Effective as of August 1, 2025
The websites flo.health, app.flo.health, and other related pages (the “Website”) are operated by Flo UK Limited. Web application and other related pages (the “Web Application”) are also operated by Flo UK Limited (hereinafter “Flo”).
At Flo, your digital safety matters a lot to us, as well as your health and well-being. Transparency is fundamental in building trustworthy relationships with you. In the spirit of transparency, this Policy provides detailed information about how and when we use cookies. This Policy applies to any product or service by Flo that links to this Policy or incorporates it by reference.
Please note that the consent you provide for the use of cookies applies to all domains and subdomains associated with our Website and Flo Services, including but not limited to flo.health, app.flo.health, landing.flo.health, promo.flo.health, and help.flo.health.
What are cookies and similar technologies?
Cookies are small text files that are stored in your web browser that allow us or a third party to recognize you. Cookies are used to store and receive identifiers and other information on computers, phones, and other devices. Cookies can be used to collect, store, and share bits of information, such as IP addresses, about your activities across websites, including on Flo’s Website and Web Application.
However, it’s not only cookies that can be used in this way. Functions performed by a cookie can be achieved by other means, too. This Policy on cookies, therefore, also applies to any similar technology that stores or accesses information on your device. This could include, for example, HTML5 local storage, local shared objects, beacons, pixels, and plug-ins. The single term “cookies” refers to cookies and any similar technologies.
Cookies enable the Website to remember your actions and preferences (such as login, language, font size, and other display preferences) over a period of time, so you don’t have to keep reentering them whenever you come back to the site or browse from one page to another.
What types of cookies do we use?
We use both session cookies and persistent cookies.
A session cookie is used to identify a particular visit to our Website or Web Application. These cookies expire after a short period of time or when you close your web browser after using our Website. We use these cookies to identify you during a single browsing session, and they are deleted automatically once you close your browser.
A persistent cookie will remain on your devices for a set period of time, and the duration will be specified in this Policy. These cookies survive after your browser is closed. For example, we would use a persistent cookie if you asked that we keep you signed in to the Flo service.
Categories of cookies
Cookies can either be “first-party” or “third-party.” First-party cookies refer to cookies that Flo sets and uses directly. Third-party cookies refer to cookies set by third parties (such as our analytics providers) through our Website or via server cookies.
The types of cookies used by us and our partners in connection with the Website can be classified into one of four categories:
(i) Necessary
(ii) Preference
(iii) Statistics
(iv) Marketing
Below, you’ll find general information about each of these categories.
i) Necessary cookies
These cookies are strictly necessary to provide you with the Website and the features you have requested, such as to allow you to log into secure areas of the Website. Because these cookies are essential for the Website and the features you have requested to work, you cannot reject them.
First-party necessary cookies set by Flo
We use first-party cookies for the following essential purposes:
- Functionality: Optimizing and improving access to the Website whilst enabling the identification of a visitor across various subdomains.
- Security: Preventing fraud and detecting nonhuman (bot) traffic, including authentication and secure logins
- Cookie consent: Remembering your cookie consent preferences and sharing such cookie consents across subdomains to improve user experience
- Analysis: Traffic scheduling and network distribution
- Billing: The ability to make payments
Third-party necessary cookies are set by our partners: See the table below.
As explained above, these cookies are strictly necessary to operate our Websites and cannot be declined. Some of these cookies have a maximum duration of 24 months.
(ii) Preference
Functionality cookies record information you enter or choices you make, such as your language preference for the Website.
First-party preference cookies set by Flo
We use first-party cookies for the following purpose:
- Localization: remembering the country from which you visit the Website(s) and your language preferences
Some of these cookies have a maximum duration of 24 months.
Third-party cookies (set by our partners): None for this purpose.
(iii) Statistics
We use analytics and performance cookies to analyze how you use the Website. This helps us to:
- See which pages you view most often
- Analyze which region you are visiting the Website from
- Observe how you interact with the content
- Measure any errors that occur
- Test different design ideas
The above information is used to report and evaluate your activities and patterns as a user of the Website.
First-party statistics cookies set by Flo:
We use first-party cookies for analytics and web optimization purposes. Some of these cookies have a maximum duration of 13 months.
Third-party statistics cookies (set by our partners): See the cookies table below.
(iv) Marketing
These cookies help us reach you and more people like you to spread the word about the App, as well as analyze whether we do that effectively. Flo does not use cookies to collect or analyze your health information for marketing purposes.
Some marketing tools may operate server-side and do not set a cookie directly in your browser. These are only activated after you provide consent.
First-party marketing cookies set by Flo
We use marketing cookies to analyze and improve our marketing campaigns. This helps us to:
- Improve our marketing campaigns, including tracking ad conversions
- Identify paid search keywords
- Identify the source of traffic to the Website, such as search engine, social media, or specific website
- Analyze which region you are visiting the Website from
- See how you interact with the content
Third-party marketing cookies (set by our partners): See the cookies table below.
What cookies do we use?
Our cookie table lists cookies on our Website and Web Application. Please note that the names of cookies may change over time. We also may use certain cookies on only a limited number of pages that you visit on our Website and Web Application to avoid unnecessary collection of your personal data. Please note that our cookies do not process any personal health data.
Necessary | |||
Provider | Cookie Name | Description | Expiration |
Flo | user_id | Flo.health cookie that preserves users’ session state across page requests | Session |
Flo | session_id | Flo.health cookie that preserves users’ selections across page requests | Session |
Flo | visitor_id | Preserves the visitor’s session state across page requests | Persistent 1 year |
Flo | 1.gif | Used to count the number of sessions to the website. | Session |
Flo | CookieConsent | Stores the user’s cookie consent state for the current domain | Persistent 1 year |
Flo | _set_cookie | This cookie determines whether the browser accepts cookies | Session |
Flo | SESS# | Preserves users’ states across page requests | Session |
Flo | progressScreenViewed | It prevents repetitive display of the animation every time a user navigates to the landing page | Session |
Cloudflare | __cf_bm | Distinguishes between humans and bots | Persistent 1 day |
Cloudflare | _cfuvid | This cookie is a part of the services provided by Cloudflare, including load-balancing, deliverance of website content and serving DNS connection for website operators. | Session |
Cloudflare | __cfruid | This cookie is a part of the services provided by Cloudflare, including load-balancing, deliverance of website content and serving DNS connection for website operators. | Session |
HackerOne | __Host-session | Hackerone.com used to preserve users’ states across page requests | Persistent 13 days |
HackerOne | h1_device_id | HackerOne cookies that are usually only set in response to actions made by you that amount to a request for services, such as filling in a Hacker One form | Persistent 1 year |
is_eu | Determines whether the user is located within the EU. | Session | |
DoubleClick (Google) | test_cookie | Tests to check whether the browser allows the setting of cookies. Contains no identifiers | Persistent 1 day |
Flo | __ncbc | Local storage used for A/B test |
Statistics | |||
Google Tag Manager | gtmBrowserID | Tag management system set by Google. Tags are small sections of codes or tracking pixels from third-party tools that can track activities for conversion tracking, site analytics, and remarketing. Via Google Tag Manager, tags can be integrated centrally via a user interface, which means all the data is perfectly organized and ready for us to assess and review for potential site improvements and remarketing campaigns. | Persistent |
GCS pings (Google Consent Mode) | Google Consent Mode allows our tags to adjust based on your consent choices. Until consent is provided, only limited data is transmitted. | Session | |
Hubspot | __hssc __hssrc __hstc hubspotutk | These cookies are set by HubSpot to track user sessions and visitors to our dedicated page for health professionals. | Persistent 6 months |
Flo | user_region | Used to store information about a user’s geographic location or region. Flo uses this information to provide localized content or services to the user based on their location. | Persistent 1 year |
_gid | Used to distinguish visitors and generate statistical data on how visitors use our Website | Persistent 2 days |
Marketing | |||
_rdt_uuid | This cookie is set by Reddit to assign a unique ID to a user, which helps Reddit track user activity across websites. | Persistent 3 months | |
_rdt_cid | This cookie is set by Reddit to track visitors across websites | Persistent 1 month | |
Flo | _is_fba | Affiliate Marketing - Cookie used to track partner activity and ensure accurate attribution. | Persistent 1 day |
Tik Tok | _tt_enable_cookie | Used by the social networking service, TikTok, for tracking the use of embedded services. | Persistent 13 months |
Tik Tok | tt_pixel_session_index | Cookie is used by TikTok to check how many times you've interacted with TikTok content | Session |
Tik Tok | tt_sessionId | Tracks user sessions for TikTok ad attribution and analytics. | Session |
Tik Tok | _ttp | To measure and improve the performance of your advertising campaigns and to personalize the user's experience (including ads) on TikTok | Persistent 13 months |
Tik Tok | tt_appInfo | This cookie helps TikTok remember settings and preferences for TikTok content | Persistent 1 year |
Flo | ttclid | TikTok Click ID is a tracking parameter appended to a landing page URL when you click on an ad on TikTok, helping TikTok to improve ad attribution and performance by associating your Click ID with a campaign | Persistent 30 days |
X (Twitter) | muc_ads | It’s used in order to optimize the website and make advertisements on the website more relevant. | Persistent 13 months |
X (Twitter) | guest_id | Collects data related to the user's visits to the website, such as the number of visits, average time spent on the website and which pages have been loaded, with the purpose of personalising and improving the Twitter service. | Persistent 13 months |
X (Twitter) | guest_id_marketing | It’s used in order to optimize the relevance of advertisement on the website. | Persistent 13 months |
X (Twitter) | _guest_id_ads | It’s used in order to optimize the relevance of advertisements on the website. | Persistent 13 months |
X (Twitter) | 1/i/adsct [x2] | It’s used to optimize the website and make advertisements on the website more relevant. | Session |
X (Twitter) | personalization_id | Advertising cookie | Persistent 13 months |
X (Twitter) | _twclid | Advertising cookie | Persistent 30 days |
Impact.com Affiliate | irclickid | Click id for Impact platform | Persistent 30 days |
IR_22205 | Cookie set as a part of the Universal Tracking Tag (UTT) API implementation, which is a minified script placed within Flo’s website. It allows Flo to understand how users interact with our web pages | Session | |
IR_GBD | The Universal Tracking Tag (UTT) is a minified script placed within Flo’s website. Cookies set on the base domain of Flo website as part of the Universal Tracking Tag (UTT) system to understand how users interact with our web pages. | Session | |
IR_PI | These cookies are set when the user clicks on Flo’s banners. This is part of UTT javascript functions and works based on unique identifier UUID keys. | Persistent 2 years | |
IRLD | This cookie identifies the "last click" and is used to eliminate duplicate clicks during checkout and the final conversion. | Persistent 6 months | |
brwsr | This cookie stores a unique UUID key to help identify a customer later. | Persistent 24 days | |
EPERSIST | It helps distribute network traffic efficiently, ensuring optimal performance and reliability during a user's session. This cookie does not store personally identifiable information and expires when the session ends. | Session | |
Meta (Facebook) | _fbp | It identifies browsers for the purposes of providing advertising and site analytics services | Persistent 90 days |
Meta (Facebook) | _fbc | It stores the last visit. This cookie is only set when a user arrives at the Website from an ad, and the destination URL includes the click identifier “fbclid.” | Persistent 90 days |
Snapchat | _schn1 | It sets a unique ID for the visitor to track individual sessions on the Website, allowing the Website to compile statistical data from multiple visits. This data can also be used to create leads for marketing purposes. | Persistent 1 day |
Snapchat | _scid | It sets a unique ID for the visitor that allows third-party advertisers to target the visitor with relevant advertisements | Persistent 13 months |
Snapchat | _scid_r | Sets a unique ID for the visitor that allows third-party advertisers to target the visitor with relevant advertisements. | Persistent 13 months |
YouTube | VISITOR_INFO1_LIVE | Tries to estimate the users’ bandwidth on pages with integrated YouTube videos | Persistent 179 days |
YouTube | ytidb::LAST_RESULT_ENTRY_KEY | Stores the user’s video player preferences using embedded YouTube video | Persistent |
YouTube | Yt-remote-cast-available Yt-remote-cast-installed Yt-remote-fast-check-period Yt-remote-session-app yt-remote-session-name | Stores the user’s video player preferences using embedded YouTube video | Session |
YouTube | yt-remote-connected-devices yt-remote-device-id | YouTube cookies that store the user’s video player preferences using embedded YouTube video | Persistent |
YouTube | YSC | YouTube cookies to understand how a user interacts with embedded YouTube videos on a website. | Session |
_ga | Used to identify and track an individual session with a user device | Persistent 2 years | |
_gcl_au | Used by Google AdSense for experimenting with advertisement efficiency across websites using their services | Persistent 3 months | |
ads/ga-audiences | Used to reengage visitors that are likely to convert to customers based on the visitor’s online behavior across websites | Session | |
pagead/1p-user-list/# | Set by Google for measurement of advertisement efforts and facilitates payment of referral fees between websites | Session | |
Google Enhanced Conversion (EEA & UK only) | We use a privacy-enchancing process to help measure the effectiveness of our advertising. Specifically, we convert your email address into a secure, hashed format using industry-standard SHA256 hashing before sharing it with Google. This hashed information allows Google to match it, if possible, to signed-in Google accounts in order to understand which ads may have led to a specific action, like a purchase or sign-up. No health information is shared as part of this process. This helps us improve how we measure ad performance across devices and browsers, without sharing your actual email address. | Persistent up to 90 days | |
bcookie bscookie | Used by LinkedIn for tracking the use of embedded services | Persistent 1 year | |
lidc | Used by LinkedIn for tracking the use of embedded services | Persistent 1 day | |
Snapchat | sc_at | Used by Snapchat to implement advertisement content. The cookie detects the efficiency of the ads and collects visitor data for further visitor segmentation. | Persistent 1 year |
Snapchat | blizzard_client_id | Used to distinguish unauthenticated visitors | Persistent 30 days |
Snapchat | EssentialSession | Used to save Essential Session cookie preferences | Persistent 1 year |
Snapchat | sc-cookies-accepted | Used to determine whether a visitor has accepted cookies | Persistent 1 year |
Snapchat | _sctr | Used to determine whether a third-party tag will be called in a Snap Ads Pixel | Persistent 1 year |
Snapchat | sc-wcid | Anonymous client-side identifier used for operational and performance metrics | Persistent 1 year (excluding EU/UK where expiration is 24 hours) |
Snapchat | sc-language | Used to remember a visitor’s chosen language preference. | Persistent 1 year |
Snapchat | sc-a-nonce | Nonce check. It’s used to encrypt session data. | Session or 1 year |
Flo | utm_campaign | A first-party cookie that typically tracks individual campaign name, slogan, promo code, etc., to track the effectiveness of online advertising campaigns | 1 year |
Flo | utm_term | Identifies paid search keywords and name of ad sets | 1 year |
Flo | utm_medium | Tracking technology typically passed as part of the URL when a user clicks on a tracked link, such as an ad or email campaign, to identify the advertiser, site, or publication | 1 year |
Flo | utm_content | Tracking technology typically passed as part of the URL to differentiate similar content or links within the same ad | 1 year |
Flo | utm_ad | Used to identify the ID of the specific add | 1 year |
Flo | utm_exp | Used to identify the ID of the specific experiment | 1 year |
Flo | utm_source | Tracking technology used to identify the specific source of traffic to a Website, such as a search engine, social media platform, or specific website | 1 year |
Flo | utm_campaign_id | Tracking technology used to identify the specific ID of an ad campaign | 1 year |
Flo | utm_adset | Tracking technology used to identify the name of the specific ad set in which the ad was displayed. | |
Flo | utm_adset_id | Tracking technology to identify the name of the specific ad set in which the ad was displayed. | |
Flo | utm_ad_id | Tracking technology to identify the ID of the specific ad | Session |
Quora | m-b | Pixel necessity, performance, functionality, targeting | Persistent 2 years |
HubSpot | __ptq.gif | Sends analytics data to HubSpot about the website | Persistent 90 days |
_pinterest_ct _pinterest_ct_ua _pin_unauth, _derived_epik _epik ar_debug | Cookies for marketing analytics | Persistent 1 year | |
_nccapi_ur | Used by Pinterest to track the usage of services. | Session | |
Quora | qclid | It’s used for click ID. | Persistent 30 days |
v3/ pixel | Used by Pinterest to track the usage of services. | Session | |
Microsoft (Bing) | MUID | Used widely by Microsoft as a unique user ID. The cookie enables user tracking by synchronizing the ID across many Microsoft domains. | Persistent 13 months |
Microsoft (Bing) | _uetsid | Contains the session ID for a unique session on the site | Persistent 13 months |
Microsoft (Bing) | _uetsid_exp | Contains the expiry-date for the cookie with corresponding name | Persistent 13 months |
Microsoft (Bing) | _uetvid_exp | Contains the expiry-date for the cookie with corresponding name | Persistent 13 months |
Microsoft (Bing) | _uetvid | It’s used to track visitors on multiple websites, in order to present relevant advertisements based on the visitor's preferences. | Persistent 13 months |
Microsoft (Bing) | _uetmsclkid | Captures the Microsoft Click ID (MSCLKID) when a user clicks on an ad and lands on your website | Persistent 90 days |
Software Development Kit (SDK) Mobile
SDKs are third-party software development kits that may be installed in your mobile application. SDKs help us understand how you interact with our App and collect certain information about the device and network you use to access the application.
Our App is never used to present you with third-party advertising. You can browse with full confidence in the protection of your privacy. Access is requested with the purpose of enabling the use of our services and improving their functioning. It is subject to a prior consent request and the possibility of withdrawing this consent. Flo services may still be used even in the event of refusal or withdrawal of consent.
AppsFlyer SDK: Facilitates measurement of performance and analysis of customer acquisition campaigns. Further information about AppsFlyer SDK is available at https://www.appsflyer.com/product/security-and-privacy/.
You can deactivate this data processing at any time via https://www.appsflyer.com/optout. In order to do so, you must have the Identifier for Advertisers (IDFA) of your mobile device.
You can also withdraw your consent for the collection of data for targeted advertising or sharing their data with third-party advertisers through Flo privacy settings or your device’s settings.
Advertising ID. You can tailor your device settings to control your advertising ID:
- On Apple devices, you can enable the “Limit Ad Tracking” setting in your device settings.
- On Android devices, you can enable the “Opt out of Ads Personalization” in your device settings.
What to do if you don’t want cookies to be set or want them to be removed
You can change your cookie preference at any time — including withdrawing consent to nonessential cookies that you have previously given— by clicking the cookie settings widget, which is generally in the bottom left-hand corner of the screen. Your consent will then be updated for further use for any cookies operated by Flo, as these are first-party cookies. You may need to refresh your page for your settings to take effect.
It is important to understand that if you have previously given your consent for the use of third-party cookies, you will not be able to disable them through our cookie management system. If you wish to withdraw your consent to optional cookies (including third-party cookies) or do not want certain types of cookies, you will need to delete your cookies using your internet browser settings. Most browsers allow you to manage how cookies are set and used as you are browsing and to clear cookies and browsing data.
For further information about deleting or blocking cookies, please visit http://www.aboutcookies.org/Default.aspx?page=2.
Browser manufacturers provide help pages relating to cookie management in their products. Please see below for more information.
You can opt out of a third-party vendor’s use of cookies by visiting the multi-cookie opt-out mechanism, the Network Advertising Initiative opt-out page, or control the use of device identifiers by using their device’s settings.
To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.
For other browsers, please consult the documentation that your browser manufacturer provides.
Please note, however, that if you delete cookies or do not accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.
Where can I find more information about cookies?
You can learn more about cookies by visiting the following third-party websites:
What is Do Not Track (DNT)?
DNT is a concept that has been promoted by regulatory agencies, such as the US Federal Trade Commission (FTC), for the internet industry to develop and implement a mechanism for allowing internet users to control the tracking of their online activities across websites by using browser settings. You can visit your browser settings to adjust these settings. At the current time, this Website is not programmed to recognize Do Not Track signals, so the Site will not treat You differently if We receive such signals from Your browser. We may not comply with Do Not Track settings on Your browser.
Changes to this Policy
We may change this Policy from time to time. When we post changes to this Policy, we will revise the “Last Updated” date at the top of this Policy. If we make any material changes in the way we collect, use, and/or share information using these technologies, we will notify you by prominently posting notice of the changes in places where you use the Website. We recommend that you check this page from time to time to inform yourself of any changes in this Policy.
Contact us
If you have any questions or comments about this Policy, please email support@flo.health.