top of page
rf6 logo.jpg

The Post-Acute CRM for Home Health and Hospice

Privacy Policy

Last updated: 11/30/2025

This Privacy Policy describes how ReferralFlow (“ReferralFlow,” “we,” “our,” or “us”) collects, uses, stores, and protects information when you use our website, platform, and services (collectively, the “Services”). By accessing or using the Services, you agree to the terms described in this Privacy Policy.

ReferralFlow is designed as a workflow and analytics platform for post-acute operators. The system is not intended for the collection, storage, or transmission of Protected Health Information (“PHI”) as defined by HIPAA. We do not request, require, or permit users to store PHI within the platform. Any PHI entered into the system in violation of this policy is the sole responsibility of the user or organization.

1. Information We Collect

1.1 Information You Provide

We collect the information you provide when creating an account, updating your profile, submitting forms, interacting with support, or using features of the platform. This may include:

• Name

• Email address

• Organization information

• Role or title

• Basic account or facility metadata (not PHI)

• Notes or visit descriptions that do not contain patient-identifying information

• Uploaded files that do not contain PHI

We do not allow the storage, entry, or transmission of patient names, dates of birth, medical record numbers, addresses, diagnoses, or any other PHI.

1.2 Automatically Collected Information

When you use the Services, we may automatically collect:

• Log data (browser type, IP address, date/time of access)

• Device information

• Usage activity and feature interactions

• Cookies and similar technologies to support basic functionality

1.3 Third-Party Information

We may collect limited information from third-party services you choose to integrate, subject to their respective policies and your permissions. We do not integrate with any systems that transmit PHI.

2. How We Use Information

We use the information we collect to:

• Provide, operate, and maintain the Services

• Improve and optimize platform performance

• Authenticate users and manage accounts

• Communicate updates, support information, and relevant content

• Monitor usage trends and analyze aggregated, non-identifiable data

• Enhance security and prevent misuse

• Develop new features and tools

We do not sell your information.

3. How We Share Information

We may share information only in the following circumstances:

• With service providers who support platform functionality (hosting, analytics, support tools)

• With your organization’s administrators if your account is managed by an employer

• To comply with legal obligations, enforce our terms, or protect the security and integrity of the platform

• In aggregated and de-identified form for product improvement and analytics

We do not share PHI because PHI is not permitted on the platform.

4. Data Storage and Security

We use commercially reasonable physical, technical, and administrative safeguards to protect the information stored in the platform. However, no method of electronic storage or transmission is completely secure.

Your organization is responsible for ensuring no PHI or HIPAA-regulated data is entered into the platform.

5. Your Choices and Rights

You may:

• Access and update your account information

• Request deletion of your account data

• Export available non-PHI data

• Manage email preferences

To exercise these rights, contact us at hello@referralflow.com.

6. Data Retention

We retain information for as long as:

• Your organization maintains an active account,

• Required to provide the Services, or

• Necessary to comply with applicable laws, enforce agreements, or maintain audit records.

Aggregated or anonymized data may be retained indefinitely.

7. Children’s Privacy

The Services are not intended for children under 18, and we do not knowingly collect information from minors.

8. HIPAA and PHI Notice

ReferralFlow is not a HIPAA-covered entity or Business Associate. The platform is not designed to store or transmit PHI. Users and organizations must ensure no PHI or patient-identifying information is entered into the system.

Users who enter PHI in violation of this requirement assume full responsibility for the data and any compliance obligations.

9. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised “Last Updated” date.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us:

ReferralFlow

hello@referralflow.com

(805) 555-0100

bottom of page