We recognise that safeguarding your personal data is of the utmost importance, and our platform has been designed with this in mind from the outset. We process and store personal data via our two products, the Kalibra App, available on the Apple App Store and Android Play Store, and Kalibra Pro, the Integrated Health Platform.
Kalibra App
When creating an account via the Kalibra App you are required to provide some basic personal information, including your name, nickname, email address, sex and date of birth. This data is stored in an Identity and Access Management platform, and all data is encrypted at rest. If you have created an account using Single Sign-on, your password is managed via the Apple or Google account you used. If you signed up using an email address, you have the ability to verify your account and reset your password – Kalibra does not have access to your password. In addition to your name, nickname and email address, which are used to personalise your experience, we collect your base demographic information. Your date of birth is used to dynamically determine your age and adjust recommendations based on standardised age groups. Your sex (also known as biological sex, or gender assigned at birth), is used to adjust ranges for various health markers, where sex-based differences exist in normative ranges, as well as to personalise your experience through interactions with Kali.
When using the Kalibra app, either through interactions with Kali or providing health data through functionality including Bloodwork, and Optical Scans, we store these data within Kalibra-managed infrastructure. We do not permanently store personally identifiable data within the Kalibra infrastructure and only include a reference to the identifier of your user account stored on our Identity and Access Management platform. Identity and Access Management platform data is available in-memory within the Kalibra infrastructure to facilitate personalisation.
Some optional functionality requires you to submit sensitive health-related personal data; the handling of these data is described in further detail below.
Bloodwork
The Kalibra app supports uploading bloodwork pdfs for extraction of health markers and processing them into Kalibra assessments to provide insights and recommendations. The data handling of your bloodwork is as follows:
- Files are uploaded using end-to-end encryption (SSL transport) between your device and Kalibra’s infrastructure and temporarily stored
- Kalibra’s bloodwork software processes your bloodwork and stores extracted images of each page alongside the pdf to assist with processing
- Once Kalibra has extracted health markers from your report, a process that does not include human intervention, you are notified that your bloodwork is ready for review.
- Upon your review and submission of confirmed health markers, Kalibra then deletes your personally identifiable data (bloodwork PDF, and extracted images), and only stores numeric information alongside a reference to the identifier of your user account.
Face Scan
Kalibra provides an optional optical face-scanning feature within the Kalibra app, which is provided by a third-party provider. Using Transdermal Optical Imaging (TOI), the software uses sensors on your smartphone to capture light reflected from the face, made possible by the translucent nature of the skin. This process only captures data signals and does not capture any identifying images. When conducting a face scan via the Kalibra app, your de-identified data is securely transmitted to the provider, processed and returned – the provider does not store any data. No user identifiable data is transmitted by Kalibra to the provider.
Body Scan
Kalibra provides an optional optical full-body scanning feature within the Kalibra app, which is provided by a third-party provider. The front-facing camera on your smartphone is used to capture a front and side profile, which is processed on your device into body composition estimates. When conducting a body scan via the Kalibra app, your de-identified data is securely transmitted to the provider, processed and returned – the provider does not store any data. No user identifiable data is transmitted by Kalibra to the provider. At no point does the image you capture during the body scan process leave your device.
HRV Scan
Kalibra provides an optional optical HRV scanning feature within the Kalibra app, which is provided by a third-party provider. The rear-facing camera along with the flash on your smartphone is used to capture changes in your heart rate via your finger. When conducting an HRV scan via the Kalibra app, your de-identified data is securely transmitted to the provider, processed and returned – the provider does not store any data. No user identifiable data is transmitted by Kalibra to the provider. At no point is the image transmitted to Kalibra, or leave your device.
Wearable data
Kalibra provides an optional feature that enables users to connect their wearable devices to the Kalibra platform, allowing greater insights and recommendations based on a more complete picture of your activity and sleep. Wearable integration is provided by a third party provider. When connecting a wearable device, a secure trust is established between your wearable device provider and Kalibra’s integration partner. The integration partner immediately processes and sends your wearable data to Kalibra, and does not store any data other than a token to the trusted connection. At any time within the Kalibra app, you can disconnect your wearable device, or you can disconnect the connection from within your wearable provider’s platform (if supported).
Accessing and Deleting your data
We operate under the premise that your data belongs to you, and as the owner of your data, you are in control. At any time you may request the deletion of your account and associated data through the Kalibra app. This process will irreversably remove all data you have provided through engagements with the app, and does not require any intervention from Kalibra. You may also request a copy of your data by contacting us.