Last Updated: February 23, 2026
This Privacy Policy explains how EVBOhealth ("we", "us", "our") collects, uses, discloses, and protects information when you use HealthFlow (the “Service”).
By using HealthFlow, you agree to this Privacy Policy. If you do not agree, do not use the Service.
You must be at least 18 years old to use the Service, or use the Service under the supervision and consent of a parent or legal guardian. We do not knowingly collect personal information from children without appropriate authorization.
When you create an account, we may collect information such as your name, email address, phone number, date of birth, timezone, and emergency contact details (name, phone, relationship).
If you connect health devices or enter health readings, we may collect health-related information you provide or that devices transmit (e.g., vitals, measurements, timestamps, device identifiers, firmware/app versions, signal/battery metrics, and related logs).
We may collect technical information such as IP address, device type, browser, operating system, pages/screens viewed, feature usage, and diagnostic logs (including crash reports) to operate and improve the Service.
If you contact us (email/support), we collect the contents of your message and related contact information.
We use information to:
HealthFlow is an informational and support tool only. The Service is not intended to provide medical advice, diagnosis, or treatment, and it should not be used to make medical decisions.
Always seek the advice of a qualified healthcare professional with any questions regarding a medical condition. In an emergency, call 911 (or your local emergency number).
Wearables and home medical devices can produce inaccurate or incomplete readings. HealthFlow does not guarantee the accuracy of device data, calculations, alerts, or insights. Confirm clinically significant readings with appropriate medical evaluation and/or approved clinical devices.
We may share information in the following circumstances:
We use third-party providers to operate the Service (for example: Firebase/Google Cloud services, device vendors/integration partners, and email/SMS delivery providers). These providers may process information on our behalf to provide hosting, authentication, data storage, messaging, analytics, and support functions.
We are not responsible for third-party outages or actions outside our control. However, we generally require service providers to handle data in a manner consistent with this Privacy Policy and to use it only for providing services to us.
We may disclose information if required by law, subpoena, or court order, or if we believe disclosure is necessary to protect the rights, property, or safety of users, our company, or others.
If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to applicable law.
We may share information when you request it, authorize it, or provide consent (for example, sharing data with a provider or caregiver, if the Service offers that feature).
HealthFlow is designed to comply with the Health Insurance Portability and Accountability Act (HIPAA) when handling Protected Health Information (PHI). We take our obligations seriously and implement comprehensive safeguards to protect your health data.
Protected Health Information includes any individually identifiable health information such as your medical history, health conditions, vital signs, medications, lab results, and any other data that relates to your past, present, or future health.
You have the right to:
We apply the "minimum necessary" standard, meaning we limit access to PHI to only the information needed for a specific purpose. Staff and providers only see the patient data necessary for their role in your care.
When HealthFlow is used by healthcare providers, clinics, or organizations, we may act as a Business Associate under HIPAA. In such cases, we enter into Business Associate Agreements that define our obligations for protecting PHI.
In the unlikely event of a data breach involving your PHI, we will notify you and relevant authorities as required by HIPAA and applicable state laws. Notification will occur without unreasonable delay and no later than 60 days after discovery of a breach.
Breach notifications will include: a description of what happened, the types of information involved, steps you can take to protect yourself, what we are doing to investigate and mitigate harm, and contact information for questions.
You are responsible for maintaining the confidentiality of your login credentials and for all activity under your account. If you believe your account has been compromised, notify us immediately at info@evbohealth.com.
You agree not to misuse the Service. This includes (but is not limited to):
We retain information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, and for legitimate operational needs (such as security and audit logging). Retention periods may vary depending on data type and context.
By providing your phone number and consenting to SMS communications during registration, you agree to receive text messages from HealthFlow related to your health monitoring.
We may send you the following types of SMS messages:
Message frequency varies based on your health data, device readings, and configured alerts. You may receive multiple messages per day if abnormal readings are detected, or no messages on days when your health data is within normal ranges.
Message and data rates may apply depending on your mobile carrier plan. HealthFlow does not charge for SMS messages, but your carrier may charge standard messaging rates.
You can stop receiving SMS messages at any time by:
Important: Opting out of SMS messages means you will not receive critical health alerts via text. Ensure you have alternative means to monitor your health data.
For help with SMS messages, reply HELP to any message or contact us at info@evbohealth.com.
We use Twilio, a third-party telecommunications provider, to deliver SMS messages. Twilio processes your phone number and message content to deliver notifications. Twilio's use of your information is governed by their privacy policy, and we have a Business Associate Agreement in place to ensure HIPAA compliance.
We maintain records of your SMS consent, including the date and time you provided consent and the version of the consent language you agreed to. This information is retained for compliance and audit purposes.
If you close your account, we may disable access to the Service. We may retain certain information as required or permitted by law and for legitimate business purposes (for example, security logs, fraud prevention, and compliance). Where supported, you may request deletion of certain data by contacting us.
If you access the Service from outside the United States, your information may be processed and stored in the United States or other locations where our service providers operate. By using the Service, you consent to such transfers, subject to applicable law.
We use reasonable administrative, technical, and physical safeguards designed to protect your information. No method of transmission or storage is 100% secure, so we cannot guarantee absolute security.
We may update this Privacy Policy from time to time. We will update the “Last Updated” date at the top. If changes are material, we may provide additional notice (such as an in-app notice or email), where appropriate.
If you have questions about this Privacy Policy or your data, contact us at info@evbohealth.com.