MediFlow

Privacy Policy

Last updated: March 21, 2026

1. Who We Are

MediFlow ("we", "us", "our") is a clinic management platform operated by MediFlow. This policy explains how we collect, use, and protect your information when you use our website and application at mediflow.ph.

2. Information We Collect

Account information

  • Name, email address, and password when you sign up
  • Clinic name and details when you create or join a clinic
  • Role and permissions assigned to you within a clinic

Patient and clinical data

  • Patient records (name, contact info, allergies, conditions) entered by clinic staff
  • Appointment, consultation, prescription, and lab order records
  • Files uploaded such as lab results

Usage data

  • Pages visited, features used, and actions taken within the app
  • Device type, browser, and IP address
  • Cookies for authentication and session management

3. How We Use Your Information

  • To provide and maintain the MediFlow service
  • To authenticate your identity and manage your account
  • To send transactional emails (verification, password reset)
  • To improve the platform based on usage patterns
  • To respond to support requests

We do not sell your personal information or patient data to third parties.

4. Data Storage and Security

Your data is stored on secure servers. We use encryption in transit (HTTPS/TLS) and apply access controls to limit who can view or modify data. Passwords are hashed and never stored in plain text. We perform regular backups to prevent data loss.

5. Third-Party Services

We may use third-party services for:

  • Email delivery (transactional emails)
  • Authentication providers (Google, Facebook) if you choose to sign in with them
  • Hosting and infrastructure

These providers only receive the minimum information needed to perform their function. We do not share patient clinical data with any third-party service.

6. Cookies

We use cookies to keep you signed in and to remember your preferences. We do not use cookies for advertising or tracking across other websites.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Export your data in a portable format

To exercise any of these rights, contact us at help@mediflow.ph.

8. Data Deletion

You can request deletion of your account and all associated data by emailing help@mediflow.ph. We will process your request within 30 days. Some data may be retained where required by law or for legitimate business purposes (such as audit logs).

9. Children's Privacy

MediFlow is not intended for use by individuals under 18. We do not knowingly collect personal information from children. Patient records for minors are entered and managed by authorized clinic staff.

10. Changes to This Policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top. We encourage you to review this page periodically.

11. Contact Us

If you have questions about this privacy policy or how we handle your data, reach out at help@mediflow.ph.