Privacy Policy (archived)

You're reading an archived version of our Privacy Policy. View the current version.​

When you use Flo, you are trusting us with intimate personal information. We are committed to keeping that trust, which is why our policy as a company is to take every step to ensure that individual user's data and privacy rights are protected and to provide transparency about our data practices. 

The primary purpose of our Privacy Policy is to provide a clear understanding of what data we collect, how it is used and shared, and how you can control it.

Introduction

• the Flo fem ® mobile application, 
• flo.health website including any products and services related to it ("Website"),

(all collectively, the “App”).

We reserve the right to and may change this Privacy Policy from time to time. If we make any material changes, we will notify you by email (sent to the email address specified when you register), through the App, or by presenting you with a new version of this Privacy Policy. Your continued use of the App after the effective date of an updated version of the Privacy Policy will indicate your acceptance of the Privacy Policy as modified. In some cases, you will have to accept changes to the Privacy Policy explicitly. Please review our Website and the App for the latest updates on our data privacy practices. If you do not accept the terms of the Privacy Policy, we ask that you do not use the App. Please exit the App immediately if you do not agree to the terms of this Privacy Policy.

Personal Data you provide us directly

General Information. When you sign up to use the App, we may collect Personal Data about you such as:

• Name;
• Email address;
• Gender;
• Date of birth;
• Password or passcode;
• Place of residence and associated location information;
• ID (for limited purposes).

• Weight;
• Body temperature;
• Menstrual cycle dates;
• Various symptoms related to your menstrual cycle and health;
• Other information about your health (including sexual activities), well-being, and related activities, including personal life (collectively, “Personal Data”).

You also may give us the ability to import into the App Personal Data about your health and activities from third-party services such as Apple HealthKit and Google Fit. Such imported Personal Data may include sports activities, weight, calories burnt, heartbeat rate, number of steps/distance traveled, and other data about your health. In order for us to process any Personal Data under this category we will explicitly ask your consent on the registration screen.

Personal Data we may collect automatically

When you access or use the App, we may automatically collect the following information:

Device Information:

• Hardware model;
• Information about the operating system and its version;
• Unique device identifiers (e.g. IDFA);
• Mobile network information;
• Device storage information.

Location Information:

• IP address;
• Time zone;
• Information about your mobile service provider.

App usage data, including, among others:

• Frequency of use;
• Areas and features of our App you visit;
• Your use patterns generally;
• Engagement with particular features.

To collect this information, we may also send cookies to your mobile device or computer or engage other tracking technologies. See more in our Cookie Policy.

Data from external sources. We may use third-party tools like AppsFlyer that provide us some of your attribution data that we further utilize to customize and personalize your App experience. We may also use such data for statistical purposes and analytics.

As any compliant organization we will not collect and use your Personal Data without letting you know or having any reasons for that whatsoever. So, for any purpose of processing your Personal data we need to have some valid ground, or so-called “legal basis”. 

Depending on a case, we will process your Personal data based on the following legal basis:

• Your consent. Your permission to process the Personal Data that you provide to us on the registration screen or at any other appropriate moment if necessary; 
• Your contractual relations with us. We may need to process some Personal Data for making the App and its services available for access, installation and further use;
• Legitimate interest. We may process some of your personal data to pursue commercial interests and wider societal benefits;
• Legal obligation. We may be obligated to process some of your Personal Data to comply with applicable laws and regulations.     

Here is the description of the main type of processing activities we conduct with your Personal data and related legal basis for that (with some basic examples):

Principles of processing

Data minimization and purpose limitation. We will not process Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you or collect any Personal Data that is not needed for the mentioned purposes. For any new purpose of processing we will ask your separate consent. 

No sale of Personal Data. We will never sell, rent, or disclose your Personal Data. We may share only some of your Personal Data to our service providers strictly limited to cases and purposes stipulated in this Privacy Policy. We will also not use the information gained through your use of the HealthKit and Google Fit framework for advertising or similar services, or sell it to advertising platforms, data brokers, or information resellers.

It does not matter what country or region you come from. We are committed to providing you vast privacy rights for your Personal Data.

What rights?

How to exercise your privacy rights

Сontact us at support@flo.health to exercise any of your privacy rights. 

We will exercise them within 30 days after receipt. It may take us up to 90 days in some cases, for example for full erasure of your Personal Data stored in our backup systems. We will let you know if we need more time and explain the reasons for the delay. 

What else?

Please keep in mind that if we receive a vague request, we may engage the individual to better understand the motivation and content of the request. We may also refuse manifestly unfounded and excessive (repetitive) requests. 

We might also require you to prove your identity in some cases. Normally, we make sure to verify that the request is coming from the same email as you indicated when registering in the App. In case of doubt we may ask you to undergo some additional verification. This is made to ensure that no rights of third parties are violated by your request.

Subject to applicable laws, you may have a right to lodge a complaint with your local data protection authority about any of our activities (related to your privacy rights, among others) that you think are not compliant with applicable law. However, if you think that we do something incorrectly, let us know first at privacy@flo.health. We care about your privacy and want to make sure that we did everything to address any of your concerns.

We will not share your Personal Data with any third parties except as specified below.

Processing to find new Flo users and stay in touch with you

We may share some of your non-health Personal Data with AppsFlyer, a mobile marketing platform, that handles your Personal Data in accordance with our instructions. By using AppsFlyer and its integrated partners we are able to reach you and people like you on various platforms and spread the word about the App to help more women to stay in control with their health and well-being. If we need to share your Personal Data with other platforms for this purpose, except as defined herein, we will ask for your consent. If this is required by law, we will secure your consent to share your non-health data with AppsFlyer and its integrated partners. 

Here is a step-by-step illustration of how we work with  AppsFlyer and its integrated partners:

1. You become a Flo user  and we start sharing Personal Data, strictly limited to the following set: 

a)  Technical identifiers: IP address (which may also provide general location information), User agent, IDFA (Identifier for advertisers), Android ID (in Android devices), Google Advertiser ID, Customer-issued user ID and other similar unique technical identifiers.
b) Your age group;
c) Your subscription status;
d) The fact of application launch.

2. Flo App sends your data to AppsFlyer, which analyzes it and provides us reports and insights on how to optimize our promotional campaigns.

3. At the same time, AppsFlyer sends your data to some of its integrated partners (e.g. Pinterest, Google Ads, Apple Search Ads, FB marketing network, and a couple of others) to find you or people like you on different platforms, including social media websites. These integrated partners analyze your data and show relevant information about the App to people who might be potentially interested in it or remind you about revisiting the App, if you stopped using it a while ago. 

4. This is how you and new users find out more about Flo, get accurate cycle predictions, learn about the meaning of their bodies’ cues and receive credible information about their health. You contribute to the growth of the Flo community by providing your consent to use the Flo app. 

Read more about AppsFlyer here and its integrated partners here.

Opt-out options. You can withdraw your consent or opt-out, whatever applies in your case, from  sharing of your Personal Data in accordance with this subsection anytime by using one of the following options:

1. By contacting us at support@flo.health;
2. By adjusting your device settings in iOS or Android in order to stop sharing your IDFA or Android Advertising ID.

Processing to make the App run 

We engage processors that perform particular operations with your Personal Data for us.

Processors are companies that help us run the App, support our communication with you or perform other App-related activities. They may process certain Personal Data on our behalf to accomplish the goals related to the App functions and associated activities. Processors act only in accordance with our instructions and process only such amount of Personal Data as we instruct them to process. We remain fully liable for any acts or omissions of our processors and undertake to execute formal data processing agreements with them to the extent required by applicable law.

Here is the list of our main processors:

Sometimes we may aggregate, anonymize or de-identify your Personal data in such a way so that it cannot reasonably be used to identify you. Such data is no longer personal. We may share such data with our partners or research institutions. For example, we may share, including, without limitation, in articles, blog posts and scientific publications, general age demographic information and aggregate statistics about certain activities or symptoms from data collected to help identify patterns across users. Sharing such data contributes to the advancement of scientific research on women’s health.

Information posted by you

The App features several community areas like Secret Chats where users with similar interests can share information and support one another. 

Any information (including Personal Data) you share in any online community area or online discussion is by design open to the App community. You should think carefully before posting any Personal Data in any public forum. What you post can be seen, disclosed to, or collected by third parties and may be used by others in ways we cannot control or predict, including to contact you for unauthorized purposes. Moreover posting your Personal Data in Secret Chats may violate the Secret Chats Rules. If you mistakenly post Personal Data in our community areas and would like it removed, you can send us an email as listed below to request that we remove it. 

Special circumstances

• in response to subpoenas, court orders or legal processes, to the extent permitted and as restricted by law (including to meet national security or law enforcement requirements); 
• when disclosure is required to maintain the security and integrity of the App, or to protect any user’s security or the security of other persons, consistent with applicable laws. In such cases we may also delete some of your Personal Data (e.g. resetting your password to avoid unauthorized access); 
• when disclosure is directed or consented to by the user who has input the Personal Data; 
• in the event that we go through a business transition, such as a merger, divestiture, acquisition, liquidation or sale of all or a portion of its assets, your information will, in most instances, be part of the assets transferred.

When you use the App

We will retain your Personal Data as long as your account is active or needed to provide you Services, and only for as long as it serves purposes of processing identified in Section 2 of this Privacy Policy. At any time, you can erase your Personal Data in accordance with the Privacy Policy.

After you stop using the App

If you choose to delete the App or deactivate your account, or your account becomes inactive for a while, we will retain your Personal Data for a reasonable period in case you decide to re-activate the Services. The App covers different periods of users’ lifecycle; therefore retention of your data is needed in some cases to secure your smooth experience with other App functions (e.g., switching to pregnancy mode after cycle tracking). 

You should be aware that we may retain certain Personal Data and other information after your account has been terminated or deleted as necessary to comply with legal obligations, resolve disputes and enforce our agreements.

General security measures

We take all reasonable and appropriate measures to protect all Personal Data collected from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the nature of the Personal Data that we process and risks associated with special categories of Personal Data we collect (information about health). Among others, we utilize the following information security measures to protect your Personal Data:

• Pseudonymization and tokenization of certain categories of your Personal Data;
• Encryption of your Personal Data in transit and in rest;
• Systematic vulnerability scanning and penetration testing;
• Protection of data integrity;
• Organizational and legal measures. For example, our employees have different levels of access to your Personal Data and only those in charge of data management get access to your Personal Data and only for limited purposes required for the operation of the App. We impose strict liability on our employees for any disclosures, unauthorized accesses, alterations, destructions, misuses of your Personal Data.
• Conducting periodical data protection impact assessments in order to ensure that the App fully adheres to the principles of ‘privacy by design’, ‘privacy by default’ and others. We also commit to undertake a privacy audit in the event of the Company’s merger or takeover.

Please understand that you can help keep your information secure by choosing and protecting your password appropriately, not sharing your password and preventing others from using your mobile device. Please understand that no security system is perfect and, as such, we cannot guarantee the absolute security of the App, or that your information will not be intercepted while being transmitted to us. 

Security breaches

If we learn of a security systems breach, we may either post a notice, or attempt to notify you by email and will take reasonable steps to remedy the breach as specified in applicable law and this Privacy Policy. If we learn of a potential Personal Data breach, together with other actions referred to in Section 3 of the Privacy Policy (such as notifying you in certain cases), we will also undertake particular actions to remedy the breach, including, but not limited to, logging you out from all the devices, resetting a password (sending a temporary password for you to apply) and performing other reasonably necessary activities and actions.

If you want to report a security incident related to the App please contact us at security@flo.health.

General age limitation. We are committed to protecting the privacy of children. The App is not intended for children and we do not intentionally collect information about children under 13 years old. The App does not collect Personal Data from any person the Company actually knows is under the age of 13. If you are aware of anyone under 13 using the App, please contact us at support@flo.health and we will take the required steps to delete such information and (or) delete her account. 

Age limitation for the European Union residents. Due to legal requirements you shall be at least 16 years old to use the App. We do not allow the use of the App by the European Union residents younger than 16 years old. If you are aware of anyone younger than 16 using the App, please contact us at support@flo.health and we will take steps to delete such information and (or) delete her account.

We may contact you from time to time via email or through other means (like popups or push notifications) to communicate with you about products, services, offers, promotions, rewards, and events offered by us and others, and provide news and information that we think will be of interest to you. 

Opt-out options. You can always opt out of receiving emails by unsubscribing via the “Unsubscribe” link contained in the email. Opting-out of these emails or notifications will not end the transmission of important service-related emails that are necessary to your use of the App. If applicable laws prescribe so,  we may ask some users to provide their consent for such communications.

Please note that we may contact you with our information about products, services, offers, promotions, rewards, and events offered by us and others via third-party platforms (like social media). See more in section Processing to find new Flo users and stay in touch with you. Please note that you can always opt-out from such communication and usage of your Personal Data by contacting us at support@flo.health.

The Company is based in the United States, and Personal Data we collect is governed by U.S. law. Please be advised that U.S. law and laws of other countries may not offer the same protections as the law of your jurisdiction.

In addition, you agree that Personal Data collected may be stored and processed in Canada and the United States, where the Company rents servers, or in any other country in which the Company or its affiliates, subsidiaries or agents maintain facilities, and by using the App, you consent to any such transfer of Personal Data outside of your country.

To communicate with our Data Protection Officer, please email at dpo@flo.health or use the contact details below. 

General

If you have any questions or concerns about your privacy, you may contact us at:

Flo Health, Inc., 541 Jefferson Ave Ste 100, Redwood City, CA 94063-1700

Email: support@flo.health or dpo@flo.health

EU, UK and Swiss residents​

You may contact our EU representative:

DPOEU LTD, Office 902, Oval, Krinou 3, Ayios Athanasios, 4103, Limassol, Cyprus
Email: info@dpoeu.eu