Privacy Policy

Last updated: April 2025

1. Introduction

FlowMediData ("we", "us", or "our") provides a remote health monitoring platform that connects patients and healthcare providers through wearable device data. This Privacy Policy explains how we collect, use, store, and share your personal and health information when you use our mobile application or provider web platform (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Service.

2. Information We Collect

Account Information

When you register, we collect:

  • Name and email address
  • Date of birth, biological sex (if provided)
  • Role (patient or healthcare provider)

Health and Wearable Data

With your explicit consent, we collect health data from connected wearable devices and fitness applications (such as Apple Health, Samsung Health, Fitbit, Garmin, Oura, and Withings) via the Terra API integration. This data may include:

  • Heart rate, resting heart rate, and heart rate variability (HRV)
  • Blood oxygen saturation (SpO2)
  • Blood pressure and blood glucose (where supported by device)
  • Step count, distance, floors climbed, active minutes, and calories burned
  • Sleep duration, sleep stages, and sleep efficiency
  • Body weight, BMI, body fat percentage, and body composition
  • Body temperature and respiratory rate
  • VO2 max, elevation gain, and swimming metrics
  • Nutrition and food intake data (where provided by connected apps)

Usage Information

We may collect information about how you use the Service, including log data, device identifiers, and interaction events, for the purpose of improving the platform.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Display your health data to your assigned healthcare provider
  • Generate automated health insights and alerts to support clinical review
  • Enable providers to add clinical notes and track patient progress
  • Send you notifications about your health data where you have opted in
  • Improve the Service through aggregated, de-identified analytics
  • Comply with legal and regulatory obligations

We do not use your health data for advertising, profiling for commercial purposes, or sale to third parties.

4. How We Share Your Information

Your Healthcare Provider

Your health data is shared with the healthcare provider or clinical team that has enrolled you in the Service. You consent to this sharing when you register as a patient.

Third-Party Service Providers

We work with the following third-party services to operate the platform:

  • Terra API — processes wearable data from connected device platforms on our behalf. Terra acts as a data processor under appropriate data processing agreements.
  • Amazon Web Services (AWS) — hosts our application servers and database infrastructure. Data is processed and stored within secured cloud environments with encryption at rest and in transit.

We do not sell, rent, or trade your personal or health information with any other third parties.

Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal requests by public authorities.

5. Data Security

We implement industry-standard security measures to protect your information, including encryption of data in transit (TLS) and at rest. Access to patient data is restricted to authenticated and authorised providers only.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Data Retention

We retain your personal and health data for as long as your account is active or as needed to provide the Service. If you request account deletion, we will delete or anonymise your data within 30 days, except where retention is required by law.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Withdraw consent at any time (this may affect your ability to use the Service)
  • Lodge a complaint with your local data protection authority

To exercise any of these rights, please contact us at the address below.

8. Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the date at the top of this page. Continued use of the Service after changes constitutes acceptance of the revised policy.

10. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us at:

FlowMediData

Email: privacy@flowmedidata.com