Privacy Policy
This Privacy Policy describes how Kyoji Health (“Kyoji”, “we”, “us”, or “our”) handles personal data in connection with the Kyoji Health marketing website at kyojihealth.com (the “Site”). It applies to visitors, prospective clients, and people who contact us through the Site or our scheduling partner. The Kyoji Creators marketing site at ugc.kyojihealth.com has its own privacy notice that applies to creator applicants and visitors there.
Not medical advice; informational use
Disclaimer: This site does not provide medical advice, diagnosis, or treatment, and nothing here replaces advice from a qualified health professional. Do not disregard or delay medical advice because of something you read here. Automated or AI-assisted content may contain errors; verify important health-related information with a professional. See our Disclaimers for the full statement.
Creator marketplace
Kyoji operates a creator marketplace (including Kyoji Creators). Kyoji does not own creator deliverables for clients, and final approval of creative work rests with the client unless otherwise agreed in writing. To the maximum extent permitted by law, Kyoji is not responsible for creator-generated content. See our Disclaimers for details.
1. Data controller
The controller responsible for personal data described in this policy is Kyoji Health, established in Portugal. For privacy requests, contact isauraconsulting@gmail.com.
2. Personal data we collect
2.1. You provide directly
- Contact details you submit, such as your name, email, phone number, and company information.
- Scheduling and intake details submitted through our booking or contact partners.
- Messages and attachments you send us by email or through other channels you initiate.
- Any additional information you choose to provide in forms or direct communications.
2.2. Collected automatically
- Technical data such as IP address, device type, browser, approximate region derived from IP, and pages or features used on the Site.
- Cookies and similar technologies (see Section 6). We may use analytics tools to understand aggregate traffic and improve the Site.
2.3. From partners
- When you complete a form hosted by a third party (such as a scheduling tool or contact form), that provider processes your responses on our behalf or as an independent controller under their terms. We receive the data they route to us.
3. How we use personal data
- To respond to inquiries and provide requested services.
- To schedule and manage strategy calls or client onboarding.
- To improve Site performance, content, and user experience.
- To secure the Site, prevent fraud and abuse, and enforce our terms.
- To comply with legal, tax, and regulatory obligations.
4. Legal bases (EEA, UK, and similar jurisdictions)
Where GDPR-style rules apply, we rely on:
- Legitimate interests — running the Site, security, fraud prevention, marketing our services to businesses, and understanding aggregate use, balanced against your rights.
- Consent — where required for non-essential cookies or marketing communications you opt into.
- Contract / pre-contract — processing needed to evaluate or perform a services engagement with you or your organization.
- Legal obligation — where we must retain or disclose information to meet regulatory, tax, or law-enforcement requirements.
5. How we share information
We may share personal data with:
- Service providers who assist us (for example, hosting, analytics, scheduling, email, and communications), under contracts that limit use to providing services to us.
- Professional advisers (lawyers, accountants) where needed.
- Authorities when required by law or to protect Kyoji, users, or the public.
- Corporate transactions — in connection with a merger, acquisition, financing, reorganization, sale of assets, or insolvency, in which case we will require recipients to honor this policy or notify you of material changes.
We do not sell your personal information as “sale” is defined under U.S. state privacy laws, and we do not share it for cross-context behavioral advertising in ways those laws treat as “sale” or “sharing”.
6. Cookies and analytics
We use cookies and similar technologies that are strictly necessary for the Site to function, and, where allowed, analytics cookies (Google Analytics) to understand traffic. Where required by law, we use a cookie banner and Google Consent Mode so you can accept or reject non-essential cookies. See our Cookie Policy for details. You can also control cookies through your browser settings.
7. International transfers
We may process data in the United States and other countries. Where we transfer personal data from the EEA, UK, or Switzerland, we use appropriate safeguards such as Standard Contractual Clauses or other mechanisms approved by regulators.
8. Data retention
We keep personal data only as long as needed for the purposes above:
- Lead and prospect data — for as long as is reasonably necessary to evaluate or pursue a potential engagement, plus a reasonable period afterward.
- Client records and communications — for the duration of the engagement and a reasonable period afterward, unless a longer period is required for legal claims or compliance.
- Marketing and analytics logs — for shorter periods defined in our tools' settings, unless a longer retention is justified by security or law.
- Tax and finance records — as long as applicable law requires.
9. Your rights
Depending on where you live, you may have the right to access, correct, delete, restrict, or port your personal data, and to object to certain processing. You may also have the right to lodge a complaint with a supervisory authority — for Portuguese residents, the Comissão Nacional de Proteção de Dados (CNPD) at cnpd.pt; for other EEA/UK residents, your local data protection authority. To exercise rights, email isauraconsulting@gmail.com. We may need to verify your identity before completing your request and will respond within the timeframes required by applicable law (often within 30 days for GDPR requests, subject to extension for complex requests).
California residents. If you are a California resident, you have additional rights under the CCPA/CPRA, including the right to know, delete, correct, and limit use of sensitive personal information, and the right not to receive discriminatory treatment for exercising those rights. You may use an authorized agent to submit a request; we may require the agent to provide proof of authorization and may require you to verify your identity directly. See our Data deletion page for how to submit a deletion request.
10. Security
We maintain reasonable administrative, technical, and physical safeguards designed to protect personal data against loss, misuse, and unauthorized access, disclosure, alteration, or destruction. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
11. Children's privacy
The Site is intended for business users and is not directed to children under 16 (or the age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have, contact us and we will delete it.
12. Do Not Track
Some browsers offer a “Do Not Track” setting. Because there is no universal standard for responding to these signals, this Site may not respond to all Do Not Track requests.
13. Updates to this Policy
We may update this policy periodically. Material changes will be reflected by updating the effective date on this page. Where we have your contact details and changes are material, we may also notify you by email.
14. Contact
For questions about this policy or your personal data, contact here. To request deletion of personal data, see our Data deletion page.