Privacy Policy

Last Updated: December 28, 2025

Our Commitment to Your Privacy

At KwikID, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Medical ID QR Wristband System. Your medical information is sensitive, and we are committed to protecting it with industry-standard security measures.

By using KwikID, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

Information We Collect

1. Personal Information

When you create an account, we collect:

  • Full name
  • Email address
  • Password (encrypted)
  • Date of birth (optional)
  • Phone number (for emergency contacts)

2. Medical Information

When you create a medical profile, you may provide:

  • Blood type
  • Allergies and severity
  • Medical conditions
  • Current medications and dosages
  • Medical devices or implants
  • Emergency contact information
  • Doctor and insurance information
  • Medical documents (lab results, prescriptions, insurance cards)
  • Special notes for first responders

3. Usage Information

We automatically collect:

  • QR code scan timestamps and locations
  • IP addresses for security purposes
  • Device information and browser type
  • Pages visited and features used
  • Access logs for audit trails

4. Location Data

When someone scans your QR code bracelet, we collect the approximate location (city/state level) where the scan occurred to notify you and your emergency contacts.

How We Use Your Information

Primary Uses:

  • Display your medical information to first responders during emergencies
  • Notify you and your emergency contacts when your bracelet is scanned
  • Manage your account and medical profiles
  • Process bracelet code linking and activation
  • Store and retrieve your medical documents securely

Secondary Uses:

  • Send service-related notifications and updates
  • Improve our service and user experience
  • Prevent fraud and abuse
  • Comply with legal obligations
  • Maintain audit logs for security

Important: We will NEVER sell your personal or medical information to third parties. We will NEVER use your data for marketing or advertising purposes.

When We Share Your Information

Your medical information is extremely sensitive. We only share it in these specific situations:

1. Public Profile Display

When your bracelet QR code is scanned, your medical profile is displayed publicly (with your explicit consent toggle enabled). This is the core functionality of KwikID and allows first responders to access life-saving information during emergencies.

2. Emergency Contacts

When your bracelet is scanned, we may notify your designated emergency contacts via email or SMS (if configured) with the time and location of the scan.

3. Service Providers

We use trusted third-party services to operate KwikID:

  • Supabase: Database and authentication (SOC 2 Type II compliant)
  • Vercel: Website hosting (GDPR compliant)
  • Email/SMS providers: For notifications (when configured)

These providers have signed data processing agreements and are contractually obligated to protect your information.

4. Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if necessary to protect our rights, property, or safety.

We will NOT share your information with: Advertisers, marketers, insurance companies (unless you explicitly authorize it), employers, or any other third party without your explicit consent.

How We Protect Your Data

We implement industry-standard security measures to protect your information:

🔐 Encryption

All data transmitted between your device and our servers is encrypted using TLS 1.3 (HTTPS). Passwords are hashed using bcrypt.

🛡️ Access Control

Row-Level Security (RLS) policies ensure users can only access their own data. Admin access is logged and monitored.

📝 Audit Logs

All data access and modifications are logged with timestamps, IP addresses, and user actions for security auditing.

💾 Secure Storage

Medical documents are stored in private, encrypted buckets with strict access controls. Backups are encrypted at rest.

Note: While we use industry-standard security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we continuously monitor and improve our security practices.

Your Rights and Choices

You have the following rights regarding your data:

1

Access Your Data

You can view, download, and export all your personal and medical information at any time through your account dashboard.

2

Update Your Data

You can edit your medical profile, personal information, and settings at any time. Changes are effective immediately.

3

Delete Your Data

You can request account deletion at any time. We will permanently delete all your data within 30 days, except where required by law.

4

Control Public Visibility

You can toggle the "Consent" setting in your medical profile to control whether your information is displayed publicly when scanned.

5

Opt-Out of Communications

You can disable scan notifications in your account settings. However, critical security alerts cannot be disabled.

Data Retention

We retain your information for as long as your account is active or as needed to provide you services. Specifically:

  • Account Data: Retained while your account is active. Deleted within 30 days of account deletion request.
  • Medical Profiles: Retained while linked to an active bracelet. Deleted when you unlink or delete your account.
  • Scan Logs: Retained for 2 years for security and audit purposes, then automatically deleted.
  • Medical Documents: Stored until you delete them or close your account, then permanently removed.
  • Backup Data: May be retained for up to 90 days in encrypted backups for disaster recovery.
Children's Privacy

KwikID is designed for use by adults creating profiles for themselves or their dependents (children, elderly parents, etc.). We do not knowingly collect personal information from children under 13 without parental consent.

Parents and guardians are responsible for managing profiles created for minors. If you believe we have collected information from a child without proper consent, please contact us immediately.

International Users

KwikID is hosted in the United States. If you access our service from outside the U.S., your information will be transferred to, stored, and processed in the U.S. where our servers are located.

By using KwikID, you consent to the transfer of your information to the U.S. We comply with applicable data protection laws, including GDPR for EU users.

EU/UK Users: You have additional rights under GDPR, including the right to data portability and the right to lodge a complaint with your local data protection authority.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date at the top
  • Sending you an email notification (for significant changes)

Your continued use of KwikID after changes are posted constitutes acceptance of the updated Privacy Policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:

Email: privacy@kwikid.co

Mail: KwikID Privacy Team
[Your Company Address]
[City, State, ZIP]

We will respond to privacy inquiries within 30 days.

This Privacy Policy is effective as of December 28, 2025 and applies to all users of the KwikID service.

Last reviewed and updated: December 28, 2025

Privacy PolicyTerms of Service© 2026 KwikID. All rights reserved.