Skip to content
My Flow MD Logo
Register Now Login

Privacy Policy

1. Introduction

My Flow MD (“Company,” “we,” “our,” or “us”) respects your privacy and is committed to protecting it through our compliance with this Privacy Policy (“Policy”).

This Policy describes how My Flow MD collects, uses, discloses, and safeguards your information when you visit www.myflowmd.com or any related media form, mobile website, or mobile application (collectively, the “Website”), and when you use any products, services, software, or affiliated telehealth offerings operated by or on behalf of My Flow MD (collectively, the “Services”).

By accessing or using the Website or Services, you agree to the practices described in this Policy. Capitalized terms not otherwise defined herein have the meanings assigned in the My Flow MD Terms and Conditions.

If you use the Services on behalf of another individual, you represent that you are authorized to do so and that such individual has reviewed and accepted this Policy.

2. Notice to Users Outside the United States

The Website is hosted in the United States and governed by U.S. federal and state laws. If you access the Website from outside the U.S., you consent to the transfer of your personal information to the United States and to its use in accordance with this Policy. You are solely responsible for ensuring that your use of the Services complies with local laws in your jurisdiction.

3. Information We Collect

3.1 Non-Personally Identifiable Information

We may automatically collect information that does not personally identify you (“Non-PII”), such as browser type, operating system, IP address, referring and exit pages, and usage patterns. We use Non-PII to understand and improve how users interact with our Website.

3.2 Cookies, Device Fingerprinting, and Similar Technologies

We use cookies and comparable tracking technologies to maintain session data, store user preferences, facilitate transactions, and analyze traffic. You may disable cookies in your browser settings; however, certain features may not function properly.
Device-fingerprinting and analytics tools may collect configuration data unique to your device. For more information, visit the U.S. Federal Trade Commission’s online-tracking guidance at consumer.ftc.gov.

3.3 Flash Cookies and Web Beacons

Flash cookies and web beacons may be used to personalize your experience and measure engagement. Web beacons collect limited data such as cookie identifiers and timestamps and may not be declined individually but can be rendered ineffective by disabling cookies.

3.4 Analytics

We utilize third-party analytics providers, including Google Analytics. These parties may employ cookies and other identifiers to collect information about your interactions with our Website. You may opt out via Google’s browser add-on at https://tools.google.com/dlpage/gaoptout.

3.5 Mobile Data

When accessing the Services on a mobile device, we may collect device identifiers, model and manufacturer, operating system, IP address, and limited geolocation data derived from IP. With your consent, we may send push notifications or use mobile analytics to evaluate performance.

4. Social Media Integration

You may choose to link your My Flow MD account with certain social-networking services. When you do, we may access publicly available profile information such as your name, username, and profile image. Data shared through these integrations is subject to each platform’s privacy settings and policies. My Flow MD is not responsible for the privacy practices of external networks.

5. Personally Identifiable Information

5.1 Information You Provide

We collect information you voluntarily submit, which may include:

  • Full name, date of birth, address, phone number, and email
  • Account credentials and preferences
  • Payment and billing details
  • Photographic identification for verification
  • Health and medical data provided for diagnosis or treatment
  • Communications between you and My Flow MD or affiliated providers

Refusal to provide requested information may limit your ability to access certain Services.

5.2 Medical and Protected Health Information

We collect medical data you submit for diagnostic or treatment purposes, including prior provider information, clinical history, images or videos, and communications with physicians.

My Flow MD itself is not a “covered entity” under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Certain affiliated pharmacies or providers may be covered entities, and My Flow MD may, in limited contexts, act as a “business associate.” In those cases, we handle Protected Health Information (PHI) in accordance with HIPAA and applicable state law.

Information that does not constitute PHI under HIPAA may be used and disclosed under this Policy. De-identified data may be used for analytics, research, or operational improvement consistent with law.

5.3 Biometric Verification

To verify your identity, you may be asked to upload identification documents and a selfie image. Our verification partner may generate biometric identifiers solely to confirm a match; those identifiers are not retained by My Flow MD and are deleted by the verification partner following completion of verification.

6. How We Use Your Information

We use your information to:

  1. Provide and manage the Services and your account;
  2. Facilitate medical consultations, prescriptions, and order fulfillment;
  3. Process payments and transactions;
  4. Communicate regarding your account, orders, and updates;
  5. Send promotional or educational communications (you may opt out at any time);
  6. Personalize content and advertisements;
  7. Detect, investigate, and prevent fraud or misuse;
  8. Comply with legal obligations; and
  9. Enforce our Terms and Conditions and other agreements.

7. How We Disclose Information

7.1 Legal and Regulatory Disclosures

We may disclose information when required by law, subpoena, court order, or government request, or to protect the rights, property, or safety of My Flow MD, our users, or others.

7.2 Service Providers and Business Partners

We may share personal data with authorized vendors providing services such as payment processing, order fulfillment, IT support, analytics, marketing, or customer service. These parties may access data only to perform their contracted functions and are prohibited from using it for other purposes.

7.3 Providers and Pharmacies

We share relevant medical and personal information with affiliated medical groups, licensed providers, and partner pharmacies to enable telehealth consultations and prescription fulfillment.

7.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, personal information may be transferred as part of that transaction, subject to this Policy or a successor policy providing equal or greater protection.

7.5 Marketing Communications

Unless you opt out, we may contact you with promotional materials about products and services. You may unsubscribe by following the link in any marketing email or contacting us directly. We do not sell personal information for monetary consideration.

7.6 Aggregated and De-Identified Data

We may share aggregated or de-identified data that cannot reasonably identify you, for research, analytics, or marketing purposes.

8. Children’s Privacy

The Services are intended for individuals 18 years or older (or the age of majority in their jurisdiction). Persons aged 13 to 17 may use certain limited skincare services with parental or guardian consent. We do not knowingly collect personal information from children under 13. If we learn that a child under 13 has provided information, we will delete it promptly.

Requests for removal of a minor’s data may be directed to:
By Mail: My Flow MD – Privacy Officer, 3790 El Camino Real #1099, Palo Alto, CA 94306
By Email: support@myflowmd.com (subject line: “Removal of Minor Information”).

9. Data Security

We employ reasonable administrative, technical, and physical safeguards to protect your information against loss, misuse, unauthorized access, disclosure, alteration, and destruction. However, no transmission over the Internet or method of storage is entirely secure. You are responsible for maintaining the confidentiality of your password and account credentials and for notifying us of any suspected unauthorized use.

10. Transactions and Payment Processing

All monetary transactions occur through secure third-party payment processors such as Nexio. These processors collect and process your payment data under their own privacy policies. My Flow MD does not store your complete payment card information.

11. Data Retention

My Flow MD retains personal information for as long as necessary to fulfill the purposes described in this Policy, to comply with legal obligations, resolve disputes, and enforce agreements. Affiliated medical groups and pharmacies may retain health information in accordance with medical-record retention laws.

12. California Privacy Rights (CCPA / CPRA)

California residents have the following rights regarding their personal information:

  • Right to Know and Access: Request disclosure of categories and specific pieces of personal information collected.
  • Right to Deletion: Request deletion of personal information, subject to legal exceptions.
  • Right to Opt Out of Sale or Sharing: My Flow MD does not sell personal information for monetary value but may use cookies or analytics that could be deemed a “sale” under the CCPA. You may opt out by contacting support@myflowmd.com.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights.

To exercise your rights, contact us at support@myflowmd.com with the subject “California Privacy Rights.” We may require verification of your identity before responding. Authorized agents must provide written proof of authority.

13. GDPR and International Users

For users located in the European Economic Area (EEA), the United Kingdom, or other jurisdictions offering similar rights, My Flow MD processes personal data under lawful bases such as consent, performance of a contract, compliance with legal obligations, and legitimate interests. You may have the right to access, correct, delete, or restrict processing of your data, or to lodge a complaint with your supervisory authority.

14. Do-Not-Track Signals

Our Website does not currently respond to browser “Do Not Track” signals. You may adjust cookie settings or use browser plugins to limit tracking.

15. Changes to This Policy

My Flow MD may amend this Policy at any time. Updates will be posted on www.myflowmd.com/privacy with a revised “Last Updated” date. Material changes may also be communicated via email or account notice. Continued use of the Services after such changes constitutes acceptance of the revised Policy.

16. Contact Us

If you have questions or concerns about this Privacy Policy or our privacy practices, please contact:

My Flow MD, LLC
Attn: Privacy Officer
3790 El Camino Real #1099
Palo Alto, CA 94306
Email: support@myflowmd.com

For concerns about medical privacy under HIPAA, you may also contact the U.S. Department of Health and Human Services, Office for Civil Rights
Phone: (800) 368-1019 | Fax: (202) 619-3818 | Email: ocrmail@hhs.gov
https://www.hhs.gov/ocr/about-us/contact-us/index.html#ocr-regional-offices

By using or accessing the Website or Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.