Effective as of January 1, 2020

See the prior versions of our Privacy Policy here

When you use Flo, you’re trusting us with intimate personal information. We are committed to keeping that trust, which is why our policy as a company is to take every step to ensure that individual user's data and privacy rights are protected and to provide transparency about our data practices. 

The main purpose of our Privacy Policy is to provide a clear understanding of what data we collect, how it is used and shared, and how you can control it.

We recommend that you read this Privacy Policy in full along with our Terms of Use, but here are a few key takeaways we hope you will find useful:
  • The data that serves you

    The data that serves you

    When you use Flo, we may collect your Personal data and use it for the purpose of the user experience improvement, like increasing the accuracy of predictions, personalizing the insights you get, etc. For research activities we use only de-identified or aggregated data, which can not be associated with you.

  • You can contribute to the growth of Flo community

    You can contribute to the growth of Flo community

    Provided we receive your consent, we may use technical information about you (your unique technical identifier, age group, subscription status, and the fact of application launch) for promotion purposes to reach more people like you. You can always withdraw your consent to share this data.

  • You are in control

    You are in control

    You may access your Personal data, modify, correct, erase, and update it by writing to us at support@flo.health. You may also download the information Flo collected about you by contacting us. Please be aware that erasing or modifying some Personal data inserted by you may affect your possibility to use Flo in the future.

  • Your data is safe with Flo

    Your data is safe with Flo

    Your employer, your insurance company, even your relatives - none of them will ever know about the symptoms you log or the information you get in Flo until you tell them. We take all reasonable and appropriate measures to protect your Personal data from loss, theft, misuse or unauthorized access.

  • We protect the privacy of children

    We protect the privacy of children

    That is why you should be at least 13 to use Flo (16 for EU residents). We do not intentionally collect information about children, and we don’t allow people to use the App if they are younger than 13 (16 for EU residents). Moreover, some of the App functions may be limited to users that are younger than 18.

  • Data transfers are under legal control

    Data transfers are under legal control

    Flo complies with the EU - U.S. Privacy Shield Framework and Swiss - U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles.

  • You can freely talk to us

    You can freely talk to us

    We believe in transparent and open dialogue, so we strongly encourage you to contact our Support Team, our Data Protection Officer or send a message via our dedicated email if you have questions about this policy, how we collect or process your personal data, or anything else related to our privacy practices.

Introduction

This Privacy Policy explains how Flo Health, Inc. (“Company” or “we” or “us”) collects, stores, uses, transfers and shares  Personal data from our users (“you”) in connection with:
  • the Flo fem ® mobile application, 
  • flo.health website ("Website"), 
  • courses.flo.health (“Courses”), 
  • reg.flo.health and related services (“Web services”)

(all collectively, the “App”).

We reserve the right to and may change this Privacy Policy from time to time. If we make any material changes, we will notify you by email (sent to the email address specified when you register), through the App, or by presenting you with a new version of this Privacy Policy. Your continued use of the App after the effective date of an updated version of the Privacy Policy will indicate your acceptance of the Privacy Policy as modified. In some cases, you will have to explicitly accept changes to the Privacy Policy. Please review our Website and the App for the latest updates on our data privacy practices. If you do not accept the terms of the Privacy Policy, we ask that you do not use the App. Please exit the App immediately if you do not agree to the terms of this Privacy Policy.

1. Personal data and information we collect from you

Personal data you provide us directly

General Information. When you sign up to use the App, we may collect Personal data about you such as:

  • Full name;
  • Email address;
  • Gender;
  • Date of birth;
  • Password or passcode;
  • Place of residence and associated location information;
  • ID (to prove your identity in certain cases).
Health and Wellbeing. When you use the App, you may choose to provide personal information about your health such as:
  • Weight;
  • Body temperature;
  • Menstrual cycle dates;
  • Various symptoms related to your menstrual cycle and health;
  • Other information about your health (including sexual activities) wellbeing, and related activities (collectively, “Personal data”).

You also may give us possibility to import into the App Personal data about your health and activities from third-party services such as Apple HealthKit and Google Fit. Such imported Personal data may include: sports activities, weight, calories burnt, heartbeat rate, number of steps/distance travelled, and other data about your health. In order for us to process any Personal data under this category we will explicitly ask your consent at registration screen.

Personal data we may collect automatically

When you access or use the App, we may automatically collect the following information:

Device Information:

  • Hardware model;
  • Information about operating system and its version;
  • Unique device identifiers (e.g. IDFA);
  • Mobile network information.

Location Information:

  • IP address;
  • Time zone;
  • Information about your mobile service provider.

App usage data, including, among others:

  • Frequency of use;
  • Areas and features of our App you visit;
  • Your use patters generally;
  • Engagement with particular features.

To collect this information, we may also send cookies to your mobile device or computer or engage other tracking technologies. Cookies are small data files stored on your hard drive or in device memory. See more in our Cookie Policy.

Data from external sources. We may use third-party tools like Appsflyer that provide us some of your attribution data that we further utilize to customize and personalize your App experience. We may also use such data for statistical purposes and analytics.

YOUR CONSENT

By creating a profile or signing up to use the App, you explicitly consent that:

I. WE MAY STORE AND PROCESS YOUR PERSONAL DATA YOU PROVIDE THROUGH THE USAGE OF THE APP AND THROUGH THE ACCOUNT CREATION SOLELY FOR THE PURPOSES INDICATED IN SECTION 2 OF THIS PRIVACY POLICY. SUCH PURPOSES MAY INCLUDE SENDING YOU INFORMATION AND REMINDERS THROUGH THE APP OR TO THE EMAIL ADDRESS.

II. WE WILL NOT TRANSMIT ANY OF YOUR PERSONAL DATA TO THIRD PARTIES UNLESS OTHERWISE IS PROVIDED BY THIS PRIVACY POLICY.

PLEASE NOTE THAT WE WILL NEVER SHARE YOUR EXACT AGE OR ANY DATA RELATED TO YOUR HEALTH AND WELLBEING WITH ANY THIRD PARTIES.

2. How we use your Personal data 

Purposes of processing

We may use your Personal data, for the following purposes:

  • to analyze, operate, maintain and improve the App, to add new features and services to the App;
  • to customize content and materials you see when you use the App;
  • to provide and deliver the products and services you request, process transactions and send you related information, including confirmations and reminders;
  • to customize product and service offerings and recommendations to you, including third-party products and offerings (except health data, including data from Apple HealthKit and Google Fit);
  • to verify your identity;
  • to send you technical notices, updates, security alerts and support and administrative messages;
  • for billing (invoicing), account management and other administrative purposes, if applies;
  • to respond to your comments, questions and requests and provide customer service;
  • to monitor and analyze trends, usage and activities in connection with our App;
  • solely with respect to information that you mark for sharing, for Company promotional purposes (except data from Apple HealthKit and Google Fit);
  • to link or combine with information we get from others or (and) from you to help understand your needs and provide you with better service (to use in training of neural networks, artificial intelligence);
  • for scientific and academic research purposes; and
  • for any other purposes disclosed to you at the time we collect Personal data or any other purposes indicated in this Privacy Policy.

We will not use the information gained through your use of the HealthKit and Google Fit framework for advertising or similar services, or sell it to advertising platforms, data brokers, or information resellers. We will also never sell your Personal data as may be defined by applicable laws.

Principles of processing

Data minimization and purpose limitation. We will not process Personal data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you or collect any Personal data that is not needed for the mentioned purposes. For any new purpose of processing we will ask your separate explicit consent. To the extent necessary for those purposes, we take all reasonable steps to ensure that Personal Data is reliable for its intended use, accurate, complete, and current. We also undertake to collect only such amount and type of Personal data that is strictly needed for the mentioned purposes.

No sale of Personal data. We will never sell, rent, or disclose your Personal data. We may share only some of your Personal data to our service providers strictly limited to cases and purposes stipulated in this Privacy Policy.

3. Your privacy rights

Notwithstanding the country or region you are coming from we are committed to grant you the vast privacy rights in respect to your Personal data.

What rights?

  • Correction of Personal data. If you believe that your Personal data is inaccurate, you have right to contact us and ask us to correct such Personal data. 
  • Restriction of Processing. You also have a right to request restriction of processing of your Personal data, if you contest the accuracy of the Personal data and we need some time to verify its accuracy.
  • Information rights and access to your Personal data (including in portable form). The App gives you the ability to access Personal data within the App a. You shall have a right to request information about what  Personal data we have about you, to access your Personal data and receive a copy of it (including in a structured and portable form).
  • Erasure of your Personal data. You have a right to contact us and ask us to erase  Personal data, if you withdraw your consent to processing, you believe such processing is not compliant with applicable law and in some other cases. Please be aware that erasing some Personal data may affect your possibility to use the App and its features. 
  • Right to object processing of your Personal data. In some cases you can object processing your Personal data and stop us from processing your Personal data (for example, if we process it under legitimate interest basis). 
  • Right to object (opt-out) automated decision-making: 

Tracking functions. We use automated decision-making mechanisms that process your Personal data in order to provide you our Services related to period tracking (for example, predictions of your future cycle dates or ovulation). Normally, such automated decision-making works better, if you insert more Personal data about your cycle, symptoms, and physical activities. Our tools process this data in order to track particular dependencies and correlations in your cycles and symptoms, and provide you more personalized information about your cycle and its predictions. Please note that such automated decision-making is necessary for the performance of our Terms of Use. You don’t have a right to opt-out from such automated decision-making. However, you can always let us know, if it works incorrectly for you, and we will correct the results accordingly, explain you why you have received certain results, and involve our staff in correcting such results.

Personification of content. We personalize content you see in the App (e.g. articles) based on Personal data that you insert into the App. You have a right to opt-out from such automated decision-making. Please note that this may affect your possibility to use the App.

How to exercise your privacy rights

Simply write us at support@flo.health to exercise any of your privacy rights. 

We commit to grant them within 30 days after receipt. It may take us up to 90 days in some cases, for example for full erasure of your Personal data stored in our backup systems. This is due to the size and complexity of the systems we use to store Personal data.

Formalities to exercise your privacy rights 

Please keep in mind that in case of a vague request we may engage the individual in a dialogue so as to better understand the motivation and content of the request. We may also refuse manifestly unfounded and excessive (repetitive) requests. 

We might also require you to prove your identity in some cases. This is made to ensure that no rights of third parties are violated by your request.

What else?

Notification requirements. We commit to notify you, when it is needed under the law, within a reasonable period of time and your data protection authority within the timeframe specified in applicable law about Personal data breaches related to your Personal data.

Data Protection Authorities. Subject to applicable laws, you may have the right to lodge a complaint with your local data protection authority about any of our activities that you deem are not compliant with applicable law.

4. Third parties processing your Personal data

We will not share your Personal data with any third parties except as specified below.

Processing to find new Flo users

Provided we receive your consent, we may share some of your Personal data with AppsFlyer, a mobile marketing platform, that handles your Personal data in accordance with our instructions. By using AppsFlyer and its integrated partners we are able to reach more people like you and spread the word about the App to help more women to stay in control with their health and wellbeing.

Read more about AppsFlyer here and its integrated partners here

To accomplish the above-mentioned goal, we may share certain Personal data with AppsFlyer and some of its integrated partners as indicated below.

Here is a step-by-step illustration of how we utilize AppsFlyer and its integrated partners:

1. You become a Flo user and opt-in for sharing Personal data, strictly limited to the following set: 

a)  Technical identifiers: IP address (which may also provide general location information), User agent, IDFA (Identifier for advertisers), Android ID (in Android devices), Google Advertiser ID, Customer issued user ID and other similar unique technical identifiers.
b) Your age group;
c) Your subscription status;
d) The fact of application launch.

2. Flo App sends your data to AppsFlyer, which analyzes it and provides us reports and insights on how to optimize our promotional campaigns.

3. At the same time, AppsFlyer sends your data to some of its integrated partners (e.g. Pinterest, Google Ads, Apple Search Ads, FB marketing network, and a couple of others) to find people like you on different platforms, including social media websites. These integrated partners analyze your data (so-called “custom audience”) and show relevant information about the App to people who might be potentially interested in it (so-called “lookalike audience”).

4. This is how new users find out about Flo, get accurate cycle predictions, learn about the meaning of their bodies’ signals and receive credible information about their health. You contribute to the growth of Flo community providing your consent to use Flo app. 

Opt-out options. You can withdraw your consent to sharing of your Personal data in accordance with this subsection anytime by using one of the following options:

  1. By contacting us at support@flo.health;
  2. By using AppsFlyer “Forget my device” function here;
  3. By adjusting your device settings in iOS or Android in order to stop sharing your IDFA or Android Advertising ID with any third parties. In such case no third party will be able to utilize your Personal data in accordance with this Section of the Privacy Policy.

PLEASE NOTE THAT WE WILL NEVER SHARE YOUR EXACT AGE OR ANY DATA RELATED TO YOUR HEALTH WITH APPSFLYER AND ITS INTEGRATED PARTIES.

Processing to make the App run 

We engage processors that perform particular operations with your Personal data for us.

Processors are companies that help us run the App, support our communication with you or perform other App-related activities. They may process certain Personal data on our behalf to accomplish the goals related to the App functions and associated activities. Processors act only in accordance to  our instructions and process only such amount of Personal data as we instruct them to process. We remain fully liable for any acts or omissions of our processors and undertake to execute formal data processing agreements with them to the extent required by applicable law.

Here is the list of our main processors:

Type
Processor
Processor's privacy policy
Data collected
Purpose
Infrastructure and security
AWS (Amazon Web Services, Inc.) 
  • All Personal data 
storage of all Personal data when you use the App
Infrastructure and security
Cloudflare (Cloudflare, Inc.)
  • All Personal data 
security of the App, content delivery
Email communications
SendGrid (SendGrid, Inc.,USA)
  • Email address
  • Personalized texts
to reach you with our newsletters, surveys and notifications
Email communications
SurveyMonkey (SurveyMonkey Inc., USA)
  • IP address
  • Results of surveys
to deliver different Service-related surveys 
Analytical tools
Looker (Looker Data Sciences, Inc., USA)
  • De-identified App usage data
  • to understand how you use the App, engage with particular features and what you like or dislike the most
  • to generate statistical reports
Internal functions
Algolia 
  • IP address
  • Content of the search request
to provide you search functions inside the App
Customer support 
Zendesk (Zendesk Inc., USA)
  • Email address
  • Content of the emails
to process and sort all emails received from you
Payments 
Apple. Inc.
  • Payment and banking information
  • Personal identifiers
to collect and process payments for subscription to the App
Payments 
Google
  • Payment and banking information
  • Personal identifiers
to collect and process payments for subscription to the App
Payments 
Stripe (Stripe, Inc., USA)
  • Payment and banking information
  • Personal identifiers
to collect and process payments for subscription to the Courses
Website, Web services, and Courses trackers
-
-
When you use the Website, the Web services and the Courses some third parties may collect information about your visit and activities via cookies and other tracking technologies (e.g. special pixels) for various purposes like analytics or improvement of performance. See more about cookies and how you can opt-out from them in our Cookie Policy

Privacy Shield notice.

In the context of an onward transfers we have responsibility for the processing of Personal data we receive under the Privacy Shield. We remain liable under the Principles (as defined below) if our processor processes such Personal data in a manner inconsistent with the Principles and GDPR, unless we prove that we are not responsible for the event giving rise to the damage. For any onward transfer we commit to execute a formal agreement with any receiving party or processor acting on our behalf.

If we receive Personal data subject to our certification under the Privacy Shield and then transfer it to a third-party service provider acting as an agent on our behalf, we have certain liability under the Privacy Shield if both (i) the agent processes the Personal data in a manner inconsistent with the Privacy Shield and (ii) we are responsible for the event giving rise to the damage.

Aggregated information

We may share aggregated, anonymized or de-identified information, which cannot reasonably be used to identify you, with our partners or research institutions. For example, we may share, including, without limitation, in articles, blog posts and scientific publications, general age demographic information and aggregate statistics about certain activities or symptoms from data collected to help identify patterns across users. Sharing such data contributes to the advancement of scientific research on women’s health.

Special circumstances

We may also share some of your Personal data in the following special circumstances: 
  • in response to subpoenas, court orders or legal processes, to the extent permitted and as restricted by law (including to meet national security or law enforcement requirements); 
  • when disclosure is required to maintain the security and integrity of the App, or to protect any user’s security or the security of other persons, consistent with applicable laws. In such cases we may also delete some of your Personal data (e.g. resetting your password to avoid unauthorized access); 
  • when disclosure is directed or consented to by the user who has input the Personal data; 
  • in the event that we go through a business transition, such as a merger, divestiture, acquisition, liquidation or sale of all or a portion of its assets, your information will, in most instances, be part of the assets transferred.

Information posted by you

The App features several community areas and other public forums where users with similar interests or medical conditions can share information and support one another Our communities are open to the App community and should not be considered private.

Any information (including Personal data) you share in any online community area or online discussion is by design open to the App community and is not private. You should think carefully before posting any Personal data in any public forum. What you post can be seen, disclosed to, or collected by third parties and may be used by others in ways we cannot control or predict, including to contact you for unauthorized purposes. 

If you mistakenly post Personal data in our community areas and would like it removed, you can send us an email as listed below to request that we remove it. 

5. Retention of your Personal data

When you use the App

We will retain your Personal data as long as your account is active or needed to provide you Services, and only for as long as it serves purposes of processing identified in Section 2 of this Privacy Policy. At any time, you can erase your Personal data in accordance with the Privacy Policy.

After you stop using the App

If you choose to delete the App, deactivate your account, we retain your Personal data for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Services.

You should be aware that we may retain certain Personal data and other information after your account has been terminated or deleted in an aggregated, anonymized form. Any posts or comments you submit may remain visible if and after you delete your account. We are not obligated to remove your posts or comments. We reserve the right to use your information in any aggregated data collection after you have terminated your account, however we will ensure that the use of such information will not identify you personally. We will also retain your Personal data as necessary to comply with legal obligations, resolve disputes and enforce our agreements.

If you remove data from your account, you will no longer see it in the App, but some backups of the data may remain in our archive servers for a reasonable period of time due to technical solutions we use. However, we undertake to delete any such backups within a reasonable period of time.

6. Personal data you elect to share with third parties

You can direct us to share data from the App with other parties. For example, you can permit us to share data with other health apps and services like Google Fit and Apple HealthKit. Once you direct us to share your data with a third party, that third party will have their own privacy policy and we do not control how the third party uses or handles the information. You can revoke your consent to share information with such a third party at any time in your App account settings.

We take reasonable steps in order to ensure compliance of such third parties with any applicable laws that might govern processing of your Personal Data.

7. Security of your Personal data

We take all reasonable and appropriate measures to protect all collected Personal data from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the nature of the Personal data that we process and risks associated with special categories of Personal data we collect (information about health). Among others, we utilize the following information security measures to protect your Personal data:
  • Pseudonymization and tokenization of certain categories of your Personal data;
  • Encryption of your Personal data in transit and in rest;
  • Systematic vulnerability scanning and penetration testing;
  • Protection of data integrity;
  • Organizational and legal measures. For example, our employees have different levels of access to your Personal data and only those in charge of data management get access to your Personal data and only for limited purposes required for the operation of the App. We impose strict liability on our employees for any disclosures, unauthorized accesses, alterations, destructions, misuses of your Personal data.
  • Conducting periodical data protection impact assessments in order to ensure that the App fully adheres to the principles of ‘privacy by design’, ‘privacy by default’ and others. We also commit to undertake privacy audit in case of Company’s merger or takeover.

Please understand that you can help keep your information secure by choosing and protecting your password appropriately, not sharing your password and preventing others from using your mobile device. Please understand that no security system is perfect and, as such, we cannot guarantee the absolute security of the App, or that your information won’t be intercepted while being transmitted to us. If we learn of a security systems breach, we may either post a notice, or attempt to notify you by email and will take reasonable steps to remedy the breach as specified in this Privacy Policy.

8. Children’s privacy

General age limitation. We are committed to protecting the privacy of children. The App is not intended for children and we do not intentionally collect information about children under 13 years old. The App does not collect Personal data from any person the Company actually knows is under the age of 13. If you are aware of anyone under 13 using the App, please contact us at support@flo.health and we will take required steps to delete such information and (or) delete her account.

Age limitation for EU residents. Due to requirements of the GDPR you shall be at least 16 years old in order to use the App. To the extent prohibited by applicable law, we do not allow use of the App by the EU residents younger than 16 years old. If you are aware of anyone younger than 16 using the App, please contact us at support@flo.health and we will take steps to delete such information and (or) delete her account.

Courses. You must be at least 18 years old to use the Courses. We do not process any Personal data of anyone below 18 in the Courses.

9. Communications

We may contact you from time to time via email or through other means to communicate with you about products, services, offers, promotions, rewards, and events offered by us and others, and provide news and information that we think will be of interest to you. You can always opt out of receiving emails by unsubscribing via the “Unsubscribe” link contained in the email. Opting-out of these emails will not end transmission of important service-related emails that are necessary to your use of the App. If applicable laws prescribe so, certain exclusions may apply to the residents of some countries regarding an active opt-in for any email communications from us. We may ask such users to provide their consent for any such communications at the registration screen or separately.

10. Storage and international Personal data transfers

General

The Company is based in the United States and Personal data we collect is governed by U.S. law. Please be advised that U.S. law and laws of other countries may not offer the same protections as the law of your jurisdiction.

In addition, you agree that Personal data collected may be stored and processed in Canada and the United States, where the Company rents servers, or in any other country in which the Company or its affiliates, subsidiaries or agents maintain facilities, and by using the App, you consent to any such transfer of Personal data outside of your country.

European Union and Swiss residents 

Please bear in mind that we may transfer your Personal data to the United States which data protection is not deemed adequate under applicable data protection law.

However, we comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EU and Switzerland to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles (the “Principles”), the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit privacyshield.gov.

Complaints and Dispute Resolution. In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your Personal data. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at dpo@flo.health or mailing address:

Flo Health Inc.

541 Jefferson Ave Ste 100, Redwood City, CA 94063-1700

We have further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit the following link for more information or to file a complaint. The services of JAMS are provided at no cost to you.

Arbitration. You may also be able to invoke binding arbitration for unresolved complaints but prior to initiating such arbitration, a resident of a European country (including Switzerland) participating in the Privacy Shield must first: (1) contact us and afford us the opportunity to resolve the issue; (2) seek assistance from JAMS; and (3) contact the U.S. Department of Commerce (either directly or through a European Data Protection Authority) and afford the Department of Commerce time to attempt to resolve the issue. If such a resident invokes binding arbitration, each party shall be responsible for its own attorney’s fees. Please be advised that, pursuant to the Privacy Shield, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the resident. The arbitration option may not be invoked if the individual’s same claimed violation of the Principles (1) has previously been subject to binding arbitration; (2) was the subject of a final judgment entered in a court action to which the individual was a party; or (3) was previously settled by the parties.

U.S. Federal Trade Commission Enforcement. Our Privacy Shield compliance is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

11. Data Protection Officer (DPO)

To communicate with our Data Protection Officer, please email at dpo@flo.health.

12. Contact us

General. If you have any questions or concerns about your privacy, you may contact us at:

Flo Health, Inc., 541 Jefferson Ave Ste 100, Redwood City, CA 94063-1700

Email: support@flo.health or dpo@flo.health

EU residents. You may contact our EU representative:

DPOEU LTD, Office 902, Oval, Krinou 3, Ayios Athanasios, 4103, Limassol, Cyprus
Email: info@dpoeu.eu