Privacy Policy

Plain English summary: MedFlow CRM collects information you give us and information about how you use our platform. We use it to provide and improve our service. We do not sell your personal data. Ever.

1. Overview

MedFlow CRM ("MedFlow," "we," "us," or "our") operates the MedFlow CRM platform and associated services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our Service.

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please discontinue use of the Service.

This policy applies to business customers (clinic owners, practice managers, and their staff) who subscribe to or use MedFlow CRM. It does not govern how our customers use MedFlow tools to collect and manage their own patient data — that is governed by each customer's own privacy practices and applicable healthcare law.

2. Information We Collect

Information you provide directly

Account information: Name, business name, email address, phone number, billing address, and password when you register.
Payment information: Credit card and billing details processed securely through Stripe. We do not store full card numbers on our servers.
Communications: Messages you send us via email, support tickets, or demo requests.
Practice data: Information you enter into MedFlow CRM, including contact records, appointment data, and automation configurations.

Information collected automatically

Usage data: Pages visited, features used, time spent, clicks, and navigation patterns within the platform.
Device and browser data: IP address, browser type and version, operating system, screen resolution, and referring URLs.
Cookies and similar technologies: Session cookies, preference cookies, and analytics cookies. See Section 5 for details.
Log data: Server logs including access times, error logs, and API call records.

Information from third parties

We may receive limited information from integration partners (such as Google Business Profile, Stripe, or calendar tools) when you connect those services to your MedFlow account. We only receive data necessary to enable the integration.

3. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve the MedFlow CRM Service
Process transactions and send related information including purchase confirmations and invoices
Send technical notices, updates, security alerts, and support messages
Respond to your comments, questions, and customer service requests
Monitor and analyze usage trends to improve user experience
Detect and prevent fraudulent or unauthorized use of the Service
Comply with legal obligations
Send promotional communications (only with your consent, and you can opt out at any time)

We do not use your data to train AI models, sell to advertisers, or share with data brokers.

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

Service providers: Trusted third-party vendors who assist us in operating the Service (hosting, payment processing, email delivery, analytics). These vendors are contractually bound to use your data only to provide services to us.
Legal requirements: If required by law, court order, or government authority, or to protect the rights, property, or safety of MedFlow, our users, or the public.
Business transfers: In connection with a merger, acquisition, or sale of all or substantially all of our assets, with advance notice to you.
With your consent: For any other purpose with your explicit consent.

5. Cookies and Tracking

We use the following types of cookies:

Essential cookies: Required for the Service to function (session authentication, security tokens). Cannot be disabled.
Preference cookies: Remember your settings and preferences (language, display options).
Analytics cookies: Help us understand how you use the Service (page views, feature usage). We use privacy-respecting analytics tools.

You can control cookies through your browser settings. Disabling certain cookies may affect functionality of the Service.

6. Data Retention

We retain your account information for as long as your account is active or as needed to provide the Service. If you cancel your account, we will delete or anonymize your personal data within 90 days, except where we are required by law to retain it longer.

Practice data (contact records, automation history) is retained for 90 days post-cancellation to allow for data export, then permanently deleted.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate or incomplete data.
Deletion: Request deletion of your personal data (subject to legal retention requirements).
Portability: Request your data in a machine-readable format.
Objection: Object to certain processing activities.
Opt-out of marketing: Unsubscribe from marketing emails at any time using the link in any email or by contacting us.

To exercise any of these rights, contact us at privacy@medflowcrm.com. We will respond within 30 days.

8. Security

We implement industry-standard security measures including SSL/TLS encryption, secure data centers, access controls, and regular security audits. However, no method of transmission over the internet is 100% secure. We encourage you to use a strong, unique password for your MedFlow account.

In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

9. Children's Privacy

The Service is intended for business use by adults only. We do not knowingly collect personal information from anyone under the age of 18. If we learn that we have collected personal data from a minor, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated effective date, and by sending an email notification to your registered address at least 14 days before changes take effect.

Your continued use of the Service after changes become effective constitutes your acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

MedFlow CRM
Columbus, Ohio, United States
Email: privacy@medflowcrm.com
Support: hello@medflowcrm.com