Privacy Policy

Updated: February 24, 2026

Konko AI, Inc. ("Konko AI," "Konko," "the Company," "we," "our," or "us") is committed to protecting the privacy and security of your information. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you use our website (konko.ai), our platform (platform.konko.ai), and all related services, including our AI-powered scheduling platform, conversational scheduling agents (including Kora), calendar integrations, and developer tools (collectively, the "Services").

As used in this Policy, "personal data" means any information that relates to, describes, or could be used to identify an individual, directly or indirectly.

This Policy applies to personal data that the Company collects, uses, and discloses, which may include: (i) data collected through the Services, (ii) data collected through the Company websites, and (iii) data collected from third party sources. Third party sources may include, but are not limited to: public databases, commercial data sources, and the public internet.

This Policy does not apply to personal data about the Company's employees and candidates, and certain contractors and agents acting in similar roles.

Please read this Privacy Policy carefully. By accessing or using our Services, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use our Services.

1. Information We Collect

1.1 Personal Information You Provide

We collect personal information if you create an account to use our Services or communicate with us as follows:

  • Account Information: When you create an account with us, we collect information associated with your account, including your name, email address, organization name, role, account credentials, and transaction history.
  • Clinic Configuration Data: Working hours, appointment types, appointment durations, buffer times, and other scheduling rules that clinic administrators configure through our platform.
  • Appointment Data: Information related to appointments booked through our Services, including appointment type, date, time, provider name, and patient name.
  • Patient Information: When patients interact with our scheduling agents through messaging platforms (such as WhatsApp), we collect the information they provide during the scheduling conversation, including their name, phone number, preferred appointment times, and appointment reason.
  • User Content: When you use our Services, we collect personal information that is included in the input, file uploads, or feedback that you provide to our Services.
  • Communication Information: If you communicate with us, we collect your name, contact information, and the contents of any messages you send.
  • Social Media Information: We have or may in the future have pages on social media sites like Instagram, Facebook, Medium, Twitter, YouTube, and LinkedIn. When you interact with our social media pages, we will collect personal information that you elect to provide to us, such as your contact details. In addition, the companies that host our social media pages may provide us with aggregate information and analytics about our social media activity.
  • Other Information You Provide: We collect other information that you may provide to us, such as when you participate in our events or surveys or provide us with information to establish your identity.

When you make purchases, we use secure third-party payment processors to collect credit card or other financial information. The Company does not store the credit card or payment information you provide, only confirmation that payment was made and details on the transaction (e.g., payment amount, date in which the payment was made).

1.2 Information Collected from Third Party Services

When you connect third party services to your Konko AI account, we collect information from those services as described below.

Google Calendar Data. When a provider connects their Google Calendar account, we access and collect the following information through Google's APIs:

  • Calendar Availability (FreeBusy Data): We query your calendar to determine which time periods are busy and which are free. This tells us when you are available for appointments. We do not access the details of events that mark you as busy — only the busy/free time blocks.
  • Calendar Event Data: For calendar events that are created, modified, or managed through our scheduling platform, we access event details including start time, end time, event title, and event status (confirmed, tentative, cancelled).
  • Calendar Metadata: We access calendar names, timezone settings, and calendar identifiers to properly configure the integration.
  • Change Notifications: We receive notifications from Google when changes occur on your connected calendar, so that our scheduling system stays in sync with your real-time availability.

What We Do Not Access from Google. We do not access, read, or store:

  • Your emails or Gmail data
  • Your Google Contacts
  • Your Google Drive files or documents
  • Your Google Photos
  • Event details from personal events you did not create through Konko (we only see the busy/free time blocks for those events)
  • Any Google service other than Google Calendar

1.3 Information Collected Automatically

When you visit, use, or interact with the Services, we receive the following information automatically:

  • Log Data: Information that your browser or device automatically sends when you use our Services, including your Internet Protocol address, browser type and settings, the date and time of your request, and how you interact with our Services.
  • Usage Data: We may automatically collect information about your use of the Services, such as the types of content that you view or engage with, the features you use and the actions you take, as well as your time zone, country, the dates and times of access, type of computer or mobile device, and your computer connection.
  • Device Information: Name of the device, operating system, device identifiers, and browser you are using. Information collected may depend on the type of device you use and its settings.
  • Cookies: We use cookies to operate and administer our Services and improve your experience. A "cookie" is a piece of information sent to your browser by a website you visit. You can set your browser to accept all cookies, to reject all cookies, or to notify you whenever a cookie is offered so that you can decide each time whether to accept it. However, refusing a cookie may in some cases preclude you from using, or negatively affect the display or function of, a website or certain areas or features of a website.
  • Analytics: We may use a variety of online analytics products that use cookies to help us analyze how users use our Services and enhance your experience when you use the Services.

2. How We Use Your Information

We do not use your personal information or input data to train AI models.

We may use personal information for the following purposes:

  • Providing the Services: To operate our scheduling platform, process appointment bookings, sync calendar availability, and deliver the core functionality of our Services.
  • Calendar Synchronization: To keep your scheduling data in sync with your connected Google Calendar, including computing available appointment slots, creating calendar events for new bookings, and detecting changes made directly on your calendar.
  • AI-Assisted Scheduling: To enable our AI scheduling agent (Kora) to offer accurate available time slots to patients and facilitate appointment booking through conversational interfaces.
  • Appointment Communications: To send appointment-related messages (confirmations, reminders, scheduling conversations) to patients on behalf of your clinic through messaging platforms such as WhatsApp.
  • Account Management: To create and manage your account, authenticate your identity, and provide customer support.
  • Improving the Services: To understand how our Services are used, diagnose technical issues, and improve functionality and user experience. We will not use Customer Content (as defined in our Terms of Service) to develop or improve the Services without your explicit consent.
  • Security: To detect, prevent, and address fraud, abuse, security risks, and technical issues, and to protect the security of our IT systems, architecture, and networks.
  • Business Transfers: To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests, and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.
  • Communications: To send you information about our Services, events, and updates.

Aggregated or De-Identified Information. We may aggregate or de-identify personal information so that it may no longer be used to identify you and use such information to analyze the effectiveness of our Services and to improve and add features to our Services. We will maintain and use de-identified information in anonymous or de-identified form and we will not attempt to re-identify the information, unless required by law.

3. Google API Services — Limited Use Disclosure

Konko AI's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only use Google Calendar data to provide and improve the scheduling Services described in this Privacy Policy.
  • We do not transfer Google Calendar data to third parties, except as necessary to provide the Services (for example, storing scheduling data in our FHIR-compliant health data infrastructure), with your explicit consent, or as required by law.
  • We do not use Google Calendar data for serving advertisements, including retargeting, personalized advertising, or interest-based advertising.
  • We do not allow humans to read your Google Calendar data unless (a) we have your affirmative agreement for specific data (for example, helping you troubleshoot a sync issue through our support team), (b) it is necessary for security purposes such as investigating abuse, (c) it is necessary to comply with applicable law, or (d) our use is limited to internal operations and the data (including derivations) is aggregated and anonymized.

4. How We Store and Protect Your Information

Data Storage

  • Scheduling Data (appointment records, availability rules, patient information) is stored in our FHIR-compliant health data infrastructure.
  • Calendar Sync Data (sync tokens, calendar identifiers, connection status) is stored in our application database.
  • Google Calendar OAuth Tokens are encrypted at rest and stored securely. We use these tokens solely to maintain the calendar connection and perform sync operations on your behalf.
  • We store minimal information in Google Calendar events created through our platform — only appointment type, patient first name, and a Konko booking identifier. All detailed clinical data remains in our FHIR system.

Data Security

We have implemented reasonable administrative, organizational, technical, and physical measures in an effort to safeguard the personal information in our custody and control against theft, loss, and unauthorized access, use, modification, and disclosure. These measures include:

  • Encryption of data in transit (TLS) and at rest
  • Access controls and least-privilege permissions for our team
  • Regular security assessments
  • Multi-factor authentication for internal systems
  • Logging and monitoring of access to sensitive data

We restrict access to personal information on a need-to-know basis to employees and authorized service providers who require access to fulfill their job requirements.

However, no Internet or email transmission is ever fully secure or error free. Therefore, you should take special care in deciding what information you send to us via the Service or email. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Service, or third-party websites.

5. How We Share Your Information

We do not sell or rent your personal information. We may share your information in the following circumstances:

  • Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may provide personal information to vendors and service providers, including providers of hosting services, customer service vendors, cloud services, email communication software, web analytics services, and other information technology providers. Pursuant to our instructions, these parties will access, process, or store personal information only in the course of performing their duties to us.
  • Calendar Services: When you connect your Google Calendar, scheduling data flows between our platform and Google Calendar to maintain synchronization. Only the minimum data necessary for scheduling (appointment time, type, and patient first name) is written to Google Calendar.
  • Messaging Platforms: When patients interact with our scheduling agents through WhatsApp or other messaging platforms, appointment-related information is transmitted through those platforms to facilitate the scheduling conversation.
  • Healthcare Data (with BAA): For customers who have executed a Business Associate Agreement (BAA) with us, we handle protected health information (PHI) in accordance with HIPAA requirements and the terms of that BAA.
  • Business Account Administrators: The administrators of your account may access and control your Konko AI account. If you create an account using an email address belonging to your employer or another organization, we may share the fact that you have a Konko AI account and certain account information, such as your email address, with your employer or organization to, for example, enable you to be added to their business account.
  • Other Users and Third Parties You Share Information With: Certain features allow you to display or share information with other users or third parties. For example, you may share conversations or scheduling information with other users. Be sure you trust any user or third party with whom you share information.
  • Business Transfers: If we are involved in strategic transactions, reorganization, bankruptcy, receivership, or transition of service to another provider, your personal information and other information may be disclosed in the diligence process with counterparties and others assisting with the transaction and transferred to a successor or affiliate as part of that transaction along with other assets. We will notify you of any such change in ownership or control of your personal information.
  • Legal Requirements: We may share your personal information with government authorities, industry peers, or other third parties (i) if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, (ii) to protect and defend our rights or property, (iii) if we determine, in our sole discretion, that there is a violation of our terms, policies, or the law, (iv) to detect or prevent fraud or other illegal activity, (v) to protect the safety, security, and integrity of our products, employees, or users, or the public, or (vi) to protect against legal liability.

6. Data Retention

We only keep your personal information as long as it is operationally or legally necessary. After that, we will either destroy or anonymize the information. Specific retention periods:

  • Account Data is retained for as long as your account is active or as needed to provide the Services. Upon termination of your account, we will delete your data within 30 days, unless we are legally required to retain it.
  • Appointment Records may be retained as part of clinical scheduling records in accordance with applicable healthcare data retention requirements, even after account termination.
  • Google Calendar Data (OAuth tokens, sync data, calendar identifiers) is deleted when you disconnect your Google Calendar from our platform or when your account is terminated.
  • Log and Usage Data is retained for up to 12 months for analytics and troubleshooting purposes, then deleted or anonymized.

7. Your Rights

Depending on location, individuals may have certain statutory rights in relation to their personal information. For example, you may have the right to:

  • Access your personal information and information relating to how it is processed.
  • Delete your personal information from our records.
  • Rectify or update your personal information.
  • Transfer your personal information to a third party (right to data portability).
  • Restrict how we process your personal information.
  • Withdraw your consent — where we rely on consent as the legal basis for processing — at any time.
  • Object to how we process your personal information.
  • Lodge a complaint with your local data protection authority.

You can exercise some of these rights through your Konko AI account. If you are unable to exercise your rights through your account, please submit your request to privacy@konko.ai.

Revoking Calendar Access

You can disconnect your Google Calendar at any time through:

  • Platform.konko.ai: Navigate to your integration settings and click "Disconnect Google Calendar."
  • Google Account Settings: Go to myaccount.google.com > Security > Third-party apps with account access > Konko AI > Remove Access.

Upon disconnection, we immediately stop accessing your Google Calendar data. Previously synced appointment records remain in our system as part of your clinic's scheduling records unless you separately request data deletion.

Communication Preferences

You may opt out of non-essential communications from us by following the unsubscribe instructions in our emails or by contacting us at privacy@konko.ai.

Do Not Track

Our Services do not currently respond to "Do Not Track" browser signals. We will update this Privacy Policy if our practices change in the future.

8. Children's Privacy

Our Services are not directed to children under the age of 13. Konko AI does not knowingly collect personal information from children under the age of 13. If you have reason to believe that a child under the age of 13 has provided personal information to Konko AI through the Services, please email us at privacy@konko.ai. We will investigate any notification and if appropriate, delete the personal information from our systems. If you are 13 or older, but under 18, you must have permission from your parent or guardian to use our Services.

9. Links to Third Party Websites

Our website may contain links to other websites that the Company does not own or operate. We provide links to third-party websites as a convenience to the user. These links are not intended as an endorsement of or referral to the linked websites. The linked websites have separate and independent privacy policies, notices, and terms of use. We do not have any control over such websites, and therefore we have no responsibility or liability for the manner in which the organizations that operate such linked websites may collect, use, disclose, secure, or otherwise treat personal information. We encourage you to read the privacy policy of every website you visit.

10. International Users

By using our Services, you understand and acknowledge that your personal information will be processed and stored in our facilities and servers in the United States and may be disclosed to our service providers and affiliates in other jurisdictions.

Legal Basis for Processing. Our legal bases for processing your personal information include:

  • Performance of a contract with you when we provide and maintain our Services. When we process Account Information, User Content, and Technical Information solely to provide our Services to you, this information is necessary to be able to provide our Services. If you do not provide this information, we may not be able to provide our Services to you.
  • Our legitimate interests in protecting our Services from abuse, fraud, or security risks. This may include the processing of Account Information, User Content, Social Media Information, and Technical Information.
  • Your consent when we ask for your consent to process your personal information for a specific purpose that we communicate to you. You have the right to withdraw your consent at any time.
  • Compliance with our legal obligations when we use your personal information to comply with applicable law or when we protect our or our affiliates', users', or third parties' rights, safety, and property.

Data Transfers. Where required, we will use appropriate safeguards for transferring personal information outside of certain countries. We will only transfer personal information pursuant to a legally valid transfer mechanism.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal, regulatory, or operational requirements, our practices, and other factors. When we do, we will post an updated version on this page and update the "Updated" date, unless another type of notice is required by applicable law. We encourage you to review this Privacy Policy periodically. Your continued use of the Services after any changes constitutes your acceptance of those changes.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Konko AI, Inc.Email: privacy@konko.ai

For support-related inquiries, please contact support@konko.ai.

SOC II Certified
FunctionalitySuccess storiesTestimonialsAbout usBlog
© 2024 Konko AI Inc
Terms of ServicePrivacy Policy