Flowline Health Privacy Policy
Effective Date: 2025-08-15
Last Updated: 2025-08-15
1. Introduction
Flowline Health ("we," "our," or "us") is committed to protecting the privacy and security of your
personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard
your information when you use our patient engagement platform and related services
(collectively, the "Services").
This policy applies to all users of our Services, including healthcare providers, their staff, and
patients who interact with our platform.
2. Information We Collect
2.1 Personal Information
We may collect the following types of personal information:
From Healthcare Providers:
● Contact information (name, email, phone number, address)
● Professional credentials and license information
● Organization and practice information
● Billing and payment information
From Patients (through Healthcare Provider interactions):
● Basic demographic information
● Health information as provided by healthcare providers
● Communication preferences
● Engagement metrics and interaction data
2.2 Technical Information
We automatically collect certain technical information, including:
● IP addresses and device identifiers
● Browser type and version
● Operating system information
● Usage patterns and analytics data
● Log files and access times
● Cookies and similar tracking technologies
2.3 Communications
We may collect information from communications between you and us, including:
● Customer support inquiries
● Feedback and survey responses
● Email communications and responses
3. How We Use Your Information
We use the collected information for the following purposes:
3.1 Service Provision
● Delivering and maintaining our patient engagement platform
● Facilitating communication between healthcare providers and patients
● Providing customer support and technical assistance
● Processing payments and managing accounts
3.2 Improvement and Analytics
● Analyzing usage patterns to improve our Services
● Developing new features and functionality
● Conducting research and analytics
● Ensuring platform security and preventing fraud
3.3 Communication
● Sending service-related notifications and updates
● Providing customer support responses
● Sharing important policy or service changes
● Marketing communications (with consent where required)
3.4 Legal and Compliance
● Complying with applicable laws and regulations
● Responding to legal requests and court orders
● Protecting our rights and preventing misuse of our Services
● Ensuring HIPAA compliance where applicable
4. Information Sharing and Disclosure
No mobile information will be shared with third parties/affiliates for marketing/promotional
purposes. All other categories exclude text messaging originator opt-in data and consent; this
information will not be shared with any third parties. We do not sell, trade, or rent your personal
information to third parties. We may share your information in the following circumstances:
4.1 Service Providers
We may share information with trusted third-party service providers who assist us in operating
our Services, including:
● Cloud hosting and data storage providers
● Payment processing services
● Analytics and monitoring services
● Customer support platforms
All service providers are contractually bound to maintain confidentiality and security standards.
4.2 Healthcare Provider Networks
When authorized by healthcare providers, we may share patient engagement data within their
approved networks to facilitate coordinated care.
4.3 Legal Requirements
We may disclose information when required by law, including:
● Compliance with court orders or legal processes
● Response to government investigations
● Protection of our legal rights and interests
● Prevention of fraud or security threats
4.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, user information may be transferred as
part of the business transaction, subject to confidentiality agreements.
5. HIPAA Compliance
5.1 Business Associate Status
When we process protected health information (PHI) on behalf of healthcare providers, we act
as a Business Associate under HIPAA. We maintain appropriate administrative, physical, and
technical safeguards to protect PHI.
5.2 Patient Rights
Patients have rights regarding their health information, including:
● Right to access their information
● Right to request amendments
● Right to accounting of disclosures
● Right to request restrictions on use and disclosure
For questions about PHI or to exercise these rights, patients should contact their healthcare
provider directly.
6. Data Security
We implement comprehensive security measures to protect your information, including:
6.1 Technical Safeguards
● Encryption of data in transit and at rest
● Secure authentication and access controls
● Regular security assessments and monitoring
● Intrusion detection and prevention systems
6.2 Administrative Safeguards
● Employee training on privacy and security
● Access controls and role-based permissions
● Incident response and breach notification procedures
● Regular policy reviews and updates
6.3 Physical Safeguards
● Secure data center facilities
● Environmental controls and monitoring
● Secure disposal of hardware and media
● Restricted physical access controls
7. Data Retention
We retain personal information for as long as necessary to provide our Services and comply
with legal obligations:
● Account Information: Retained for the duration of the business relationship plus
applicable legal requirements
● Health Information: Retained according to healthcare provider requirements and
applicable laws
● Technical Data: Typically retained for 12-24 months unless required longer for security
or legal purposes
● Communications: Retained for customer support and legal compliance purposes
8. Your Privacy Rights
Depending on your location, you may have certain rights regarding your personal information:
8.1 General Rights
● Access: Request access to your personal information
● Correction: Request correction of inaccurate information
● Deletion: Request deletion of your information (subject to legal requirements)
● Portability: Request transfer of your information
● Objection: Object to certain processing activities
8.2 Marketing Communications
You may opt out of marketing communications at any time by:
● Using the unsubscribe link in emails
● Contacting us directly at [privacy@flowlinehealth.com]
● Updating your communication preferences in your account
8.3 Cookies and Tracking
You can control cookies through your browser settings, though this may affect platform
functionality.
9. Children's Privacy
Our Services are not designed for or directed at children under 13. We do not knowingly collect
personal information from children under 13. If we become aware of such collection, we will
promptly delete the information.
10. International Data Transfers
If we transfer your personal information internationally, we ensure appropriate safeguards are in
place, including:
● Adequacy decisions by relevant authorities
● Standard contractual clauses
● Binding corporate rules
● Other approved transfer mechanisms
11. Third-Party Links and Services
Our Services may contain links to third-party websites or integrate with third-party services. This
Privacy Policy does not apply to such third parties. We encourage you to review their privacy
policies before providing any information.
12. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal
requirements. We will:
● Post the updated policy on our website
● Notify users of material changes via email or platform notifications
● Maintain the effective date at the top of the policy
Continued use of our Services after changes constitutes acceptance of the updated policy.
13. Contact Information
For questions, concerns, or requests regarding this Privacy Policy or your personal information,
please contact us:
Flowline Health
Privacy Officer
Email: andrew@flowlinehealth.com
Phone: (385) 214-0470
For HIPAA-related inquiries, patients should first contact their healthcare provider.
14. State-Specific Rights
14.1 California Residents (CCPA)
California residents have additional rights under the California Consumer Privacy Act, including
the right to know about personal information collected, sold, or disclosed, and the right to opt out
of the sale of personal information.
14.2 Other State Laws
We comply with applicable state privacy laws and will update this policy as new regulations take
effect.
This privacy policy is designed to be comprehensive but should be reviewed by legal counsel to
ensure compliance with all applicable laws and regulations specific to your business operations
and jurisdictions.