top of page

HealthFlow Privacy Policy

At HealthFlow, we build innovative software that puts patients at the center to make health care delivery fairer for everyone. We want you to have peace of mind, so we treat all your information with respect and keep it secure and only accessible to you and those you give permission, like your health care team.

You can count on us to:

Be open about how we collect and treat your information.

  • Give you a choice about how you use our services – which you can change anytime.

  • Use the “privacy by design” principles, meaning we plan to get it right.

  • Comply with the laws and regulations on handling health care information, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the California Consumer Privacy Act of 2018 (CCPA), the California Privacy Rights Act (CPRA), the Utah Consumer Privacy Act (UCPA), the Connecticut Data Privacy Act (CTDPA), the Virginia Consumer Data Protection Act (VCDPA), and the General Data Protection Regulation (GDPR).


We want everyone to benefit from coordinated and transparent health care. Thank you for trusting us!

If you have questions about the privacy and security of your health care information, please contact us[  at any time.

We want you to have all the information you need at your fingertips! Let us tell you more about how we collect, manage, and share your information.

What is HealthFlow? 

HealthFlow is not a health care provider or a medical group. We are a software company that allows you to control who has your health care information. You can share it when you want to – with doctors, clinicians, your family, or other members of your personal health care team.


Need definitions and terms we use in this policy?

We’ll keep this simple. The following terms appear in our policy, and we want you to know what they mean.


  • Health care entities are medical practitioners or health care facilities, including hospitals, that provide you with health care services. They do not have any financial or legal agreement with us, and they can access your health care information only when you allow it. However, they can share your data in a health care emergency. When they share this information not using the HealthFlow software, they must provide you with their privacy policy.

  • Our applications are HealthFlow CareTeam and HealthFlow Patient App.

  • Our software is how we talk about the HealthFlow platform – it includes all our applications.

  • Personal information is any information related to an identified or identifiable individual, whether you as a patient or a health care provider.

  • Services mean our website (, our platform, or our software.

  • HealthFlow, we, us, or our means HealthFlow, LLC.


Does this privacy policy apply to you?

This privacy policy applies to anyone using our application, software, or services.

When does this privacy policy apply?

  • We collect your information when:

    • you visit our website,

    • you use our software or platform,

    • you connect your device to a mobile application running our application,

    • we communicate with you by email or text message, and

    • you call us.


When does this privacy policy not apply?

This privacy policy does not apply to any website not listed under our services, even if we provide a link to it or it is accessible from our application, software, or platform.


What information do we collect about you?

We collect information that may allow your health care team – and anyone else you grant access to – to identify you personally. We treat this information as personal information, so we encrypt it end-to-end. No one can access your information without your permission, not even us.

The information our platform collects and stores include the following:

  • Personal identifiers – your first name, last name, nickname, phone, email, location site, Health Center ID, and date of birth.

  • Biometric information – your photo.

  • Characteristics of protected Classifications under California, Colorado, Connecticut, Utah, Virginia, United States federal law, or European Union regulation – your sex at birth, sexual orientation, gender identity, age, ethnicity, and race.

  • Identifiable information, related information, description, or information capable of association – your name, username, HealthFlow identifying record number, insurance information, weight, body mass index (BMI), physical description, and any other financial, health, or medical information including heart rate, blood pressure, and chronic health conditions.

  • User-generated or patient-generated health content – health-related information created, recorded, or gathered from you, members of your family, or other caregivers, or devices you have connected to our platform to help you address a health concern.

  • Internet network activity information – details of the computer or mobile device you use to access our services – internet protocol (IP) address, device identification, operating system, device language, browser type, history, search history, and information on any websites, application, or advertisements you have clicked on.

  • Geolocation information – your physical location or movements, local time zone, local time, and information that comes to us from the devices you use to connect to our applications and authorize sharing of your data. We use this information to protect your privacy and comply with the laws and regulations of the country or state where you are located.


How do we collect your personal information?

Most of your personal information is collected directly from you or your health care provider, who enters your information while delivering health services. For example, when you receive a vaccine, your health care provider will enter the date you received the vaccine, which vaccine you received, and any observation notes related to your health.


We may also collect information about you in the following ways:

  • When you have installed our application from a mobile device.

  • When you contact us using our Contact Us Form or by email, phone, or postal mail.

  • When you navigate our website and application – in this case, we automatically collect Google Analytics, Mixpanel, cookies, and web beacons. We use Google Analytics and Mixpanel to help analyze how users use our services. You can get more information or opt out by visiting Google Analytics or Mixpanel.[KP2]  Each type of web browser provides ways to restrict or delete cookies. Cookies are small bits of data, called text files, that sit on your computer. They tell us how you use our software and services. They can also tell us about other websites you visited before ours or what website you chose to visit after ours.

How and with whom do we share your personal information?

We believe that your personal information is yours – always. We appreciate you trusting us to hold that information so we can help you get better access to health care. We will never sell your information, but we may share it with these people in these circumstances:

  • Law enforcement or regulatory investigators. We will share your fully encrypted personal health information when we are legally required to do so. Law enforcement or regulatory investigators may still need to contact you since the technology prevents us from unencrypted and sharing your information without consent. Suppose we detect a threat to our services associated with your account or device. In that case, we may report it to law enforcement to ensure the security of our services.  

  • Your health care provider, a family member, or an individual or agency you identify. Suppose you agree directly or through a Power of Attorney or a Medical Directive, which can be provided by a third-party service such as Advanced Directive Vault. In that case, we may share your information, including information collected from your mobile device.

  • Federal or state health care agencies. If you give us permission, we may provide information that does not personally identify you around vaccine delivery and general health care patterns.

  • Newsletter. If you give us permission, we may send you a newsletter that can help improve your health habits.


How do we protect your personal information?

We follow all required technical and organizational security measures. Then we do more. Your personal information is important to us, so we don’t stop at just the minimum. Instead, we:

  • Categorize and classify your file system to identify and tag sensitive personal health information (PHI).

  • Use encryption technology (SSL and SCRAM) to transfer and store your personal information.

  • Limit access to your personal information only to those health care providers you select.

  • Track access permission for each user and ensure that we host your information and that the data centers comply with our specified physical and information security standards.

  • Host in a location that prevents authorities from accessing your information without your consent and knowledge.


While we always do our best to keep your personal information safe and private, we cannot guarantee that unauthorized access will never occur since no method of transmitting or storing data is completely secure.


What are your choices about how we share your personal information?

You have the right to:

  • Be informed. You have the right to be given clear, transparent, and easily understandable information about your personal information and rights. This privacy policy is how we are meeting your right to be informed.

  • Access your personal information. You have the right to ask for access to – and a copy of – the personal information about you that we store. You can view your health information if you have created a user account. Or you can ask us to send you a copy of your data.

  • Update your personal information. Suppose we have personal information about you that is wrong or incomplete. In that case, you have the right to correct or complete that information. You can update some information if you have created a user account. Or you can ask us to correct or update your data. Please do not email us your health information, though, as it is not secure.

  • Withdraw consent. You have the right to stop us from using your personal information at anytime. You don’t have to give a reason, and it does not affect the legality of anything we did before when we had your consent.

  • To delete your personal information (also known as the right to be forgotten). You have the right to delete your account and personal data at anytime. You don’t have to give a reason. If you ask us to delete your account, please note that you will no longer have access to our services. Also, if we are legally required to keep your information or use it to defend legal claims, we may keep it even if you have asked us to delete it.

  • Restrict the use of your personal information. Under certain circumstances, you have the right to restrict the use of your personal information. However, suppose you ask us to limit our use of your personal information. In that case, you may not have access to our software or services.

  • Transfer your personal information. You have the right to get a copy of your personal information in a format readable by a machine, such as a computer. This allows you to transfer the data to another business or individual.

  • Object to the use of your personal information. You have the right to ask us any time to stop using your data for things like marketing or improving our services.

  • Not be subject to a decision based solely on automated decision-making. You have the right to ask us not to use your information to make recommendations for day-to-day operational processes or to supply you with culturally aligned patient support, such as offering you clinics with specific knowledge or background.


Please contact us if you want to exercise any of your rights. We might ask you to provide proof of your identity before we can answer your request.


How do we use your personal information?

We may use your personal information to:

  • Allow you, or those you authorize, to access and manage your health care information via our services.

  • Provide you with information and services that you ask for or that a health care provider or Ambassador you’ve interacted with thinks you’d be interested in.

  • Notify you about your information or your account.

  • Notify you about changes to our services, this privacy policy, or the Terms of Use.

  • Secure, operate, maintain, administer, and improve our application, software, or services, including performance and effectiveness analysis.

  • Send you newsletters on how to improve your health.

  • Send anonymized information (that doesn’t identify you as an individual) on health care trends to federal or state health care agencies.

  • Protect our software and services from an information breach, cooperate with law enforcement if compelled by court order, or prevent loss of life or other public safety concern.

  • Contact you if you have given us permission to do so.


We may contact you by email, phone, text, or postal mail, depending on how you have told us we can reach you.


What else should you know if you are a California resident?

We may disclose personal information to another business, but only in a fully encrypted format and if it is necessary for the management or delivery of our services to you. If we do this, we sign a contract that describes the purpose and requires the person or organization receiving the personal encrypted information to keep it confidential and not use it for any purpose except that specified in the agreement.


What should you know if you are a child or a child under your care is using HealthFlow?

We do not directly collect information from children under 13 because our platform is not designed to support those under 13. Please get in touch with us if you believe that we have collected personal information from a child under 13.


We allow children aged 13 to 18 to use our application or services only if agreed by a parent or guardian – that parent or guardian must create the child’s account through their own adult account.


What else should you know about your privacy rights and how we do business?

HealthFlow LLC is a U.S. corporation. The servers that support our services are in the United States. While it is in our possession, your information is fully encrypted and stored in our databases or in databases maintained by our third-party service providers on servers and data storage devices located in the U.S. U.S. data protection laws may not provide as much protection as the data protection laws in force in some other countries. However, we will process your information following this policy no matter where your data is stored. If you are in a country outside the U.S., by using our services, you consent to transferring your information to the U.S.


Under which laws is this policy governed?

This policy is governed under the laws of the State of Virginia.



bottom of page