Privacy Policy

1. Overview

MedFlow AI ("we," "us," "our," or the "Company") is committed to protecting the privacy and security of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and otherwise handle your information in connection with our appointment management platform.

2. HIPAA Compliance

MedFlow AI is designed to comply with the Health Insurance Portability and Accountability Act (HIPAA) and its associated regulations. We maintain safeguards to ensure the confidentiality, integrity, and availability of all protected health information (PHI) that we handle on behalf of healthcare providers.

3. Information We Collect

We collect the following types of information:

• Personal Information: Name, phone number, email address, date of birth
• Health Information: Appointment details, medical practice information, appointment history
• Communication Data: SMS messages, email messages, appointment confirmations and reminders
• Technical Data: IP address, device type, browser type, usage analytics (non-personal)

4. How We Use Your Information

We use the information we collect to:

• Schedule, confirm, and manage your healthcare appointments
• Send appointment reminders via SMS and email
• Process appointment rescheduling requests
• Communicate with you regarding appointment changes or cancellations
• Improve and maintain our platform
• Comply with legal and regulatory obligations
• Prevent fraud and enhance security

5. Data Sharing & Third Parties

We only share your information with third-party service providers who assist us in operating our platform and providing services to you. These include:

• Twilio: SMS delivery and inbound message handling
• Email Providers: For appointment reminder emails
• Google Calendar / Microsoft Outlook: If you connect your calendar (optional)
• Cloud Infrastructure Providers: For secure data storage and processing

All third-party providers are contractually obligated to maintain the confidentiality and security of your information.

6. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption of data in transit (SSL/TLS) and at rest
• Secure database access controls and authentication
• Regular security audits and penetration testing
• Access restrictions to authorized personnel only
• Secure deletion of data when no longer needed

7. Patient Rights & Opt-Out

You have the right to:

• Opt out of SMS reminders: Reply STOP to any text message
• Opt out of email reminders: Click unsubscribe in any email from MedFlow AI
• Access your information: Contact your healthcare provider
• Request corrections: Notify your provider of any inaccuracies

8. Data Retention

We retain appointment and reminder data for as long as it is necessary to provide our services and comply with applicable laws. Health information is typically retained for the duration of the provider-patient relationship plus any legally required retention period. Patients can request deletion of their data by contacting their healthcare provider.

9. Children's Privacy

MedFlow AI is not directed to individuals under the age of 18. If we become aware that a child has provided us with information, we will promptly delete such information and notify the responsible parent or guardian.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes via email or prominent notice on our website. Your continued use of MedFlow AI following such notification constitutes your acceptance of the updated Privacy Policy.

11. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

• Email: [email protected]
• Address: Houston, TX

If you believe we have violated HIPAA or your privacy rights, you may file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights (OCR). For more information, contact your local OCR office or visit the HHS website.