Privacy Policy

Last updated: March 15, 2025

1. Introduction

Mediflowly ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website mediflowly.com or inquire about our hospital patient flow analytics services.

Mediflowly provides operational analytics software to healthcare organizations. Our platform is designed with HIPAA controls in mind to support our health system customers in meeting their own compliance obligations. This policy covers data collected through our website and marketing interactions — not data processed within our platform under a Business Associate Agreement (BAA).

2. Information We Collect

2.1 Information You Provide

We may collect information you provide directly to us, such as when you:

  • Fill out our demo request or contact form
  • Subscribe to our Insights newsletter
  • Communicate with us via email
  • Attend a webinar or event we host

This information may include your name, professional title, health system or organization name, email address, phone number, bed count range, and primary operational challenge.

2.2 Automatically Collected Information

When you visit our website, we may automatically collect certain information about your device, including:

  • IP address and approximate geographic location
  • Browser type and version
  • Pages visited and time spent on each page
  • Referring website or search query
  • Device type and operating system

3. How We Use Your Information

We use the information we collect to:

  • Respond to your demo requests and inquiries
  • Schedule and conduct product demonstrations
  • Send you our Insights newsletter and relevant operational content (with your consent)
  • Improve our website and understand which content is most useful to care operations professionals
  • Analyze website traffic and usage patterns
  • Comply with legal obligations

4. Healthcare Data and HIPAA

Mediflowly's analytics platform processes operational patient flow data on behalf of our health system customers. That processing is governed by a Business Associate Agreement (BAA) executed between Mediflowly and each customer health system — not by this website Privacy Policy.

Our platform is designed with HIPAA administrative, technical, and physical controls in mind to support our customers' HIPAA programs. We do not sell, share, or use any patient data processed under BAAs for marketing, research, or any purpose other than delivering the contracted service to the health system.

This Privacy Policy does not cover data processed under BAAs. If you are a health system representative with questions about our data processing practices under a BAA, please contact us at [email protected].

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to improve your browsing experience on our website. We do not use advertising trackers or sell your browsing data. For more information about our use of cookies, please see our Cookie Policy.

6. Information Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your information with:

  • Service providers who assist us in operating our website, CRM, and email communications (e.g., analytics services, email platform)
  • Legal authorities when required by law or to protect our rights and the safety of others
  • Business partners only with your explicit consent

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our platform uses TLS encryption for data in transit and encryption at rest for stored data. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Right to access and receive a copy of your data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

To exercise any of these rights, please contact us at [email protected].

9. Third-Party Links

Our website may contain links to third-party websites, including EHR vendor resources and healthcare association publications. We are not responsible for the privacy practices of these websites and encourage you to review their privacy policies.

10. Children's Privacy

Our website is directed to healthcare professionals and organizations and is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Mediflowly
225 South 6th Street, Suite 2400
Minneapolis, MN 55402
Email: [email protected]
Phone: +1 (612) 308-9378