Welcome

PatientFlow AI™

PatientFlow AI\u2122

Legal

Privacy Policy

Last updated: May 2025

We take data privacy and patient confidentiality seriously. PatientsFlow AI is designed with secure infrastructure and GDPR-conscious processes suitable for modern private healthcare environments.

This Privacy Policy explains how PatientsFlow AI (“we”, “us”, “our”) collects, uses, stores, and protects personal data when you use our website at www.patientsflow.co.uk and our AI automation platform.

1. Who We Are

PatientsFlow AI is a UK-based AI automation platform designed for private healthcare clinics, cosmetic dental practices, aesthetic clinics, and related healthcare businesses. We are the data controller for personal data collected through our website.

Contact: [email protected]

2. Data We Collect

We may collect the following categories of personal data:

  • Contact information — name, email address, phone number, and country provided via our enquiry form.
  • Enquiry content — details of the enquiry or message you submit.
  • Usage data — pages visited, time on site, browser type, and IP address collected via cookies and analytics tools.
  • Communication records — records of any correspondence you have with us.

3. How We Use Your Data

We process your personal data for the following purposes:

  • To respond to your enquiries and provide information about our platform.
  • To arrange and conduct demonstration walkthroughs.
  • To send relevant follow-up communications where you have expressed interest.
  • To improve our website and platform through analytics.
  • To comply with legal obligations.

Our lawful basis for processing is primarily legitimate interests (responding to business enquiries) and consent where applicable.

4. AI Automation Processing

Our platform uses AI-powered automation systems to process enquiry information and generate responses. When clinic clients use our platform to handle patient enquiries, we act as a data processor on their behalf under GDPR Article 28. Full Data Processing Agreements (DPAs) are available for all clinic clients.

AI-generated communications are produced automatically and are intended to assist — not replace — human review and clinical decision-making. Our platform does not provide medical advice.

5. Third-Party Integrations

Our platform integrates with the following third-party services. Each has its own privacy policy and data handling practices:

  • OpenAI — AI language model processing.
  • HeyGen — AI video generation.
  • GoHighLevel — CRM and workflow automation.
  • WhatsApp Business (Meta) — Messaging and communication.
  • Twilio — SMS and communication services.
  • Make.com — Workflow automation.
  • Zoho — CRM and business tools.
  • Stripe — Payment processing.
  • Google Cloud — Cloud infrastructure.

We only share your data with third parties where necessary to deliver our services or where required by law.

6. Cookies and Tracking

Our website uses cookies and similar tracking technologies to understand how visitors use our site and to improve your experience. These may include:

  • Essential cookies — required for basic site functionality.
  • Analytics cookies — to understand site usage (e.g. Google Analytics).
  • Marketing cookies — where you have consented to targeted communications.

You can control cookie preferences through your browser settings.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • 256-bit TLS encryption for data in transit.
  • Encrypted storage for data at rest.
  • UK-hosted infrastructure with controlled access systems.
  • Regular security reviews and access controls.
  • GDPR-conscious operational processes.

8. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy, or as required by law. Enquiry data is typically retained for up to 24 months unless you request earlier deletion.

9. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access — request a copy of the data we hold about you.
  • Right to rectification — request correction of inaccurate data.
  • Right to erasure — request deletion of your data.
  • Right to restrict processing — request we limit how we use your data.
  • Right to data portability — receive your data in a portable format.
  • Right to object — object to processing based on legitimate interests.

To exercise any of these rights, contact us at [email protected]. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Continued use of our website after changes constitutes acceptance of the updated policy.

11. Contact Us

For any privacy-related enquiries or to exercise your rights, contact:

PatientsFlow AI

United Kingdom

[email protected]