Privacy Policy

Effective Date: August 1, 2025
Last Updated: August 1, 2025

1. Introduction

Curaflow, Inc. (“Curaflow,” “we,” “us,” or “our”) is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit www.curaflow.ai (the “Website”) or otherwise interact with our consulting services that curate and recommend AI-powered note-taking applications for healthcare professionals (collectively, the “Services”).

This Policy applies to all users of our Services—including healthcare practitioners, medical organizations, and other visitors. Although Curaflow does not handle patient data, we understand the sensitive nature of healthcare-related information and strive to meet or exceed the requirements of applicable privacy laws (HIPAA, CCPA/CPRA, GDPR) and industry best practices.

2. Our Commitment to HIPAA Compliance

Curaflow acts only as an educational and matchmaking platform and does not access, store, or process Protected Health Information (PHI) as defined by HIPAA. We introduce healthcare providers to third-party AI note-taking vendors. Each vendor maintains its own HIPAA compliance program and will execute a Business Associate Agreement (BAA) directly with you, where required.

3. Information We Collect

3.1 Information You Provide Directly

We collect information you voluntarily provide, such as:

• Professional Information: name, specialty, medical-license number, practice name, professional title
• Contact Information: email, phone, business address
• Practice Details: type of practice, number of practitioners, current documentation methods
• Preferences: note-taking needs, workflow preferences

3.2 Information Collected Automatically

When you use the Website we automatically collect:

• Device & Usage Data: IP address, browser type, operating system, pages visited, time on page
• Analytics & Cookies: we use Google Analytics and similar tools. You can block cookies or install Google’s opt-out browser add-on at any time.

3.3 Information from Third Parties

With your authorization we may receive professional information from:

• Public licensing directories
• Verification or marketing partners
• Selected AI vendors after you request an introduction

4. How We Use Your Information

We use information to:

• Provide tailored recommendations and resources
• Respond to inquiries and send service updates
• Improve our Website and analytics
• Maintain security and comply with law

Curaflow does not sell or license software. If we enter an affiliate relationship in the future, we will update this Policy at least 30 days before any referral or affiliate data sharing begins.

5. Information Sharing & Disclosure

We share information only:

• With your explicit consent (e.g., introducing you to a vendor)
• With service providers under contract who perform functions for us (cloud hosting, email delivery, CRM)
• To comply with law or protect rights (court orders, subpoenas)
• During a business transfer (merger, acquisition) with notice to you
• In aggregated or de-identified form that cannot reasonably identify you

Curaflow does not sell personal information.

6. Data Security & Breach Notification

We employ reasonable technical, administrative, and physical safeguards, including TLS/SSL encryption in transit, role-based access, and employee confidentiality agreements. If we discover a data breach involving personal information, we will notify affected users and regulators as required by applicable law and our Incident Response Policy.

7. Your Rights & Choices

You may:

• Access or correct your personal data
• Opt-out of marketing emails via the unsubscribe link
• Request deletion of your data (subject to legal retention)
• Block analytics cookies in your browser

We retain inquiry and account data for up to three (3) years after your last interaction unless a longer period is required by law or necessary to resolve disputes.

Additional rights may apply depending on your location:

• California (CCPA/CPRA): Curaflow does not sell or share personal information. You can request disclosure or deletion without discrimination.
• EU/EEA (GDPR): You may exercise data-portability, restriction, or objection rights and lodge a complaint with a supervisory authority.

8. Children’s Privacy

Our Services are not directed to individuals under 18. We do not knowingly collect data from children; if we become aware of such collection, we will delete it promptly.

9. International Users

If you access the Services from outside the United States, your data will be processed in the U.S. We use standard contractual clauses and other lawful transfer mechanisms when required.

10. Third-Party Links

The Website may link to third-party AI vendors or resources. We are not responsible for their privacy practices and encourage you to review their policies—especially regarding HIPAA compliance and BAAs.

10.1 Testimonials

If you voluntarily provide a testimonial, review, or feedback about your experience with Curaflow, we may use your statements for marketing, educational, or promotional purposes. We will seek your written permission before disclosing your name, title, or any identifying details in public-facing materials. You may revoke permission at any time by contacting us at privacy@curaflow.ai.

11. Changes to This Policy

We may update this Policy periodically. Material changes will be announced via email (if you are a registered user) and a notice on the Website. Continued use of the Services after a change signifies acceptance.

12. Contact & Complaints

Curaflow, Inc.
Attn: Privacy Officer
Email: privacy@curaflow.ai

Unresolved privacy concerns:

• U.S.: Federal Trade Commission (FTC)
• EU/EEA: Your local data-protection authority
• California: Office of the Attorney General

13. Governing Law

This Policy is governed by the laws of the State of Florida, U.S.A., without regard to conflict-of-law principles.

Version 1.0 — Effective Date: August 1, 2025