The data controller for personal data processed through this platform is KetCon, operated in the United States. Questions or requests regarding your data can be sent to privacy@ketcon.us.

If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR) or UK GDPR, described below. If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA).

We collect and store the following categories of personal data:

• —Account data: Email address, hashed password, account role (doctor or therapist), email verification status, and account creation timestamp. Lawful basis: performance of a contract (providing access to the platform).
• —Professional profile: Name, professional bio, specialties, states of practice, collaboration style, session format, years of experience, profile photo, and website URL. Lawful basis: performance of a contract; you provide this voluntarily to appear in the directory.
• —License information: License type, license number, issuing state, and verification status. Lawful basis: legitimate interests (ensuring the directory lists only credentialled professionals; public safety).
• —Transactional records: Email delivery logs for account verification and license status notifications. Lawful basis: performance of a contract.

We do not collect browsing behaviour, click-stream data, IP addresses, device fingerprints, or any form of advertising identifiers. We do not use analytics trackers or third-party tracking scripts.

KetCon does not share your data with advertisers, data brokers, or marketing platforms. The following operational services receive limited personal data as necessary to provide specific features. Each acts as a data processor on our behalf, except where noted.

We do not use any other third-party services. All other data processing is operated directly by KetCon.

The compatibility matching feature uses automated processing — specifically, a large language model accessed via OpenRouter — to compare professional profiles and generate a numeric compatibility score and a short explanatory summary. The factors considered include: stated specialties, collaboration style, therapeutic philosophy, states of practice, and professional role.

These scores are informational starting points, not clinical endorsements. No automated decision with legal or similarly significant effect is made about you. The matching output does not determine whether your profile is listed, removed, or restricted — those decisions, if they arise, involve human review.

Under GDPR Article 22, you have the right to object to automated processing that produces legal or significant effects. As described above, our automated matching does not meet that threshold, but you may contact us at any time to request that your profile be excluded from the matching feature.

KetCon operates in the United States. If you are located in the European Economic Area, United Kingdom, or another jurisdiction with data transfer restrictions, please be aware that the following services process data in the United States:

• —OpenRouter Inc.
• —Google LLC (Gemini API)
• —CMS NPI Registry
• —OIG LEIE

Jina AI GmbH is headquartered in Germany and operates within the EEA. Proton AG is headquartered in Switzerland, which the European Commission has recognised as providing an level of data protection.

Where personal data is transferred to the United States, we rely on the necessity of the transfer for the performance of our contract with you, and on the use of service providers who maintain appropriate technical and organisational measures. If you have questions about specific transfer safeguards, contact us at privacy@ketcon.us.

We retain your personal data for as long as your account is active. If you delete your account, we will permanently remove your profile, license records, and account data within 30 days of your request. Transactional email logs may be retained for up to 90 days for operational purposes before deletion.

Data shared with third-party processors (Jina AI, OpenRouter, Google Gemini) during feature use is governed by those providers' own retention policies. We do not control retention on their systems, but we use only providers who offer no-training guarantees on API data by default.

Passwords are stored using industry-standard one-way hashing. Data is transmitted over encrypted connections (HTTPS/TLS). Access to production systems is restricted to authorised personnel.

No method of transmission or storage is 100% secure. If you become aware of a security concern involving your account or our platform, please contact us immediately at security@ketcon.us.

Depending on your location, you may have the following rights:

• —Access: Request a copy of the personal data we hold about you.
• —Rectification: Correct inaccurate or incomplete data. Most profile data can be updated directly in the app.
• —Erasure ("right to be forgotten"): Request deletion of your account and associated personal data.
• —Restriction: Request that we limit processing of your data in certain circumstances.
• —Data portability: Receive your data in a structured, machine-readable format.
• —Objection: Object to processing based on legitimate interests, including automated matching.
• —Withdraw consent: Where processing is based on your consent (e.g. Profile Auto-Fill), you may withdraw that consent at any time without affecting prior processing.
• —California residents (CCPA): You have the right to know what personal information is collected, to delete it, and to opt out of its sale. We do not sell personal information.

To exercise any of these rights, email privacy@ketcon.us from the address associated with your account. We will respond within 30 days. If you believe your rights have not been respected, you have the right to lodge a complaint with your local data protection authority.

KetCon does not use cookies or third-party tracking technologies. We use your browser's localStorage for three strictly functional purposes:

• —Your authentication token, so you remain logged in between sessions.
• —Your display theme preference (light, dark, or system).
• —Whether you have dismissed the app install prompt.

None of this data is shared with third parties or used for tracking purposes.

KetCon is a professional platform intended solely for licensed healthcare professionals. We do not knowingly collect personal data from anyone under the age of 18. If you believe a minor has created an account, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. If we make a material change — one that significantly affects how we collect, use, or share your data — we will notify you by email at least 14 days before the change takes effect. Minor clarifications or corrections will be noted by updating the "Last updated" date at the top of this page.

Continuing to use KetCon after a material change takes effect constitutes acceptance of the revised policy. If you do not agree with a change, you may delete your account before it takes effect.

This Privacy Policy is governed by the laws of the United States. It is intended to be read alongside our Terms & Conditions.