Privacy Policy

Effective Date: March 2026 | Version: 1.0 | Operator: KNL Enterprises LLC | Contact: [email protected]

KNL Enterprises LLC ("KNL," "we," "us," or "our") operates the Medicare Laws Expert platform at medicarelaws.app (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect information about you when you visit our website or use our authenticated research application.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

1.1 Information You Provide Directly

Account registration: Name, email address, organization name, job title, and password when you create an account.
Contact and inquiry forms: Name, email, and message content submitted through any contact form on the public site.
Billing information: Payment card information and billing address, processed by our third-party payment processor. We do not store full payment card numbers.
Research queries: Text and content you submit to the Application for AI-powered research. See Section 4 for AI provider data handling.

1.2 Information Collected Automatically

Log data: IP address, browser type and version, pages visited, time and date of visits, time spent on pages, and referring URLs.
Device information: Device type, operating system, and unique device identifiers.
Usage data: Features used, queries submitted (metadata only, not content), session duration, and error logs within the Application.
Cookies and tracking technologies: See Section 6 for full cookie disclosure.

1.3 Information We Do Not Collect

DO NOT SUBMIT: We do not knowingly solicit or intend to collect Protected Health Information (PHI), Social Security numbers, financial account numbers, or other sensitive personal data through the Service. Do not submit such information in any query, form, or input field.

2. How We Use Your Information

Purpose	Data Used	Legal Basis
Provide and operate the Service	Account data, query content, usage data	Contract performance
Process AI research queries	Query text, account identifier	Contract performance
Billing and payment processing	Billing info, account data	Contract performance
Security and fraud prevention	Log data, device info, access logs	Legitimate interest
Service improvement and analytics	Aggregated usage data (de-identified)	Legitimate interest
Legal compliance	Any data required by law	Legal obligation
Communications (service notices, updates)	Email address	Contract / legitimate interest
Marketing (with your consent)	Email address, name	Consent (opt-in only)

We do not sell your personal information. We do not use your research query content for marketing purposes. We do not use your data to train AI models without your explicit consent.

3. Third-Party Service Providers

3.1 AI Model Providers

When you submit research queries through the Application, your query content is transmitted to one or more third-party AI providers for processing. Current providers and their privacy documentation:

Provider	Model	Privacy Policy	Data Use
Anthropic PBC	Claude	anthropic.com/legal/privacy	API processing only; governed by Anthropic API data policies
Google LLC	Gemini	policies.google.com/privacy	API processing; Google Cloud / Vertex AI data terms apply

Each provider processes data transmitted via their APIs according to their own privacy policies and any applicable data processing agreements maintained by KNL Enterprises LLC. Do not submit PHI or sensitive personal data in queries.

3.2 Service Providers

We may share information with trusted service providers who assist us in operating the Service, including:

Payments: Stripe
Hosting: OVH / Hetzner cloud infrastructure
Authentication and access control: Cloudflare Zero Trust
Email delivery services
Analytics: None currently in use

These providers are contractually bound to protect your data and use it only as directed by KNL Enterprises LLC.

3.3 Legal Requirements

We may disclose information if required by law, court order, or government authority, or to protect the rights, property, or safety of KNL Enterprises LLC, our users, or the public.

3.4 Business Transfers

If KNL Enterprises LLC is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

4. AI-Generated Content & Data Handling

How your research queries are handled: When you submit a query to the Application, that text is sent to one or more AI provider APIs listed in Section 3.1. KNL Enterprises LLC does not permanently store your raw query content beyond what is necessary for session logging and system security. We do not use your query content to train AI models.

Each AI provider's treatment of API input data varies. As of the effective date of this policy:

Anthropic: API inputs are not used to train models by default under their API terms.
Google (Gemini API / Vertex AI): Data handling depends on which API endpoint is used; review Google's Cloud data processing terms.

These policies are subject to change by each provider. We recommend reviewing each provider's current terms. If data processing commitments are material to your organization's use, contact us to discuss enterprise agreements.

5. Data Retention

Data Type	Retention Period
Account information	Duration of account + 3 years after closure
Session and access logs	90 days rolling
Query metadata (not content)	12 months
Billing records	7 years (tax/accounting requirement)
Support communications	3 years
Legal hold data	Until hold is released

6. Cookies and Tracking Technologies

We use the following categories of cookies and similar technologies:

Category	Purpose	Examples	Can Opt Out?
Strictly Necessary	Authentication, session management, security, Zero Trust access	Session tokens, CSRF tokens, ZT access cookies	No — required for operation
Functional	Remember preferences, TOS acceptance version, UI settings	tos_version, theme_pref	No — required for account features
Analytics	Understand usage patterns, improve the Service (de-identified)	Analytics platform cookies	Yes — via cookie banner
Marketing	Track effectiveness of marketing (public site only)	Ad platform pixels (if used)	Yes — via cookie banner

You can manage cookie preferences through our Cookie Consent banner displayed on your first visit to the public site. You can also control cookies through your browser settings, though this may affect Service functionality.

7. Data Security

We implement commercially reasonable technical and organizational measures to protect your personal information, including:

Zero Trust Network Access (ZTNA) for all authenticated application access
TLS encryption for all data in transit
Encryption at rest for sensitive stored data
Access logging and monitoring
Role-based access controls for KNL personnel
Regular security assessments

No security system is perfect. In the event of a data breach affecting your rights and freedoms, we will notify you as required by applicable law.

8. Your Rights and Choices

California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

Know what personal information we collect, use, disclose, and sell;
Delete personal information we hold about you (subject to exceptions);
Correct inaccurate personal information;
Opt out of the sale or sharing of personal information (we do not sell personal information);
Non-discrimination for exercising your rights.

To exercise these rights, contact us at [email protected].

All Users

Access: Request a copy of personal information we hold about you.
Correction: Request correction of inaccurate information.
Deletion: Request deletion of your account and associated data (subject to retention requirements above).
Marketing opt-out: Unsubscribe from marketing emails at any time via the unsubscribe link or by contacting us.
Cookie opt-out: Manage analytics cookies via cookie banner or browser settings.

9. Children's Privacy

The Service is intended for professionals and is not directed to persons under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us immediately.

10. Third-Party Links

The Service may contain links to government websites, regulatory agencies, and other third-party sites. This Privacy Policy does not apply to those sites. We encourage you to review the privacy policies of any third-party site you visit.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page with a new effective date. For material changes, we will provide additional notice (such as email notification to registered users). Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.

12. Contact Us

For privacy-related questions, requests, or concerns:

KNL Enterprises LLC
Privacy/Legal Department
Email: [email protected]
Web: knl.enterprises

We will respond to privacy requests within 30 days of receipt.