Legal
Privacy Policy
Last updated: May 1, 2026
Careflow ("we", "our") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights.
1. Data We Collect
- Account data: name, email address, password (hashed)
- Usage data: access logs, settings preferences
- Clinical data: patient and consultation information (entered by you, encrypted)
- Technical data: IP address, browser type, operating system
2. How We Use Your Data
- Providing and improving the service
- Sending essential account notifications
- Meeting legal obligations (including GDPR)
- Securing the platform and preventing fraud
3. Legal Basis (GDPR)
We process data on the basis of: contract performance (Art. 6(1)(b)), legitimate interest (Art. 6(1)(f)) and, for clinical data, explicit consent (Art. 9(2)(a)).
4. Data Storage and Security
Data is stored on servers within the European Union. Sensitive clinical data is encrypted at rest (AES-256). We apply technical and organisational measures in accordance with Art. 32 GDPR.
5. Your Rights
Under GDPR you have the right to: access, rectification, erasure, restriction, portability and objection. You may exercise these rights by writing to privacy@careflow.app.
6. Cookies
We use strictly necessary cookies for authentication and session preferences. We do not use third-party tracking cookies.
7. DPO Contact
For any privacy-related enquiry: privacy@careflow.app.