Careflow

Legal

Privacy Policy

Last updated: May 1, 2026

Careflow ("we", "our") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights.

1. Data We Collect

  • Account data: name, email address, password (hashed)
  • Usage data: access logs, settings preferences
  • Clinical data: patient and consultation information (entered by you, encrypted)
  • Technical data: IP address, browser type, operating system

2. How We Use Your Data

  • Providing and improving the service
  • Sending essential account notifications
  • Meeting legal obligations (including GDPR)
  • Securing the platform and preventing fraud

3. Legal Basis (GDPR)

We process data on the basis of: contract performance (Art. 6(1)(b)), legitimate interest (Art. 6(1)(f)) and, for clinical data, explicit consent (Art. 9(2)(a)).

4. Data Storage and Security

Data is stored on servers within the European Union. Sensitive clinical data is encrypted at rest (AES-256). We apply technical and organisational measures in accordance with Art. 32 GDPR.

5. Your Rights

Under GDPR you have the right to: access, rectification, erasure, restriction, portability and objection. You may exercise these rights by writing to privacy@careflow.app.

6. Cookies

We use strictly necessary cookies for authentication and session preferences. We do not use third-party tracking cookies.

7. DPO Contact

For any privacy-related enquiry: privacy@careflow.app.