Last updated November 24, 2024
This privacy notice for FemmFlo Limited (‘we‘, ‘us‘, or ‘our‘), describes how and why we might collect,
store, use, and/or share (‘process‘) your information when you use our services (‘Services‘), such as
when you:
Visit our website at https://www.femmflo.com/ , or any website of ours that links to this privacy notice
Engage with us in other related ways, including any sales, marketing, or events
Questions or concerns? Reading this privacy notice will help you understand your privacy rights and
choices. If you do not agree with our policies and practices, please do not use our Services. If you still
have any questions or concerns, please contact us at info@femmflo.com.
This privacy notice has been prepared in in accordance with the General Data Protection Regulation
(GDPR) and other application privacy laws, such as the South African, Protection of Personal
Information Act 4 of 2013 (POPIA).
For South African users, we warrant that all processing of personal information by FemmFlo is
conducted in accordance with the principles set out in POPIA. This includes ensuring that personal
information is processed lawfully and in a reasonable manner, collected for specific, explicitly defined,
and lawful purposes, limited to what is necessary, kept accurate and up to date, retained only for as
long as necessary, and protected by appropriate security safeguards to prevent loss, unauthorised
access, or unlawful processing.
01 What information do we collect?
Personal information you disclose to us.
We collect personal information that you voluntarily provide to us when you register on the Services,
express an interest in obtaining information about us or our products and Services, when you
participate in activities on the Services, or otherwise when you contact us.
Personal Information Provided by You.
The personal information that we collect depends on the context of your interactions with us and the
Services, the choices you make, and the products and features you use. The personal information we
collect may include the following:
names
phone numbers
email addresses
job titles
usernames
passwords
contact preferences
contact or authentication data
billing addresses
debit/credit card numbers
Sensitive Information. In providing our services, we may process health-related data that qualifies as
sensitive personal information under applicable data protection laws. This may include information
about your health, lifestyle, or other related data that you voluntarily provide to us. We process such
sensitive information only with your explicit consent, as necessary to deliver our services, or as
otherwise permitted by law. We are committed to implementing strict security measures, including
encryption, access controls, and secure data storage, to protect your sensitive information.
Additionally, we limit access to sensitive data to authorised personnel only and ensure it is processed
in compliance with applicable legal requirements. .
Payment Data. We, through the use of a licensed payment processor, may collect data necessary to
process your payment if you make purchases, such as your payment instrument number, and the
security code associated with your payment instrument.
All personal information that you provide to us must be true, complete, and accurate, and you must
notify us of any changes to such personal information.
Information automatically collected.
We automatically collect certain information when you visit, use, or navigate the Services. This
information does not reveal your specific identity (like your name or contact information) but may
include device and usage information, such as your IP address, browser and device characteristics,
operating system, language preferences, referring URLs, device name, country, location, information
about how and when you use our Services, and other technical information. This information is
primarily needed to maintain the security and operation of our Services, and for our internal analytics
and reporting purposes.
Like many businesses, we also collect information through cookies and similar technologies. You can
find out more about this in our Cookie Policy.
The information we collect includes:
Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance
information our servers automatically collect when you access or use our Services and which we
record in log files. Depending on how you interact with us, this log data may include your IP address,
device information, browser type, and settings and information about your activity in the Services
(such as the date/time stamps associated with your usage, pages and files viewed, searches, and
other actions you take such as which features you use), device event information (such as system
activity, error reports (sometimes called ‘crash dumps’ ), and hardware settings).
Device Data. We collect device data such as information about your computer, phone, tablet, or other
device you use to access the Services. Depending on the device used, this device data may include
information such as your IP address (or proxy server), device and application identification numbers,
location, browser type, hardware model, Internet service provider and/or mobile carrier, operating
system, and system configuration information.
Location Data. We collect location data such as information about your device’s location, which can
be either precise or imprecise. How much information we collect depends on the type and settings of
the device you use to access the Services. For example, we may use GPS and other technologies to
collect geolocation data that tells us your current location (based on your IP address). You can opt out
of allowing us to collect this information either by refusing access to the information or by disabling
your Location setting on your device. However, if you choose to opt out, you may not be able to use
certain aspects of the Services.
Anonymised Data. FemmFlo may process anonymised data for a variety of purposes, including
developing and training AI models, enhancing and testing new features, conducting internal and
external research, performing analytics, and sharing with third parties for research, benchmarking, or
statistical purposes. Such processing is always carried out in a manner that ensures individuals
cannot be re-identified. Data that has been anonymised is processed in such a way that it can no
longer be used to identify you, either directly or indirectly. As a result, anonymised data does not
constitute personal information and is not subject to the same data protection obligations under
applicable privacy laws.
02 How do we process your information?
We process your personal information for a variety of reasons, depending on how you interact with
our Services, including:
To facilitate account creation and authentication and otherwise manage user accounts. We may
process your information so you can create and log in to your account, as well as keep your account
in working order.
To deliver and facilitate delivery of services to the user. We may process your information to provide
you with the requested service.
To provide personalised women’s health care plans. We may process your information, including
hormone levels, lab results, and mental health data, to generate and deliver individualised care plans
tailored to your specific health needs.
To integrate and analyse hormone, lab, and mental health data. We may process your information to
enable the integration, analysis, and visualization of your health data for improved health insights and
recommendations.
To support mental health and wellness. We may process your information to offer mental health
resources, guided support, and recommendations as part of your care plan.
To respond to user inquiries/offer support to users. We may process your information to respond to
your inquiries and solve any potential issues you might have with the requested service.
To send administrative information to you. We may process your information to send you details about
our products and services, changes to our terms and policies, and other similar information.
To fulfil and manage your orders. We may process your information to fulfil and manage your orders,
payments, returns, and exchanges made through the Services.
To enable user-to-user communications. We may process your information if you choose to use any of
our offerings that allow for communication with another user.
To save or protect an individual’s vital interest. We may process your information when necessary to
save or protect an individual’s vital interest, such as to prevent harm.
To conduct research and improve our services. We may process your information to conduct
scientific, medical, and product research, as well as to develop, test, and enhance our AI algorithms
and service offerings.
To perform analytics and generate insights. We may process your information to analyse usage
patterns, health trends, and outcomes in order to provide aggregated insights and improve user
experience.
To communicate with you about updates, offers, and health-related content. We may process your
information to send you notifications, newsletters, and other communications relevant to your use of
the app and your health interests.
To comply with legal, regulatory, and contractual obligations. We may process your information as
required by applicable laws, regulations, or contractual commitments, including responding to lawful
requests and protecting our legal rights.
To ensure security and prevent fraud. We may process your information to monitor, detect, and
prevent security incidents, fraud, and abuse of our Services.
To provide marketing and promotional materials. We may process your information to offer you
information about products, services, or promotions that may be of interest to you, subject to your
communication preferences and applicable law.
We will only use your personal information for the purposes for which we collected it, unless we
reasonably consider that we need to use it for another reason and that reason is compatible with the
original purpose.
If we need to use your personal information for an unrelated purpose, we will notify you and we will
explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in
compliance with the above rules and where required or permitted by law.
AI Usage. We use artificial intelligence (AI) technologies within our Services to analyse your health
data, including hormone levels, laboratory results, and mental health information, in order to generate
personalised care plans, provide tailored health insights, and support your wellness journey. Our AI
systems process your data to identify patterns, offer recommendations, and enhance the accuracy
and relevance of our services. We may also use anonymised or aggregated data to improve and train
our AI models, develop new features, and advance research, ensuring that such data cannot be used
to identify you. All AI-driven processing is conducted in accordance with applicable data protection
laws, and we implement appropriate safeguards to protect your privacy and ensure transparency. We
do not use AI for automated decision-making that produces legal or similarly significant effects without
human involvement. If you have questions about our use of AI or wish to opt out of certain AI-driven
features, please contact us using the details provided in this notice.
03 What legal bases do we rely on to process your personal information?
The GDPR and UK GDPR require us to explain the valid legal bases we rely on in order to process
your personal information. As such, we may rely on the following legal bases to process your personal
information:
Consent. We may process your information if you have given us permission (i.e. consent) to use your
personal information for a specific purpose. You can withdraw your consent at any time.
Performance of a Contract. We may process your personal information when we believe it is
necessary to fulfil our contractual obligations to you, including providing our Services or at your
request prior to entering into a contract with you.
Legitimate Interests. We may process your information when we believe it is reasonably necessary to
achieve our legitimate business interests and those interests do not outweigh your interests and
fundamental rights and freedoms. For example, we may process your personal information to meet
our business and operational requirements.
Legal Obligations. We may process your information where we believe it is necessary for compliance
with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency,
exercise or defend our legal rights, or disclose your information as evidence in litigation in which we
are involved.
Vital Interests. We may process your information where we believe it is necessary to protect your vital
interests or the vital interests of a third party, such as situations involving potential threats to the safety
of any person.
In legal terms, we are generally the ‘data controller’ under European data protection laws of the
personal information described in this privacy notice, since we determine the means and/or purposes
of the data processing we perform. This privacy notice does not apply to the personal information we
process as a ‘data processor’ on behalf of our clients. In those situations, the client that we provide
services to and with whom we have entered into a data processing agreement is the ‘data controller’
responsible for your personal information, and we merely process your information on their behalf in
accordance with your instructions. If you want to know more about our clients’ privacy practices, you
should read their privacy policies and direct any questions you have to them.
04 When and with whom do we share your personal information?
We may need to share your personal information in the following situations:
Business Transfers. We may share or transfer your information in connection with, or during
negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our
business to another company.
Affiliates. We may share your information with our affiliates, in which case we will require those
affiliates to honour this privacy notice. Affiliates include any subsidiaries, joint venture partners, or
other companies that we control or that are under common control with us.
Business Partners. We may share your information with our business partners to offer you certain
products, services, or promotions.
Service Providers and Laboratories. We may share your personal information with service providers
who provide their services to us, such as software providers, cloud hosting and analytics providers, as
well as accredited laboratories (including Epicentre, ODX, and YourBio) for processing and analysing
lab samples.
Professional Advisers. We may share your information with professional advisors acting as
processors including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal,
insurance and accounting services as required.
Medical and Wellness Professionals. We may share your information with medical or wellness
professionals who support the interpretation of your results and provide guidance as part of your care
plan.
Regulatory Authorities. We may share your information with regulatory authorities or government
agencies where required by law or regulation.
We require all third parties to respect the security of your personal information and to treat it in
accordance with the law. We do not allow our third-party service providers to use your personal
information for their own purposes and only permit them to process your personal information in
accordance with our instructions and standards.
05 International Transfers
We operate within both the UK and South Africa and may therefore transfer personal information
between these regions. We may also share and process personal information outside of the UK or
South Africa for the purpose of cloud storage or to engage with third party service providers such as
software providers and contractors.
If we transfer your personal information out of your country of residence, we will ensure a similar
degree of protection is afforded to it by ensuring appropriate safeguards are implemented which
ensure personal information is processed and secured lawfully.
06 Do we use cookies and other tracking technologies?
We may use cookies and similar tracking technologies (like web beacons and pixels) to access or
store information. Specific information about how we use such technologies and how you can refuse
certain cookies is set out in our Cookie Policy.
07 How long do we keep your information?
We will retain your personal information, including any health-related data, for as long as it is
necessary to fulfil the purposes outlined in this privacy notice, unless a longer retention period is
required or permitted by law (e.g., for tax, legal, or accounting purposes). For example, we may retain
your data for the duration of your account’s active status and for a reasonable period after
deactivation to comply with our legal obligations or resolve disputes. When we no longer have an
ongoing legitimate business need to process your personal information, we will securely delete,
anonymise, or isolate it from further processing. In cases where deletion is not possible (e.g., due to
backup storage), we will ensure your data is securely stored and protected from unauthorised access.
Account Deletion. You may delete your account at any time by logging into your account settings and
selecting the option to delete your account, or by contacting us at info@femmflo.com with your
request. Once your account is deleted, your personal information will be removed from our active
databases within 30 days, unless a longer retention period is required by law. Please note that certain
data may be retained in backup or archival systems for up to 90 days after deletion for security,
compliance, and disaster recovery purposes. During this period, your data will be securely stored and
protected from unauthorised access, and will not be used for any other purpose before being
permanently deleted from all systems.
08 How do we keep your information safe?
We have implemented appropriate and reasonable technical and organisational security measures
designed to protect the security of any personal information we process. However, despite our
safeguards and efforts to secure your information, no electronic transmission over the internet or
information storage technology can be guaranteed to be 100% secure, so we cannot promise or
guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat
our security and improperly collect, access, steal, or modify your information. Although we will do our
best to protect your personal information, transmission of personal information to and from our
Services is at your own risk. You should only access the Services within a secure environment.
09 Do we collect information from minors?
We do not knowingly solicit data from or market to children under 18 years of age. By using the
Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor
and consent to such minor dependent’s use of the Services. If we learn that personal information from
users less than 18 years of age has been collected, we will review the account and request affirmative
consent from a parent or guardian before allowing continued use of the Services. If you become
aware of any data we may have collected from children under age 18, please contact us at
info@femmflo.com
10 What are your privacy rights?
In some regions, such as the European Economic Area (EEA), United Kingdom (UK), and South
Africa, you have rights that allow you greater access to and control over your personal information.
You may review, change, or terminate your account at any time.
As a user, you have certain rights regarding your personal information under applicable data
protection laws. These rights may include the ability to:
Access and obtain a copy of the personal data we hold about you.
Request correction of inaccurate or incomplete data.
Request the deletion or anonymisation of your data where it is no longer necessary for the purposes
for which it was collected.
Restrict or object to the processing of your personal data in certain circumstances.
Withdraw your consent where we rely on it as the legal basis for processing.
Request data portability to transfer your information to another service provider.
To exercise your rights, please contact us using the information provided in this policy. We will
respond to your request in accordance with applicable laws and may require you to verify your identity
before fulfilling your request. Please note that some rights may be subject to limitations under the law.
If you believe we are unlawfully processing your personal information, you also have the right to
complain to your Member State data protection authority, UK data protection authority, or the South
African Information Regulator. We would, however, appreciate the chance to deal with your concerns
before you approach any such regulator, so please contact us in the first instance.
Withdrawing your consent:
If we are relying on your consent to process your personal information you have the right to withdraw
your consent at any time. You can withdraw your consent at any time by contacting us by using the
contact details provided or updating your preferences.
However, please note that this will not affect the lawfulness of the processing before its withdrawal
nor, when applicable law allows, will it affect the processing of your personal information conducted in
reliance on lawful processing grounds other than consent.
Opting out of marketing and promotional communications:
You can unsubscribe from our marketing and promotional communications at any time by clicking on
the unsubscribe link in the emails that we send. You will then be removed from the marketing lists.
However, we may still communicate with you, for example, to send you service-related messages
that are necessary for the administration and use of your account, to respond to service requests, or
for other non-marketing purposes.
Account Information
If you would at any time like to review or change the information in your account or terminate your
account, you can:
Log in to your account settings and update your user account.
Contact us using the contact information provided.
Upon your request to terminate your account, we will deactivate or delete your account and
information from our active databases. However, we may retain some information in our files to
prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or
comply with applicable legal requirements.
Cookies and similar technologies:
Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set
your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject
cookies, this could affect certain features or services of our Services. You may also opt out of interest-
based advertising by advertisers on our Services. For further information, please see our Cookie
Policy.
11 Controls for do-not-track features
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-
Track (‘DNT’) feature or setting you can activate to signal your privacy preference not to have data
about your online browsing activities monitored and collected. At this stage no uniform technology
standard for recognising and implementing DNT signals has been finalised. As such, we do not
currently respond to DNT browser signals or any other mechanism that automatically communicates
your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in
the future, we will inform you about that practice in a revised version of this privacy notice.
12 Updates to this privacy notice
We may update this privacy notice from time to time. The updated version will be indicated by an
updated ‘Revised’ date and the updated version will be effective as soon as it is accessible. If we
make material changes to this privacy notice, we may notify you either by prominently posting a notice
of such changes or by directly sending you a notification. We encourage you to review this privacy
notice frequently to be informed of how we are protecting your information
13 How can you contact us about this notice?
For UK and international users, FemmFlo Limited is the ‘data controller’ of your personal information.
For South African users, FemmFlo (Pty) Ltd is the ‘data controller’ of your personal information.
For both entities, we have appointed Tal A. to be our Data Protection Officer (DPO). You can contact
them directly regarding our processing of your personal information, by email at info@femmflo.com
14 How can you review, update, or delete the data we collect from you?
Based on the applicable laws of your country, you may have the right to request access to the
personal information we collect from you, change that information, or delete it. To request to review,
update, or delete your personal information,
