HIPAA & KanActive AI

KanActive AI Lite is a browser extension that operates entirely on your device. No user content ever leaves your browser or reaches KanActive servers.

Our position under HIPAA

KanActive AI does not qualify as a Business Associate under HIPAA. Because all detection and enforcement happens locally within your browser, KanActive AI never transmits, stores, or processes Protected Health Information (PHI) on any external server.

KanActive AI falls outside the scope of HIPAA's Business Associate definition because it does not receive or handle PHI on behalf of a Covered Entity. There is no server-side processing, no content storage, and no data transmission of any kind for the free Lite tier.

How KanActive AI works

All sensitive data detection — including recognition of PHI patterns such as patient names, diagnosis codes, or insurance information — is performed entirely within the Chrome or Edge extension on your local device. Detection results are never sent to KanActive servers.

KanActive AI does not store, transmit, or have access to any content you type or paste into AI tools. The extension reads and acts on data locally, then discards it. Nothing crosses the internet to our infrastructure.

No Business Associate Agreement required

Because KanActive AI does not act as a conduit for PHI — and goes further by never transmitting content at all — no Business Associate Agreement (BAA) is required or applicable. KanActive AI LLC does not sign BAAs at this time.

Recommendations for healthcare organizations

While KanActive AI's architecture is designed to be privacy-preserving by default, we always recommend that organizations consult with their legal, compliance, or risk management teams before deploying any new tool in a regulated environment. Every organization's compliance posture is different.

Questions

If you have questions about our security stance or compliance posture, please reach out at privacy@kanactiveai.com.