Privacy Policy
Last updated 9 June 2026
This policy explains what information MedFlow collects, how we use it, and the choices you have.
1. What we collect
We collect the details you give us when you create an account or make a booking. For patients that includes your name, contact details and the services you book. For staff it includes your name, contact details and role. Because MedFlow supports diagnostics, some booking and report information relates to your health.
2. How we use it
We use your information to run the platform: to let organizations take and manage bookings, to assign sample collection, to prepare and deliver reports, to handle billing, and to keep your account secure. We also use it to support you and to improve how MedFlow works.
3. Keeping organizations separate
MedFlow is multi tenant. Each organization can only see the patients, bookings and reports that belong to it. Your data is not shared between unrelated organizations.
4. Who we share it with
We share your information with the organization you book with, since they provide the service. We also use trusted service providers, for example for hosting, email and storage, who process data on our behalf under contract. We do not sell your personal information.
5. How we protect it
We protect data with access controls and encryption. Sensitive values such as gateway keys and passwords are encrypted or hashed, and are never shown again after you save them. No system is perfectly secure, so we also rely on you to keep your login safe.
6. Your choices
You can view and update your profile and addresses from your account. You can ask us to correct or delete your information, subject to records we are required to keep for legal or medical reasons.
7. How long we keep it
We keep your information for as long as your account is active and for as long as needed to provide the service, resolve disputes, and meet legal obligations.
8. Contact
Questions about your privacy? Write to privacy@medflow.verydash.com.