Privacy Policy

KELIdesk (“we,” “us,” or “our”) operates the KELIdesk platform, website (kelidesk.com), and related services (collectively, the “Service”). This Privacy Policy describes how we collect, use, disclose, and protect information when you use our Service.

KELIdesk is designed for home health agencies that use HHAeXchange. We take the privacy and security of your data — including protected health information (PHI) — seriously.

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

Information you provide directly:

• Account registration details (name, email address, company name, role)
• Contact form submissions and support inquiries
• Billing and payment information (processed by our third-party payment processor — we do not store full payment card details)
• Communications you send to us via email, chat, or phone

Information collected through the Service:

• Billing exception data imported from your HHAeXchange account via API
• Claims data, caregiver records, patient identifiers, visit records, and related operational data necessary to provide exception detection and resolution services
• Actions taken within the platform (exception resolutions, approvals, notes, task assignments, status changes)
• Audit trail data including timestamps, user attribution, and outcome logging

Information collected automatically:

• Device and browser information (IP address, browser type, operating system)
• Usage data (pages visited, features used, session duration)
• Cookies and similar tracking technologies (see Section 7)

We use the information we collect to:

• Provide, operate, and maintain the KELIdesk platform
• Import, classify, and triage billing exceptions from your HHAeXchange data
• Generate AI-powered recommendations, action plans, and draft corrections
• Facilitate caregiver outreach via SMS and AI voice workflows
• Maintain audit trails and resolution logs for compliance purposes
• Process payments and manage your account
• Send operational communications (exception alerts, daily summaries, system notifications)
• Respond to your inquiries and provide customer support
• Improve and develop new features for the Service
• Comply with legal obligations and enforce our terms

We do not sell your personal information or PHI to third parties. We do not use your data to train general-purpose AI models.

KELIdesk may access, process, and store PHI in the course of providing the Service to your agency. Our handling of PHI is governed by:

• The Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations
• A Business Associate Agreement (BAA) executed between KELIdesk and your agency prior to accessing PHI

We implement administrative, physical, and technical safeguards designed to protect PHI in accordance with HIPAA requirements. These include encryption in transit and at rest, role-based access controls, audit logging, and secure infrastructure practices.

PHI is used solely to provide the Service as described in your BAA and this Privacy Policy. We do not use PHI for marketing, advertising, or any purpose outside the scope of the Service.

We may share your information in the following circumstances:

• Service providers: We work with trusted third-party vendors who help us operate the Service (cloud hosting, payment processing, email delivery, analytics). These providers are contractually required to protect your data and use it only for the purposes we specify.
• HHAeXchange integration: Data is exchanged between KELIdesk and HHAeXchange via API as necessary to provide the Service. This integration is authorized by your agency during setup.
• Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
• Business transfers: If KELIdesk is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
• With your consent: We may share information with your explicit permission for purposes not covered by this policy.

We implement industry-standard security measures to protect your information, including:

• Encryption of data in transit (TLS) and at rest (AES-256)
• Role-based access controls with least-privilege principles
• Full audit logging of system access and data operations
• Regular security assessments and monitoring
• Infrastructure security controls aligned to SOC 2 principles
• Employee access limited to personnel who require it for their role

While we strive to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but are committed to maintaining and improving our safeguards.

We use cookies and similar technologies to:

• Maintain your session and authentication state
• Remember your preferences and settings
• Understand how the Service is used (analytics)
• Improve performance and user experience

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Service.

We do not use cookies for cross-site advertising or sell cookie data to third parties.

We retain your information for as long as your account is active or as needed to provide the Service. Specific retention periods:

• Account data: Retained for the duration of your account plus 30 days after termination
• Platform data (exceptions, resolutions, audit logs): Retained for the duration of your subscription plus 90 days, unless a longer retention period is required by law or your BAA
• Payment records: Retained as required by applicable tax and financial regulations
• Contact form submissions: Retained for up to 12 months

You may request deletion of your data by contacting us at help@kelidesk.com. Deletion requests will be processed in accordance with applicable law and our contractual obligations.

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you
• Correct inaccurate or incomplete information
• Request deletion of your personal information
• Restrict or object to certain processing of your information
• Receive your data in a portable format
• Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at help@kelidesk.com. We will respond within 30 days.

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete it promptly.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the “Last updated” date at the top of this page and, where appropriate, by sending you a notification.

Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices, contact us at:

KELIdesk

Email: help@kelidesk.com