Privacy Policy for Khimbus Application

Effective Date: July 9th, 2025

---

1. Introduction

Welcome to the Khimbus application, operated by KHIT Consulting. We are committed to protecting the privacy and security of your information. This Privacy Policy describes how we collect, use, share, and protect the personal information of the users and residents of our application.

This policy applies to all information collected through our web application, including its various subdomains (e.g., libertyplace.khimbus.com, jacobswell.khimbus.com).

2. Information We Collect

We collect information to provide and improve our services. The type of information we collect depends on your interaction with our application.

A. Information You Provide Directly to Us:

• Account Information: When staff users create an account, we collect information such as your first name, last name, username, and a hashed password.
• Resident Profile Information: When registering a resident, we collect a significant amount of sensitive personal information, which may include:
  • Identifiers: Full name, Social Security Number (SSN), date of birth, gender, sexual orientation, race, ethnicity, and contact information (email, phone number, physical addresses).
  • Health and Medical Information (PHI): Primary, secondary, and tertiary diagnoses (including ICD codes), medication details, eMAR (Electronic Medication Administration Record) data, drug test results, Medicaid information, and other insurance details.
  • Financial Information: Employer details, job titles, income information, paystubs, and bank statements.
  • Emergency Contact Information: Name, phone number, and relationship of emergency contacts.
  • Other Sensitive Information: Veteran status, primary language, room number, driver's license details, incident reports, and contact notes.
• Dependent Information: We collect personal and health information about residents' dependents, including their names, dates of birth, SSNs, and birth certificates. This information is provided with the consent of the resident parent or guardian.
• User-Generated Content: We collect information that you voluntarily post to the service, such as the titles and bodies of posts in the "Posts" section.
• Communications: If you contact us directly, we may receive additional information about you.

B. Information We Collect Automatically:

• Cookies and Session Data: We use cookies to operate and administer our site and to improve your experience.
  • Session Cookies: To keep you logged in as you navigate the application.
  • Functional Cookies: We use a cookie to store your browser's timezone (e.g., America/New_York) to display timestamps in your local time. This cookie does not contain personally identifiable information and is used solely for this display purpose.
• Server Logs: Like most websites, our servers automatically record information that your browser sends whenever you visit our site. This may include your Internet Protocol (IP) address, browser type and version, the pages you visit, and the time and date of your visit. This data is used for monitoring, security, and debugging purposes.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, maintain, and improve our application and its services.
• To manage user and resident accounts, including authentication and password resets.
• To facilitate essential communications, such as sending notifications about MSR submissions, failed room checks, or password reset codes.
• To display content correctly, such as converting UTC timestamps to your local time.
• To ensure the security of our application and to prevent fraud.
• To comply with legal obligations and regulations.

4. How We Share Your Information

We do not sell your personal information. We may share your information only in the following circumstances:

• Within Your Organization: Information is accessible to authorized personnel (such as administrators and assigned case managers) who require access to perform their job duties.
• Service Providers: We may share information with third-party vendors and service providers that perform services on our behalf. For example, we use Google's email infrastructure (Gmail) to send notifications, which involves processing email addresses.
• Legal Requirements: We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend our rights or property, or protect the personal safety of users or the public.

5. Data Security

We implement a variety of security measures to maintain the safety of your personal information. These measures include hashing user passwords and other technical and administrative safeguards. However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

6. Data Retention

We will retain your personal information for as long as is necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law (for example, for regulatory or medical record-keeping purposes).

7. Your Rights and Choices

• Accessing and Updating Information: You may review and update your account and profile information by logging into the application and navigating to the relevant sections.
• Cookies: You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our service (like staying logged in).
• Deleting Your Information: You may request the deletion of your account or a resident's profile by contacting us, subject to our data retention policies and legal obligations.

8. Children's Privacy

Our service is not directed to children under the age of 13 to use for themselves. We collect information about children (dependents) only with the consent of their parent or legal guardian (the resident) for the sole purpose of providing our services. If you believe we have collected information from a child under 13 without parental consent, please contact us so we can take appropriate action.

9. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. We encourage you to review this Privacy Policy periodically for any changes.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

info@khitconsulting.com
6723 Heritage Lane, Charlestown, IN 47111