to the "Erasure of Data." At any point, you can request the permanent destruction of your health record. We do not maintain delayed-deletion buffers; once your data is deleted, it is removed from all production and backup systems within 48 hours.