Effective as of September 13, 2023
The websites flo.health, app.flo.health, and other related pages (the “Website”) are operated by Flo UK Limited. Web application and other related pages (the “Web Application”) are also operated by Flo UK Limited (hereinafter “Flo”).
At Flo, your digital safety matters a lot to us, as well as your health and well-being. Transparency is fundamental in building trustworthy relationships with you. In the spirit of transparency, this Policy provides detailed information about how and when we use cookies. This Policy applies to any product or service by Flo that links to this Policy or incorporates it by reference.
Please note that the consent you provide for the use of cookies applies to all domains and subdomains associated with our Website, including but not limited to flo.health, app.flo.health, landing.flo.health, promo.flo.health, and help.flo.health.
What are cookies and similar technologies?
Cookies are small text files that are stored in your web browser that allow us or a third party to recognize you. Cookies are used to store and receive identifiers and other information on computers, phones, and other devices. Cookies can be used to collect, store, and share bits of information, such as IP addresses, about your activities across websites, including on Flo’s Website and Web Application.
However, it’s not only cookies that can be used in this way. Functions performed by a cookie can be achieved by other means, too. This Policy on cookies, therefore, also applies to any similar technology that stores or accesses information on your device. This could include, for example, HTML5 local storage, local shared objects, beacons, pixels, and plug-ins. The single term “cookies” refers to cookies and any similar technologies.
Cookies enable the Website to remember your actions and preferences (such as login, language, font size, and other display preferences) over a period of time, so you don’t have to keep reentering them whenever you come back to the site or browse from one page to another.
What types of cookies do we use?
We use both session cookies and persistent cookies.
A session cookie is used to identify a particular visit to our Website or Web Application. These cookies expire after a short period of time or when you close your web browser after using our Website. We use these cookies to identify you during a single browsing session, and they are deleted automatically once you close your browser.
A persistent cookie will remain on your devices for a set period of time, and the duration will be specified in this Policy. These cookies survive after your browser is closed. For example, we would use a persistent cookie if you asked that we keep you signed in to the Flo service.
Categories of cookies
Cookies can either be “first-party” or “third-party.” First-party cookies refer to cookies that Flo sets and uses directly. Third-party cookies refer to cookies set by third parties (such as our analytics providers) through our Website or via server cookies.
The types of cookies used by us and our partners in connection with the Website can be classified into one of four categories:
(i) Necessary
(ii) Preference
(iii) Statistics
(iv) Marketing
Below, you’ll find general information about each of these categories.
i) Necessary cookies
These cookies are strictly necessary to provide you with the Website and the features you have requested, such as to allow you to log into secure areas of the Website. Because these cookies are essential for the Website and the features you have requested to work, you cannot reject them.
First-party necessary cookies set by Flo
We use first-party cookies for the following essential purposes:
- Functionality: Optimizing and improving access to the Website
- Security: Preventing fraud and detecting nonhuman (bot) traffic, including authentication and secure logins
- Cookie consent: Remembering your cookie consent preferences
- Analysis: Traffic scheduling and network distribution
- Billing: The ability to make payments
Third-party necessary cookies set by our partners: see table below.
As explained above, these cookies are strictly necessary to operate our Websites and cannot be declined. Some of these cookies have a maximum duration of 24 months.
(ii) Preference
Functionality cookies record information you enter or choices you make, such as your language preference for the Website.
First-party preference cookies set by Flo
We use first-party cookies for the following purpose:
- Localization: remembering the country from which you visit the Website(s) and your language preferences
Some of these cookies have a maximum duration of 24 months.
Third-party cookies (set by our partners): None for this purpose.
(iii) Statistics
We use analytics and performance cookies to analyze how you use the Website. This helps us to:
- See which pages you view most often
- Analyze which region you are visiting the Website from
- Observe how you interact with the content
- Measure any errors that occur
- Test different design ideas
The above information is used to report and evaluate your activities and patterns as a user of the Website.
First-party statistics cookies set by Flo:
We use first-party cookies for analytics and web optimization purposes. Some of these cookies have a maximum duration of 13 months.
Third-party statistics cookies (set by our partners): See the cookies table below.
(iv) Marketing
These cookies help us reach you and more people like you to spread the word about the App, as well as analyze whether we do that effectively. Flo does not use cookies to collect or analyze your health information for marketing purposes.
First-party marketing cookies set by Flo
We use marketing cookies to analyze and improve our marketing campaigns. This helps us to:
- Improve our marketing campaigns, including tracking ad conversions
- Identify paid search keywords
- Identify the source of traffic to the Website, such as search engine, social media, or specific website
- Analyze which region you are visiting the Website from
- See how you interact with the content
Third-party marketing cookies (set by our partners): See the cookies table below.
What cookies do we use?
Our cookie table lists cookies on our Website and Web Application. Please note that the names of cookies may change over time. We also may use certain cookies on only a limited number of pages that you visit on our Website and Web Application to avoid unnecessary collection of your personal data. Please note that our cookies do not process any personal health data.
Necessary
| Provider | Cookie Name | Description | Expiration |
|---|---|---|---|
| Flo | session_id | Flo.health cookie that preserves users’ selections across page requests | Session |
| Flo | visitor_id | Preserves the visitor’s session state across page requests | Persistent 1 year |
| Cloudflare | __cf_bm | Distinguishes between humans and bots | Persistent 1 day |
| HackerOne | __Host-session | Hackerone.com used to preserve users’ states across page requests | Persistent 13 days |
| HackerOne | h1_device_id | HackerOne cookies that are usually only set in response to actions made by you that amount to a request for services, such as filling in a Hacker One form | Persistent 1 year |
| Flo | CookieConsent | Stores the user’s cookie consent state for the current domain | Persistent 1 year |
| li_gc | Stores the user’s cookie consent state for the current domain | Persistent 180 days | |
| DoubleClick (Google) | test_cookie | Tests to check whether the browser allows the setting of cookies. Contains no identifiers | Persistent 1 day |
| YouTube | CONSENT | Detects if the visitor has accepted the marketing category in the cookie banner | Persistent 2 years |
| Google reCAPTCHA | rc::a | Generated by reCAPTCHA, a service provided by Google to distinguish between humans and bots and prevent automated bots from accessing the Website | Persistent |
| Google reCAPTCHA | rc::c | Distinguishes between humans and bots | Session |
| Flo | SESS# | Preserves users’ states across page requests | Session |
Statistics
| Provider | Cookie Name | Description | Expiration |
|---|---|---|---|
| Amplitude | AMP_unsent_# | Used for internal analytics by Flo | Persistent |
| AnalyticsSyncH istory | LinkedIn cookie used in connection with data synchronization with third-party analysis service | Persistent 29 days | |
| Snapchat | Performance | Used to save performance and analytics cookie preferences | Persistent 1 year |
| Flo | ln_or | Used for internal analytics by Flo | Persistent 1 day |
| Flo | user_region | Used to store information about a user’s geographic location or region. Flo uses this information to provide localized content or services to the user based on their location. | Persistent 1 year |
| Flo | u_scsid | Used for internal analysis and website optimization | Session |
| Flo | X-AB | Allows Flo to find the best variation/edition of the site | Persistent 1 day |
| _gid | Used to distinguish visitors and generate statistical data on how visitors use our Website | Persistent 2 days | |
| _ga | Used to identify and track an individual session with a user device | Persistent 2 years |
Marketing
| Provider | Cookie Name | Description | Expiration |
|---|---|---|---|
| HubSpot | __anon_id | Collects visitor data related to the user’s visits to the Website, such as the number of visits, average time spent on the Website, and what pages have been loaded, with the purpose of displaying targeted ads | Persistent 2 years |
| Meta (Facebook) | _fbp | Stores and tracks visits across websites for the purposes of marketing | Persistent 90 days |
| Meta (Facebook) | _fbc | Stores the last visit. This cookie is only set when a user arrives at the Website from an ad, and the destination URL includes the click identifier “fbclid.” | Persistent 2 years |
| Snapchat | _schn1 | Sets a unique ID for the visitor to track individual sessions on the Website, allowing the Website to compile statistical data from multiple visits. This data can also be used to create leads for marketing purposes. | Persistent 1 day |
| Snapchat | _scid | Sets a unique ID for the visitor that allows third-party advertisers to target the visitor with relevant advertisements | Persistent 13 months |
| Snapchat | _scid_r | Sets a unique ID for the visitor that allows third-party advertisers to target the visitor with relevant advertisements | Persistent 13 months |
| YouTube | VISITOR_INFO 1_LIVE | Tries to estimate the users’ bandwidth on pages with integrated YouTube videos | Persistent 179 days |
| YouTube | YSC | Registers a unique ID to keep statistics of what videos from YouTube the user has seen | Session |
| YouTube | ytidb::LAST_RESULT_ENTRY_KEY | Stores the user’s video player preferences using embedded YouTube video | Persistent |
| YouTube | Yt-remote-castavailable Yt-remote-castinstalled Yt-remote-fastcheck-period Yt-remote-session-app yt-remote-session-name | Stores the user’s video player preferences using embedded YouTube video | Session |
| YouTube | yt-remote-connected-devices yt-remote-device-id | YouTube cookies that store the user’s video player preferences using embedded YouTube video | Persistent |
| _gcl_au | Used by Google AdSense for experimenting with advertisement efficiency across websites using their services | Persistent 3 months | |
| ads/ga-audiences | Used to reengage visitors that are likely to convert to customers based on the visitor’s online behavior across websites | Session | |
| bcookie bscookie | Used by LinkedIn for tracking the use of embedded services | Persistent 1 year | |
| lidc | Used by LinkedIn for tracking the use of embedded services | Persistent 1 day | |
| pagead/1p-user-list/# | Set by Google for measurement of advertisement efforts and facilitates payment of referral fees between websites | Session | |
| Snapchat | sc_at | Used by Snapchat to implement advertisement content. The cookie detects the efficiency of the ads and collects visitor data for further visitor segmentation | Persistent 1 year |
| Snapchat | blizzard_client_id | Used to distinguish unauthenticated visitors | Persistent 30 days |
| Snapchat | Marketing | Used to save Marketing cookie preferences | Persistent 1 year |
| Snapchat | EssentialSession | Used to save Essential Session cookie preferences | Persistent 1 year |
| Snapchat | sc-cookies-accepted | Used to determine whether a visitor has accepted cookies | Persistent 1 year |
| Snapchat | _sctr | Used to determine whether a third-party tag will be called in a Snap Ads Pixel | Persistent 1 year |
| Snapchat | sc-wcid | Anonymous client-side identifier used for operational and performance metrics | Persistent 1 year (excluding EU/UK where expiration is 24 hours) |
| Snapchat | sc-language | Used to remember a visitor’s chosen language preference. | Persistent 1 year |
| Snapchat | sc-a-nonce | Nonce check. It’s used to encrypt session data. | Session or 1 year |
| sc-static.net | u_sclid | Sets a unique ID for the visitor that allows third-party advertisers to target the visitor with relevant advertisements. This pairing service is provided by third-party advertisement hubs, which facilitates real-time bidding for advertisers. | Persistent |
| UserMatchHistory | LinkedIn Ads ID syncing. Used to track visitors on multiple websites in order to present relevant advertisements based on the visitor’s preferences | Persistent 29 days | |
| Td (Google Tag Manager) | Tag management system set by Google. Tags are small sections of codes or tracking pixels from third-party tools that can track activities for conversion tracking, site analytics, and remarketing. Via Google Tag Manager, tags can be integrated centrally via a user interface, which means all the data is perfectly organized and ready for us to assess and review for potential site improvements and remarketing campaigns. | Session | |
| Cloudflare | Zaraz | Zaraz (beta) is a Cloudflare solution that offloads third-party tools and services (e.g., analytics tools, advertising pixels, and scripts) to the cloud and improves the speed and security of the Website. Zaraz relies on events and triggers from the Website to determine when to load the tools and what action they need to perform. It facilitates the efficient management of cookies and tracking technologies, enabling us to customize your browsing experience. | |
| Flo | utm_campaign | A first-party cookie that typically tracks individual campaign name, slogan, promo code, etc., to track the effectiveness of online advertising campaigns | 1 year |
| Flo | utm_term | Identifies paid search keywords and name of ad sets | 1 year |
| Flo | utm_medium | Tracking technology typically passed as part of the URL when a user clicks on a tracked link, such as an ad or email campaign, to identify the advertiser, site, or publication | 1 year |
| Flo | utm_content | Tracking technology typically passed as part of the URL to differentiate similar content or links within the same ad | 1 year |
| Flo | utm_ad | Tracking technology used to track advertising campaigns or identify the source of traffic to a website from specific ads | 1 year |
| Flo | utm_exp | Internal parameter used to define if we want to apply the testing activities to the campaign | 1 year |
| Flo | utm_source | Tracking technology used to identify the specific source of traffic to a Website, such as a search engine, social media platform, or specific website | 1 year |
| Quora | m-b | Pixel necessity, performance, functionality, targeting | Persistent 2 years |
| _rdt_uuid | Reddit pixel to track conversion events taken by users after viewing or clicking an ad on Reddit and reporting that data back to Reddit | Persistent 90 days | |
| _pinterest_sess _pinterest_ct _pinterest_ct_rt _pinterest_ct_ua | Cookies for marketing analytics | Persistent 1 year | |
| _pin_unauth, _derived_epik _epik | Cookies for marketing analytics | Persistent 1 day | |
| TikTok | _ttp | Measures and improves the performance of our advertising campaigns and to personalize the user’s experience (including ads) on TikTok | Persistent 13 months |
| Microsoft | MUID | Microsoft cookie that contains a GUID assigned to your browser. It gets set when you interact with a Microsoft property, including a UET beacon call or a visit to a Microsoft property through the browser | Persistent 13 months |
| Microsoft | _uetmsclkid | Microsoft Click ID, which is used to improve the accuracy of conversion tracking | Persistent 90 days |
| Microsoft | _uetsid | Contains the session ID for a unique session on the site | Persistent 13 months |
| Microsoft | _uetvid | UET assigns this unique, anonymized visitor ID, representing a unique visitor. UET stores this data in a first-party cookie | Persistent 13 months |
| NID | Retains choices and additional details, such as preferred language and preference for enabling Google’s SafeSearch filter | 6 months | |
| __gads | Measures interactions with the ads on our domain and prevents the same ads from being shown to you too many times | 13 months | |
| FPAU | Checks Website activity for analytics and reporting | 90 days | |
| ANID | Shows Google ads on non-Google sites. If you have personalized ads enabled, the “ANID” cookie is used to remember this setting and lasts for 13 months in the European Economic Area (EEA), Switzerland, and the United Kingdom (UK), and 24 months everywhere else. If you have turned off personalized ads, the “ANID” cookie is used to store that setting until 2030. | 13 months EEA UK / 24 months elsewhere | |
| AID | Stores Google IDs so that activities can be linked across devices (if a user has previously signed in to a Google Account on another device) in order to show relevant and personalized advertising across all devices | 13 months EEA UK / 540 days elsewhere | |
| TAID | Stores Google IDs so activities can be linked across devices (if a user has previously signed in to a Google Account on another device) in order to show relevant and personalized advertising across all devices | 14 days | |
| RUL | Used by Google DoubleClick to determine whether advertisements have been properly displayed to ensure marketing efforts are more efficient | 12 months | |
| FPGCLAW | Used to monitor campaigns | 90 days | |
| FPGCLGB | Used to monitor campaigns | 90 days | |
| _gcl_gb | Used to monitor campaigns | 90 days | |
| _gac_gb_<wpid> | Used to monitor campaigns | 90 days | |
| _gcl_aw | Set when a user arrives at the Website | 90 days | |
| 1P_JAR | Used to gather insights about the way in which website visitors interact with the site | 30 days | |
| Conversion | Tag that helps measure conversions | 90 days | |
| VISITOR_INFO1_LIVE__k | Tries to estimate the users’ bandwidth on pages with integrated YouTube videos | 180 days | |
| VISITOR_INFO1_LIVE__default | Tries to estimate the users bandwidth on pages with integrated YouTube videos | 180 days |
Software Development Kit (SDK) Mobile
SDKs are third-party software development kits that may be installed in our mobile application. SDKs help us understand how you interact with our App and collect certain information about the device and network you use to access the application.
Our App is never used to present you with third-party advertising. You can browse with full confidence in the protection of your privacy. Access is requested with the purpose of enabling the use of our services and improving their functioning. It is subject to a prior consent request and the possibility of withdrawing this consent. Flo services may still be used even in the event of refusal or withdrawal of consent.
AppsFlyer SDK: Facilitates measurement of performance and analysis of customer acquisition campaigns. Further information about AppsFlyer SDK is available at https://www.appsflyer.com/product/security-and-privacy/.
You can deactivate this data processing at any time via https://www.appsflyer.com/optout. In order to do so, you must have the Identifier for Advertisers (IDFA) of your mobile device.
You can also withdraw your consent for the collection of data for targeted advertising or sharing their data with third-party advertisers through your device’s settings.
Advertising ID. You can tailor your device settings to control your advertising ID:
● On Apple devices, you can enable the “Limit Ad Tracking” setting in your device settings.
● On Android devices, you can enable the “Opt out of Ads Personalization” in your device settings.
What to do if you don’t want cookies to be set or want them to be removed
You can change your cookie preference at any time — including withdrawing consent to nonessential cookies that you have previously given— by clicking the cookie settings widget, which is generally in the bottom left-hand corner of the screen. Your consent will then be updated for further use for any cookies operated by Flo, as these are first-party cookies. You may need to refresh your page for your settings to take effect.
It is important to understand that if you have previously given your consent for the use of third-party cookies, you will not be able to disable them through our cookie management system. If you wish to withdraw your consent to optional cookies (including third-party cookies) or do not want certain types of cookies, you will need to delete your cookies using your internet browser settings. Most browsers allow you to manage how cookies are set and used as you are browsing and to clear cookies and browsing data.
For further information about deleting or blocking cookies, please visit http://www.aboutcookies.org/Default.aspx?page=2.
Browser manufacturers provide help pages relating to cookie management in their products. Please see below for more information.
You can opt out of a third-party vendor’s use of cookies by visiting the multi-cookie opt-out mechanism, the Network Advertising Initiative opt-out page, or control the use of device identifiers by using their device’s settings.
To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.
For other browsers, please consult the documentation that your browser manufacturer provides.
Please note, however, that if you delete cookies or do not accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.
Where can I find more information about cookies?
You can learn more about cookies by visiting the following third-party websites:
What is Do Not Track (DNT)?
DNT is a concept that has been promoted by regulatory agencies, such as the US Federal Trade Commission (FTC), for the internet industry to develop and implement a mechanism for allowing internet users to control the tracking of their online activities across websites by using browser settings. You can visit your browser settings to adjust these settings.
Changes to this Policy
We may change this Policy from time to time. When we post changes to this Policy, we will revise the “Last Updated” date at the top of this Policy. If we make any material changes in the way we collect, use, and/or share information using these technologies, we will notify you by prominently posting notice of the changes in places where you use the Website. We recommend that you check this page from time to time to inform yourself of any changes in this Policy.
Contact us
If you have any questions or comments about this Policy, please email support@flo.health.