Effective Date: 14.04.2026
Website: https://health-flow.co/
1. Information We Collect
We may collect the following categories of information:
Account Data: name, email address, password.
Payment Data: payment method, billing information (processed via third-party payment providers; we do not store full credit card details). Payments are processed securely by our authorised payment partners (e.g., Stripe, PayPal, or equivalent PCI DSS-certified providers). We do not store full card numbers or CVV data.
Usage Data: IP address, browser type, device identifiers, website activity logs.
Content Data: preferences, purchased content, creator activity.
Communications: inquiries, support requests, or messages sent to us.
We collect this information only as necessary to operate your account and provide access to educational content.
2. How We Use Information
We use collected data to:
Provide and manage your account and access to Content.
Process payments and credits transactions.
Communicate with you (account notices, service updates, marketing where permitted).
Improve the Website (analytics, performance monitoring).
Enforce our Terms & Conditions and prevent fraud or abuse.
Comply with legal and regulatory obligations.
Comply with payment-network (Visa/Mastercard) and anti-fraud monitoring obligations
3. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA) or the UK, we process your personal data on the following legal bases:
Performance of a contract (providing access to Content).
Compliance with legal obligations (tax, accounting, AML requirements).
Legitimate interests (fraud prevention, Website improvement, security).
Consent (for optional marketing communications, cookies, etc.).
Where your account remains inactive, we may retain limited information under our legitimate interests for fraud prevention and compliance.
4. Sharing of Information
We may share your data with:
Payment processors (for transactions).
Service providers (IT support, hosting, analytics).
Regulatory authorities (if legally required).We do not sell or rent your personal data.
All processors are bound by written Data Processing Agreements ensuring GDPR-compliant security and confidentiality.
5. Cookies & Tracking
We use cookies in accordance with the UK Privacy and Electronic Communications Regulations (PECR). You can manage or withdraw consent anytime via our cookie settings. See our detailed Cookie Policy
Usage Data may be processed based on our legitimate interests (analytics, security) and, for non-essential cookies, only with your consent.
6. Marketing & Communications
We may send you service-related emails (account, transactions, updates).
With your consent, we may send marketing communications.
You may opt-out at any time via “unsubscribe” links or by contacting us.
We only send marketing communications where you have opted in, or under the ‘soft opt-in’ exemption for existing customers, in compliance with PECR.
7. Children’s Privacy
Our Service is not directed to individuals under the age of 18.We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will delete it.
8. Data Storage & Security
Your data is stored on secure servers located in the United Kingdom and the European Union.
9. Data Retention
We retain your personal data as long as your account is active or as needed to:
Provide access to Content,
Comply with legal obligations,
Resolve disputes and enforce agreements.
We retain personal data for up to 6 years after account closure unless longer retention is required by law.
10. Data Subject Rights
You may request to:
Access a copy of your personal data.
Correct or update inaccurate data.
Request deletion of your data (“right to be forgotten”).
Restrict or object to processing
11. Data Breach Procedures
In the event of a personal data breach:
We will notify affected users without undue delay if there is a high risk to their rights and freedoms.
We will comply with applicable legal notification requirements (e.g., GDPR 72-hour rule).
We notify the UK Information Commissioner’s Office (ICO) within 72 hours where legally required.”
12. International Transfers
If data is transferred outside your jurisdiction, we ensure appropriate safeguards (e.g., EU Standard Contractual Clauses).
For transfers from the UK, we apply the UK International Data Transfer Addendum to the EU Standard Contractual Clauses
13. Updates to Policy
We may update this Privacy Policy from time to time. Updates will be posted on this page with a new effective date.
If we make material updates, we will notify you by email or through your account dashboard.