Last updated: May 7, 2026

Novoflow provides AI workflow automation tools for medical clinics and other businesses. This Privacy Policy explains how Novoflow handles information when clinics, staff, patients, website visitors, or users interact with Novoflow websites, dashboards, AI voice agents, workflow automation tools, SMS features, and related services.

Novoflow is not a healthcare provider and does not make medical decisions. When we process protected health information on behalf of a healthcare customer, we act as that customer’s service provider and, where applicable, as a business associate under a written Business Associate Agreement.

Information We Collect

We may collect account and contact information, authentication data, workspace and workflow configuration, support messages, billing and contract information, device and log data, and information needed to operate integrations selected by our customers.

Depending on a customer’s configuration, Novoflow may process call metadata, recordings, transcripts, SMS consent records, scheduling details, EHR screen data, patient identifiers, and other information provided during automated workflows.

How We Use Information

We use information to provide, secure, monitor, troubleshoot, and improve the services; authenticate users; operate AI agents and workflow automations; process calls and messages; maintain audit logs; provide customer support; comply with legal obligations; enforce agreements; and generate aggregated or de-identified operational insights.

Protected Health Information

When Novoflow processes protected health information for a healthcare customer, we use and disclose that information only as permitted by our agreement with that customer, the applicable Business Associate Agreement, and applicable law.

Novoflow applies safeguards designed for healthcare workflows, including encryption in transit and at rest where supported, role-based access controls, audit logging, PHI redaction controls, and access limitation practices. We do not sell protected health information or use it for third-party marketing.

SMS and Voice Communications

If a caller agrees to receive a follow-up SMS message, we may store the caller’s phone number, consent record, and message metadata to send the requested message and maintain opt-in evidence. Message frequency varies by interaction. Recipients can reply STOP to opt out and HELP for help where supported.

How We Share Information

We may share information with the customer that configured the workflow, authorized users, service providers and subprocessors that help us operate the services, security and infrastructure vendors, telephony and messaging providers, professional advisers, and government or legal authorities when required. We may also transfer information in connection with a merger, financing, acquisition, or sale of assets.

Retention

We retain information for as long as needed to provide the services, meet contractual and legal obligations, maintain security and audit records, resolve disputes, and enforce agreements. Retention periods may vary by customer configuration, data type, and applicable Business Associate Agreement.

Your Choices and Rights

Authorized users can request access, correction, export, or deletion of account information by contacting Novoflow or the relevant customer administrator. Patients seeking access to, correction of, or restrictions on their medical information should contact the clinic or healthcare provider that controls the record.

Security

We use administrative, technical, and organizational safeguards designed to protect information. No system is perfectly secure, and customers remain responsible for configuring workflows, access rights, integrations, and patient communications in a lawful and appropriate manner.

Changes

We may update this Privacy Policy from time to time. If changes are material, we will take reasonable steps to notify customers, such as posting an updated policy or providing notice through the services.