Privacy Policy

Last Updated: January 3, 2026

Our Commitment: Kura Center is designed to protect the privacy and security of residents, staff, and facilities. We collect only what's necessary to provide our service, never sell your data, and give you control over your information.

1. Information We Collect

Information You Provide to Us

When you use Kura Center, you provide:

  • Account Information: Name, email address, phone number, facility name, and billing information
  • Resident Information: Names, dates of birth, medical information, service records, and other care-related data necessary for facility operations
  • Staff Information: Names, contact information, certifications, schedules, and timecard data
  • Service Documentation: Records of services provided, medications administered, ADL tracking, incident reports, and progress notes

Information We Collect Automatically

When you use our service, we automatically collect:

  • Usage Data: Pages viewed, features used, time spent in the application
  • Device Information: Device type, operating system, browser type, IP address
  • Audit Trail Data: Timestamps, user actions, and system events for compliance and security

Information We DON'T Collect

We deliberately avoid collecting:

  • Social Security Numbers (unless required by your state for reporting)
  • Financial account information beyond billing (we use Stripe for payment processing)
  • Unnecessary personal information not related to care delivery

2. How We Use Your Information

Primary Uses

We use your information to:

  • Provide the Service: Enable documentation, scheduling, reporting, and compliance features
  • Generate Reports: Create QIP reports, licensing documentation, and compliance records
  • Ensure Compliance: Maintain audit trails required by California Title 22, Title 17, and DDS regulations
  • Provide Support: Respond to your questions and troubleshoot issues
  • Improve the Service: Analyze usage patterns to enhance features and usability
  • Communicate: Send service updates, security alerts, and important notices

What We DON'T Do

  • We never sell your data to third parties
  • We never use resident data for advertising
  • We never share your data with competitors
  • We never train AI models on your resident data

3. How We Share Your Information

We share your information only in these limited circumstances:

With Your Consent

We will share information when you explicitly direct us to (e.g., exporting reports for DDS submission).

Service Providers

We work with trusted service providers who help us operate Kura Center:

  • AWS (Amazon Web Services): Cloud hosting and data storage (Business Associate Agreement in place)
  • Stripe: Payment processing (they handle credit card data, we never see it)
  • Support Tools: Customer support and communication platforms

All service providers are contractually required to protect your data and use it only for providing services to us.

Legal Requirements

We may disclose information if required by law, such as:

  • In response to valid legal process (subpoena, court order)
  • To comply with mandatory reporting requirements
  • To protect the safety of residents, staff, or the public

Business Transfers

If Kura Center is acquired or merged with another company, your information may be transferred. We will notify you before this happens.

4. Security Measures

We take security seriously. Our measures include:

  • Encryption: AES-256-GCM encryption for data at rest, TLS 1.3 for data in transit
  • Data Isolation: PostgreSQL Row Level Security ensures complete separation between facilities
  • Immutable Audit Trails: All actions are logged and cannot be altered or deleted
  • Access Controls: Role-based permissions limit who can see what data
  • Multi-Factor Authentication: Optional MFA for enhanced account security
  • Regular Security Audits: Ongoing security assessments and penetration testing

For more details, see our Security page.

HIPAA-Ready Infrastructure: Kura Center is built with HIPAA-ready architecture. We have a signed Business Associate Agreement (BAA) with AWS. If you require a BAA with Kura Center, please contact us.

5. Your Rights & Choices

Access Your Data

You can access all your data through the Kura Center application at any time. You can also export your data in standard formats.

Correct Your Data

You can update or correct information directly in the application. For assistance, contact support.

Delete Your Data

You can request deletion of your account and data by contacting us. Note: We may retain certain data as required by law or for legitimate business purposes (e.g., audit trails required by regulations).

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights:

  • Right to Know: Request details about the personal information we collect and how we use it
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: We don't sell personal information, so there's nothing to opt out of
  • Right to Non-Discrimination: We won't discriminate against you for exercising your privacy rights

To exercise these rights, contact us at privacy@kuracenter.com

Marketing Communications

You can opt out of marketing emails by clicking "unsubscribe" in any marketing email. You'll still receive important service notifications.

6. Data Retention

We retain your data as follows:

  • Active Accounts: Data is retained as long as your account is active
  • Closed Accounts: Data is retained for 7 years after account closure to comply with California regulations requiring record retention
  • Audit Trails: Immutable audit trails are retained permanently as required by compliance regulations
  • Backups: Backup copies are retained for 90 days for disaster recovery purposes

7. Cookies & Tracking

Essential Cookies

We use cookies necessary for the service to function:

  • Authentication cookies (keep you logged in)
  • Security cookies (prevent fraud and abuse)
  • Session cookies (remember your preferences)

Analytics Cookies (Optional)

We use analytics to understand how people use Kura Center and improve the service. These are optional and you can disable them in your browser settings.

No Advertising Cookies

We do not use advertising cookies or track you across other websites.

8. Children's Privacy

Kura Center is not intended for use by children under 18. While the system may store information about minor residents as part of care facility operations, we do not knowingly collect personal information directly from children.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make significant changes, we will notify you by:

  • Email to your registered email address
  • Prominent notice in the application
  • Updating the "Last Updated" date at the top of this page

Continued use of Kura Center after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our privacy practices:

Legal Disclaimer: This Privacy Policy should be reviewed by a qualified attorney before publication. This document is provided as a starting point and may not cover all legal requirements specific to your business.