Your data is protected by an award-winning team of privacy and security experts who have dedicated their careers to keeping sensitive information safe.

Sue Khan, our VP of Privacy & Data Protection Officer, won the PICCASO Outstanding DPO Award — one of the highest recognitions in the privacy profession. Our VP of Security, Laure Lydon was named a Women in Tech finalist. Together, they lead the team that built Anonymous Mode, achieved our dual ISO certifications, and continue to raise the bar for what privacy leadership looks like in femtech.

These are the people accountable for your data. We think you should know who they are.

Our Privacy & Security Leadership

Sue Khan - VP of Privacy & Data Protection Officer

Title: Vice President of Privacy & Data Protection Officer (DPO)
Credentials: CIPP/E (Certified Information Privacy Professional/Europe), Data Protection Officer, and Lawyer (England & Wales)

Recognition:

Quartz Innovators 2023
PICCASO Awards Europe Outstanding DPO 2024

About Sue:

Sue Khan brings 20 years of expertise to her role as Flo's VP of Privacy and Data Protection Officer. Before joining Flo in 2023, she led privacy programs at eMed (formerly Babylon Health), Hasbro, and Telefonica O2.

As Flo's DPO, Sue oversees all privacy operations, including policy development, regulatory compliance, fulfillment of user rights, and the implementation of privacy-by-design in product development. Under her leadership, Flo achieved ISO 27701 certification in January 2024, becoming the first period-tracking app to earn the privacy management standard.

Sue's approach to privacy is proactive rather than reactive. As Sue explains: “Privacy should be a foundational part of the user experience, not an afterthought. Users should have access to services that help manage their health without concern for their privacy.”

In 2024, Sue was named Outstanding DPO by the prestigious PICCASO Europe Privacy Awards. Sue is passionate about raising awareness and advancing conversations in the privacy space. She, alongside Laure Lydon, recently hosted an in-person event in New York, sharing insights into Flo’s privacy practices with U.S. media, and served as an expert judge at a Girl Security workshop, supporting and mentoring young people interested in privacy.

Sue is a lawyer holding the CIPP/E certification from the International Association of Privacy Professionals.

Featured content by Sue:

Connect with Sue:
LINKEDIN →

Laure Lydon - VP of Security and Infrastructure

Title: Vice President of Security and Infrastructure
Credentials: CISSP, MSc Information Security

Recognition:

Women in Tech Security Award Finalist: Cybersecurity Leader of the Year - 2024
Most Inspiring Women in Cyber Nominee - 2024

About Laure:

Laure Lydon leads Flo's security, cloud infrastructure and internal IT functions, with over 20 years of experience in cybersecurity, risk management and technology leadership. Before joining Flo in 2024, she built security programmes at eMed (formerly Babylon), WPP, and Ladbrokes Coral.

As VP of Security, Laure is responsible for Flo's entire security programme– from threat detection and incident response to security architecture and vulnerability management. She leads Flo's ongoing ISO 27001 certification programme, for which her team earned the PICCASO Privacy ISO 27001 Team of the Year Award in 2025.

As Laure puts it: “Security in femtech is about more than protecting data; it’s also protecting people's autonomy and safety in an increasingly uncertain threat landscape.”

Laure was named a 2024 Women in Tech Security Award finalist for her contributions to advancing security practices in women's health technology. Laure is deeply committed to raising awareness and driving meaningful conversations in the security space. She recently co-hosted an in-person event in New York, where she shared insights into Flo’s privacy practices with U.S. media, and also served as an expert judge at a Girl Security workshop, supporting and mentoring young people interested in security.

Outside Flo, Laure is a regular public speaker within the Cyber industry and an advisory council member for Infosecurity Europe and ClubCISO. Laure is an active advocate on international security policy, including cyber risk management, secure software development and AI security. Laure is a passionate champion of diversity and inclusion in security, serving as Chief Advisor for WiCyS UK&I Affiliate, helping to build a strong gender-diverse cybersecurity workforce.

Connect with Laure:
LINKEDIN →

Tsimafei Savitski - Chief Legal & Compliance Officer

Title: Chief Legal & Compliance Officer
Credentials: CIPP/E(Certified Information Privacy Professional/Europe), CIPM (Certified Information Privacy Manager)

About Tsimafei:

Tsimafei Savitski is Flo's Chief Legal & Compliance Officer, leading the legal and compliance programs that ensure Flo's privacy practices meet regulatory requirements across global jurisdictions.

As Chief Legal & Compliance Officer, Tsimafei oversees all legal and regulatory compliance efforts to ensure Flo maintains the highest standards of data protection.

Tsimafei's approach to compliance goes beyond legal requirements: “Compliance is about building trust through transparent, ethical data practices that exceed what the law requires.”

Connect with Tsimafei:
LINKEDIN →

Roman Bugaev - Chief Technology Officer

Title: Chief Technology Officer

About Roman:

Roman Bugaev is Flo’s Chief Technology Officer, leading the engineering teams behind the app’s data-intensive systems, high-load infrastructure, and AI-driven capabilities.

As Chief Technology Officer, Roman leads a team of 200+ senior engineers who build secure, scalable technology that delivers accurate predictions and personalized, medically credible health insights — with the protection of users’ sensitive data built into every layer of the product.

Roman believes innovation is essential - but must be done responsibly: “Innovation drives us forward, but trust comes first. We build and improve our technology with privacy and security built in from the start, so our users can feel confident their data is protected at every step.”

Featured content by Roman:

Connect with Roman:
LINKEDIN →

Featured: In Conversation with Sue Khan

In this in-depth interview, Sue Khan discusses:

The unique privacy challenges in femtech
How Flo approaches privacy by design
Advice for other organizations building privacy programs

Read the full interview

Our Approach to Privacy and Security

The Flo Privacy and Security teams operate on three core principles:

1) Privacy by Design

Privacy isn't added at the end of product development. It's built into every feature from the very beginning.

What this means in practice:

Every new feature undergoes a privacy and security assessment before development begins.
Engineers are trained in privacy-preserving technologies.
Privacy and security requirements are part of every product specification.
Our privacy and security teams review every feature before it’s launched.

Example: When designing Anonymous Mode, the team set out to "make it technically impossible to identify users" and built the feature architecture around that requirement, not the other way around.

2) Continuous Review

Privacy and security are never "finished." We continuously review our practices through:

Regular audits:

Annual ISO 27001 and ISO 27701 certification audits
Penetration testing
Vulnerability assessments
Ongoing monitoring of industry practices and threat detection

Industry engagement:

Our team actively participates in privacy and security communities, staying current with:

Emerging regulations (new privacy laws + regulatory guidance)
Evolving threats (new attack vectors + social engineering tactics)
Best practices (industry standards + technological advances)

3) Transparency & Accountability

We believe true transparency builds trust more than marketing claims.

How we demonstrate transparency:

Independent verification: We invested in ISO certifications and third-party audits.
Open source code: Our Anonymous Mode technology is available for free on GitHub for those who wish to benefit from the technology.
Public reporting: We provide regular updates on privacy milestones.
Accessible information: This Privacy Portal and our in-app privacy page explain our practices in plain, digestible language.
Direct contact: Our DPO is available at dpo@flo.health for privacy questions.

Our Privacy and Security Advisory Board

Launched in January 2023, Flo's Privacy & Security Advisory Board provides independent guidance on privacy practices, security measures, and ethical considerations in the femtech space. Because our privacy decisions affect millions of people, we believe they should be guided by independent expert insight—not solely internal perspectives. So we created an advisory board to ensure Flo's privacy practices are scrutinized by recognized leaders outside our organization. This approach helps us raise the standard for privacy across the women’s health industry.

The board includes experts representing diverse perspectives:

Privacy law and regulation
Information security
Women's health and reproductive rights
Technology and engineering
Ethics and policy

Board members review Flo's privacy and security practices, provide strategic guidance, and ensure Flo remains at the forefront of femtech privacy.

Dr. Anna Zeiter (LL.M)

Title/Affiliation: CEO & Co-Founder, W

Expertise: Privacy law, data protection law, AI law, IT law, ecommerce law, media law, GDPR and DSA compliance

Dr. Anna Zeiter is a global expert and C-level executive in data, privacy, AI, and platform businesses. Since 2026, she has served as CEO of the European social media platform W.

Before W, she served as Global Chief Privacy Officer and Vice President of Privacy, AI & Data Responsibility at eBay, where she was also a board member of eBay’s international business. Prior to joining eBay in 2014, Anna worked as an attorney at the international law firms DLA Piper and Norton Rose Fulbright in Germany.

In addition to her role at W, Anna is a board member of the global gaming company Modern Times Group (MTG). She has also previously served on the board of the International Association of Privacy Professionals (IAPP), the world’s largest privacy organization.

Dr. Zeiter holds a Ph.D. in media law and free speech from the University of Hamburg, a master’s degree in Law, Science & Technology from Stanford Law School, a Board Certificate from Harvard Business School, and an AI Certificate from Harvard Kennedy School. She is also an honorary professor for Data Protection and AI Law at the University of Bern.

As an Advisory Board member, Dr. Zeiter provides guidance on international privacy law, regulatory compliance, and privacy governance best practices.

Craig Lisowski

Title/Affiliation: President of Products, Nextdoor
Expertise: Product development, data privacy, security, information systems, data governance, compliance engineering

Craig Lisowski is President of Product Development at Nextdoor, overseeing the company's product development. Previously, he was Head of Business Platform Engineering at Square, where he led large-scale data systems and multiple engineering functions for compliance, e-commerce, and customer success. Craig also held technology and business leadership roles at Silicon Graphics, VeriSign, and Oracle. He attended Carleton University and is originally from Ottawa, Canada.

Craig brings extensive experience in data governance, privacy, and security to Flo's Advisory Board, particularly in building trust through transparent data practices.

Susanne Schumacher (DPO, LL.B., CIPP/E, CIPM)

Title/Affiliation: Senior Attorney, Governance & Compliance and Data Protection Officer, Catalyst Inc. / Former Data Protection Officer at Flo
Expertise: Data protection, GDPR compliance, privacy law, governance

Susanne Schumacher is the Senior Attorney, Governance & Compliance, and Data Protection Officer at Catalyst Inc. She is a qualified solicitor and certified privacy professional with over 10 years of experience working with international organizations and global privacy laws. Most recently, Susanne served as Flo's Data Protection Officer, helping build the company's privacy framework and compliance programs.

As a former Flo DPO, Susanne brings unique insight into Flo's privacy challenges and opportunities, helping the company continue to evolve its privacy practices. Her certifications include DPO, LL.B., CIPP/E, and CIPM.

Emily Hancock

Title/Affiliation: Chief Privacy Officer, Cloudflare
Expertise: Privacy, technology partnerships, cloud infrastructure, privacy-preserving technologies

Emily Hancock is Chief Privacy Officer at Cloudflare, where she oversees global privacy strategy and compliance and leads the Data & Technology legal team. Cloudflare serves as Flo's technology partner for Anonymous Mode, providing the OHTTP relay infrastructure that enables users to track their cycles without revealing their identity.

Emily's expertise in privacy-preserving technologies and her role at Cloudflare make her uniquely qualified to advise on the technical and privacy aspects of features like Anonymous Mode. She brings deep knowledge of cutting-edge privacy technologies and their implementation at scale.

As an Advisory Board member, Emily provides guidance on privacy engineering, technology partnerships, and emerging privacy-preserving technologies.

Brenda R. Sharton

Title/Affiliation: Partner & Global Chair, Privacy & Cybersecurity, Dechert LLP
Expertise: Privacy law, cybersecurity law, legal compliance, regulatory matters

Brenda R. Sharton is a partner and Global Chair of the Cybersecurity, Privacy & AI practice at Dechert LLP, one of the world's leading law firms. Brenda is a top trial lawyer who has handled many of the most significant and high-profile privacy, cybersecurity and AI matters across the globe.

Brenda is internationally recognized as a leading lawyer in this field by Chambers and Legal 500, and has been repeatedly named as Law360 MVP for Cybersecurity & Privacy, including in 2025—the same year the practice group she leads was named as Law360’s Practice Group of the Year.

Her extensive legal experience in privacy and cybersecurity law provides Flo with strategic guidance on regulatory compliance, incident response, and navigating the evolving global privacy regulatory landscape. Her work spans GDPR, CCPA, and emerging health data privacy laws.

As an Advisory Board member, Brenda advises Flo on legal strategy, regulatory compliance, and cyber and privacy risk management.

Oran Hollander

Title/Affiliation: Chief Security Officer, SAP Fioneer
Expertise: Cybersecurity, information security, security leadership

Oran Hollander is Chief Security Officer at SAP Fioneer, where he leads security strategy and operations. SAP Fioneer provides cloud-based software solutions for the financial services industry, requiring the highest levels of security and regulatory compliance.

Oran brings extensive experience in enterprise security, threat detection, and developing security programs for organizations handling sensitive data. His expertise in security architecture and risk management helps Flo maintain industry-leading security practices.

As an Advisory Board member, Oran provides guidance on security strategy, threat landscape, and security infrastructure.

Sara Hall

Title/Affiliation: Chief Information Security Officer, Teladoc
Expertise: Information security, healthcare technology security, CISO leadership

Sara Hall is Chief Information Security Officer at Teladoc, a leading global healthcare technology company. She oversees security strategy for a platform that serves millions of patients worldwide, bringing deep expertise in healthcare data security and regulatory compliance.

Sara's experience securing healthcare technology makes her particularly valuable to Flo's Advisory Board. She understands the unique challenges of protecting sensitive health information and navigating healthcare privacy regulations like HIPAA while maintaining user accessibility and trust.

As an Advisory Board member, Sara provides guidance on healthcare data security, security operations, and the balance between security and user experience.

Who Is Flo's DPO?

Sue Khan is Flo's VP of Privacy and Data Protection Officer (DPO), bringing 20 years of experience in data protection. She is a Lawyer (England & Wales), holds the CIPP/E and won the PICCASO Outstanding DPO Award in 2024. Sue oversees all privacy operations at Flo and led the company's achievement of ISO 27701 privacy certification in January 2024.

Does Flo Have a Privacy & Security Team?

Yes. Flo has made significant investments in cross-functional Privacy & Security leadership, including:

Privacy: led by Sue Khan - VP of Privacy & Data Protection Officer
Security: led by Laure Lydon - VP of Security & Infrastructure
Legal & Compliance: led by Tsimafei Savitski - Chief Legal & Compliance Officer
Engineering: led by Roman Bugaev - Chief Technology Officer
Trust: Flo has a dedicated engineering team responsible for enhancing and implementing privacy & security into our product
Privacy Champions Network: Flo’s internal cross-functional privacy working group
Privacy and Security Steering Group: Comprised of the most senior members of the business (including Flo’s CEO), the group provides strategic oversight of Flo’s privacy & security programs
Privacy & Security Advisory Board: Composed of independent experts who provide guidance on privacy practices across the industry.

Learn More About Our Privacy Practices

See how we protect your data:
Your Data & Privacy

Read about our certifications:
Certifications & Audits

Explore our privacy journey:
Our Privacy Journey

Read Content by Our Privacy Team

Blog posts
Privacy Blog

Have Questions?

Contact our Support Team:

Use the chat widget in the bottom right corner of this page.

Contact our Data Protection Officer:
dpo@flo.health

General privacy questions:
Visit our FAQ

Download Flo today

Meet the Team Protecting Your Privacy