Privacy Policy



Privacy policy


Effective Date: September 3, 2016


Our company’s most important value is ‘Patients First’, which means that we are committed to protecting your privacy and we take great care with your personal information. This policy will help you understand how we use and protect your data. If you have any questions, feel free to contact us at Thank you so much for choosing Flume Health.


1. Introduction


Operay LLC. (“us,” “we,” or “Operay”) is committed to respecting the privacy rights of our customers, visitors, and other users of (the “Site”) and related websites, applications, services and mobile applications provided by Flume Health and on/in which this Privacy Policy is posted or referenced (collectively, the “Services”). We created this Privacy Policy (“Privacy Policy”) to give you confidence as you use the Services and to demonstrate our commitment to the protection of privacy. This Privacy Policy is only applicable to the Services. This Privacy Policy does not apply to any other website or digital service that you may be able to access through the Services or any website or digital services of Flume Health’s business partners, each of which may have data collection, storage and use practices and policies that may differ from this Privacy Policy. Your use of the Services is governed by this Privacy Policy and the Agreement (as the term “Agreement” is defined in our Terms of Use). Any capitalized term used but not defined in this Privacy Policy shall have the meaning in the Agreement.




2. Information We Collect


2.1 Personal Information Generally


Some of the Services require us to learn more about you so that we can best meet your needs. When you access the Services, we may ask you to voluntarily provide us certain information that personally identifies you or could be used to personally identify you (“Personal Information”). Personal Information includes (but is not limited to) the following categories of information: (1) contact data (such as your e-mail address and phone number); (2) demographic data (such as your gender, your date of birth, your home address and your zip code); (3) insurance data (such as your insurance carrier, insurance plan, member ID, group ID and payer ID); (4) medical data (such as the doctors, dentists or other healthcare specialists, professionals, providers, or organizations (collectively, “Healthcare Providers”) you have visited, your reasons for visit, your dates of visit, your medical history, and other medical and health information you choose to share with us); and (5) other identifying information that you voluntarily choose to provide to us, including without limitation unique identifiers such as passwords, and Personal Information in emails or letters that you send to us. We may also collect additional information, which may be Personal Information, as otherwise described to you at the point of collection or pursuant to your consent. You may still access and use some of the Services if you choose not to provide us with any Personal Information, but features of the Services that require your Personal Information will not be accessible to you.


2.2 Traffic Data


We also may automatically collect certain data when you use the Services, such as (1) IP address; (2) domain server; (3) type of device(s) used to access the Services; (4) web browser(s) used to access the Services; (5) referring webpage or other source through which you accessed the Services; (6) geolocation information; and (7) other statistics and information associated with the interaction between your browser or device and the Services (collectively “Traffic Data”). Depending on applicable law, some Traffic Data may be Personal Information.


2.3 HIPAA and PHI


Under a federal law called the Health Insurance Portability and Accountability Act (“HIPAA”), some demographic, health and/or health-related information that Flume Health collects as part of providing the Services may be considered “protected health information” or “PHI.” Specifically, when Flume Health receives identifiable information about you from or on behalf of your Healthcare Providers, this information is considered PHI.


HIPAA provides specific protections for the privacy and security of PHI and restricts how PHI is used and disclosed. Flume Health may only use and disclose your PHI in the ways permitted by your Healthcare Provider(s). In addition, you may be asked to e-sign the Flume Health authorization (the “Flume Health Authorization”). Your decision to e-sign the Flume Health Authorization is entirely voluntary. If you choose to e-sign the Flume Health Authorization, you agree that Flume Health may use and disclose your PHI in the same way it uses and discloses your Personal Information that is not PHI. These uses and disclosures are described in this Privacy Policy. To the extent any provision in the Flume Health Authorization is inconsistent with this Privacy Policy or other provisions of the Agreement, then the provision in the Flume Health Authorization only controls with respect to your PHI. If you do not e-sign the Flume Health Authorization, then your Personal Information that is not PHI is governed by this Privacy Policy and your Personal Information that is PHI is used and disclosed only as permitted by your Healthcare Provider(s).


All personal information related to your insurance plan, whether is is provided by the carrier, a trading partner, or another third party, is never stored on our servers. Services making use of this information are required to make a new request for each instance of the Service. This information is never stored nor communicated in a non-encrypted manner.


3. How We Collect Information


We collect information (including Personal Information and Traffic Data) when you use and interact with the Services, and in some cases from third party sources. Such means of collection include:


When you use the Services’ concierge, such as searching for Healthcare Providers and searching for available appointments with Healthcare Providers;

When you voluntarily provide information in conversations with a health guide  through the Services, including through SMS, phone or e-mail, or through responses to surveys, questionnaires and the like;

If you download and install certain applications and software we make available, we may receive and collect information transmitted from your computing device for the purpose of providing you the relevant Services, such as information regarding when you are logged on and available to receive updates or alert notices;

If you use a location-enabled browser, we may receive information about your location and mobile device, as applicable;

Through cookies, web beacons, website analytics services and other tracking technology (collectively, “Tracking Tools”), as described below; and

When you use the “Contact Us” function on the Site, send us an email or otherwise contact us.


We may also collect personal information from trading partners or directly form the insurance carriers with your prior written consent to the Benefits Insight program.


4. Tracking Tools and “Do Not Track”


4.1. Tracking Tools


We may use tools outlined below in order to provide our Services to, advertise to, and to better understand users.


Cookies: “Cookies” are small computer files transferred to your computing device that contain information such as user ID, user preferences, lists of pages visited and activities conducted while using the Services. We use Cookies to improve or tailor the Services or customize advertisements by tracking navigation habits, measuring performance, storing authentication status so re-entering credentials is not required, customizing user experiences with the Services and for analytics and fraud prevention. For more information on cookies, visit


Website Analytics: We may use third-party website analytics services in connection with the Services, including, for example, to register mouse clicks, mouse movements, scrolling activity and text typed into the Site. We use the information collected from these services to help make the Services easier to use and as otherwise set forth in Section 5 (Use of Information).These website analytics services generally do not collect Personal Information unless you voluntarily provide it and generally do not track your browsing habits across websites that do not use their services.

Mobile Device Identifiers: As with other Tracking Tools, mobile device identifiers help Flume Health learn more about our users’ demographics and internet behaviors. Mobile device identifiers are data stored on mobile devices that may track mobile device and data and activities occurring on and through it, as well as the applications installed on it. Mobile device identifiers enable collection of Personal Information (such as media access control, address and location) and Traffic Data.

4.2. Tracking Tools


We may use a type of advertising commonly known as interest-based or online behavioral advertising. This means that some of our partners use Tracking Tools to display Flume Health ads on other websites or services based on information about your use of the Services or your interests (as inferred from online activity). Such partners may include third-party service providers, advertisers, advertising networks or platforms, and agencies. Other Tracking Tools used by our partners may collect information when you use the Services, such as IP address, mobile device ID, operating system, browser, web page interactions, geographic location and demographic information, such as gender and age range. These Tracking Tools help Flume Health learn more about our users’ demographics and internet behaviors.


4.3. Options for Opting out of Cookies and Mobile Device Identifiers


Some web browsers (including some mobile web browsers) allow you to reject Cookies or to alert you when a Cookie is placed on your computer, tablet or mobile device. You may be able to reject mobile device identifiers by activating the appropriate setting on your mobile device. Although you are not required to accept Flume Health’s Cookies or mobile device identifiers, if you block or reject them, you may not have access to all features available through the Services.


You may opt out of receiving certain Cookies and certain trackers by visiting the Network Advertising Initiative (NAI) opt out page or the Digital Advertising Alliance (DAA) consumer opt-out page or by installing the DAA’s AppChoice app (for iOS; for Android) on your mobile computing device. When you use these opt-out features, an “opt-out” Cookie will be placed on your computer, tablet or mobile computing device indicating that you do not want to receive interest-based advertising from NAI or DAA member companies. If you delete Cookies on your computer, tablet or mobile computing device, you may need to opt out again. For information about how to opt out of interest-based advertising on mobile devices, please visit You will need to opt out of each browser and device for which you desire to apply these opt-out features.


Please note that even after opting out of interest-based advertising, you may still see Flume Health advertisements that are not interest-based (i.e., not targeted toward you). Also, opting out does not mean that Flume Health is no longer using Tracking Tools — Flume Health still may collect information about your use of the Services even after you have opted out of interest-based advertisements and may still serve advertisements to you via the Services based on information it collects via the Services.


4.4. How Flume Health Responds to Browser “Do Not Track” (DNT) Signals


Some web browsers (including Safari, Internet Explorer, Firefox and Chrome) incorporate a “Do Not Track” (DNT) or similar feature that signals to websites that a visitor does not want to have his/her online activity and behavior tracked. If a website operator elects to respond to a particular DNT signal, the website operator may refrain from collecting certain Personal Information about the browser’s user. Not all browsers offer a DNT option and there is currently no industry consensus as to what constitutes a DNT signal. For these reasons, many website operators, including Flume Health, do not proactively respond to DNT signals. For more information about DNT signals, visit


5. Use of Information


We may use information that is neither Personal Information nor PHI (including non-PHI Personal Information that has been de-identified and/or aggregated) to better understand who uses Flume Health and how we can deliver a better healthcare experience (for example, testing different kinds of emails has helped us understand when and how patients prefer to get Wellness Reminders for preventive care), or otherwise at our discretion.


We use information, including Personal Information, to provide the Services and to help improve the Services, to develop new services, and to advertise (for example, to display Flume Health ads on other websites). Such use may include:


  • Providing you with the products, services and information you request;

  • Responding to correspondence that we receive from you;

  • Contacting you when necessary or requested, including to remind you of an upcoming appointment;

  • Providing, maintaining, administering or expanding the Services, performing business analyses, or for other internal purposes to support, improve or enhance our business, the Services, and other products and services we offer;

  • Customizing or tailoring your experience of the Services

  • Notifying you about certain resources, Healthcare Providers or services we think you may be interested in learning more about;

  • Sending you information about Flume Health or our products or Services;

  • Sending emails and other communications that display content that we think will interest you and according to your preferences;

  • Combining information received from third parties with information that we have from or about you and use the combined information for any of the purposes described in this Privacy Policy;

  • Showing you advertisements, including interest-based or online behavioral advertising;

  • Using statistical information that we collect in any way permitted by law, including from third parties in connection with their commercial and marketing efforts; and

  • Fulfilling our legally required obligations, such as preventing, detecting and investigating security incidents and potentially illegal or prohibited activities.


6. Disclosure of Information


In certain circumstances, and in order to perform the Services, we may disclose certain information that we collect from you:


  • We may share your Personal Information with Healthcare Providers with whom you choose to schedule through the Services, if you elect to have this done for you. For example, if you complete a Medical History Form using the Services in advance of an appointment and elect to share it with your selected Healthcare Provider, we may share your Medical History Form with such selected Healthcare Providers.

  • Provided that you choose to use the applicable Services, we may share your Personal Information with your Healthcare Providers to enable them to refer you to and make appointments with other Healthcare Providers on your behalf or to perform analyses on potential health issues or treatments.

  • We may share your Personal Information with Healthcare Providers in the event of an emergency.

  • To make your information more securely and easily accessible to your Healthcare Providers, we may share your Personal Information with Health Information Exchanges and related organizations that collect and organize your information (such as Regional Health Information Organizations). The goal of such organizations is to facilitate access to health information to improve the safety, quality, and efficiency of patient-centered care. More information on Health Information Exchanges can be found here and here.

  • We do not sell email addresses to third parties. We may share your Traffic Data with our partners who perform operational services (such as hosting, billing, fulfillment, data storage, security, insurance verification, Website analytics, or ad serving) and/or who make certain services, features or functionality available to our users.

  • We may share your Personal Information with the insurance provider you identify to us (and via our partners) to determine eligibility and cost-sharing obligations, and otherwise obtain benefit plan information on your behalf. This will only be performed if you elect to participate in the optional Benefit Insights Program.

  • We may transfer your information to another company in connection with a merger, sale, acquisition or other change of ownership or control by or of Flume Health (whether in whole or in part). Should one of these events occur, we will make reasonable efforts to notify you before your information becomes subject to different privacy and security policies and practices.

  • We also may need to disclose your Personal Information or any other information we collect about you if we determine in good faith that such disclosure is needed to: (1) comply with or fulfill our obligations under applicable law, regulation, court order or other legal process; (2) protect the rights, property or safety of you, Flume Health or another party; (3) enforce the Agreement or other agreements with you; or (4) respond to claims that any posting or other content violates third-party rights.

  • We may disclose information that is neither Personal Information nor PHI (including non-PHI Personal Information that has been de-identified and/or aggregated) at our discretion.


7. Storage and Security of Information


The security of your Personal Information is important to us. We endeavor to follow generally accepted industry standards to protect the Personal Information submitted to us, both during transmission and in storage. For example, when you enter sensitive information on our Site, we encrypt that information using Secure Socket Layer (SSL) technology.


We store and process your information on our servers in the United States and abroad. We maintain industry standard backup and archival systems and ensure that in the case of a breach, no Personal Information can be read or compromised by a third party.


Although we make good faith efforts to store Personal Information in a secure operating environment that is not open to the public, we do not and cannot guarantee the security of your Personal Information. If at any time during or after our relationship we believe that the security of your Personal Information may have been compromised, we may seek to notify you of that development. If a notification is appropriate, we will endeavor to notify you as promptly as possible under the circumstances. This notification will occur via the contact methods disclosed by you: either phone, SMS, or email. Please keep your contact information  in your account up to date. You can update this information anytime by notifying your Care Guide through the Services.. If you receive a notice from us, you can print it to retain a copy of it. To receive these notices, you must check your e-mail account using your computer or mobile device and email application software. You consent to our use of e-mail as a means of such notification.

8. Controlling Your Personal Information & Notifications


If you are a registered user of the Services, you can modify certain Personal Information or account information by contacting your Care Guide. If you wish to close your account, please email us at hello@Flume Flume Health will delete your account and the related information at your request as soon as reasonably possible. Please note, however, that Flume Health reserves the right to retain information from closed accounts, including to comply with law, prevent fraud, resolve disputes, enforce the Agreement and take other actions permitted by law.


You must promptly notify us if any of your account data is lost, stolen or used without permission.


9. Information Provided on Behalf of Children and Others


The Services are not intended for use by children and children are prohibited from using the Services. Flume Health does not knowingly collect any information from children, nor are the Services directed to children.


By accessing, using and/or submitting information to or through the Services, you represent that you are not younger than age thirteen (13). If we learn that we have received any information directly from a child under age thirteen (13) without his/her parent’s written consent, we will use that information only to respond directly to that child (or his/her parent or legal guardian) to inform the child that he/she cannot use the Services, and we will subsequently delete that information.


If you are between age thirteen (13) and the age of majority in your place of residence, you may use the Services only with the consent of or under the supervision of your parent or legal guardian. If you are a parent or legal guardian of a minor child, you may, in compliance with the Agreement, use the Services on behalf of such minor child. Any information that you provide us while using the Services on behalf of your minor child will be treated as Personal Information as otherwise provided herein.


If you use the Services on behalf of another person, regardless of age, you agree that Flume Health may contact you for any communication made in connection with providing the Services or any legally required communications. You further agree to forward or share any such communication with any person for whom you are using the Services on behalf.


10. Other Websites


The Services contain links to or embedded content from third party website. A link to or embedded content from a non-Flume Health website does not mean that we endorse that website, the quality or accuracy of information presented on the non-Flume Health website or the persons or entities associated with the non-Flume Health website. If you decide to visit a third party website, you are subject to the privacy policy of the third party website as applicable and we are not responsible for the policies and practices of the third party website. We encourage you to ask questions before you disclose your information to others.


You may have arrived at the Services from, or began your use of the Services at, a third party website, including a third party website that links to Flume Health or embeds Flume Health content. The presence of such links or content on third party websites does not mean that we endorse that website, the quality or accuracy of information presented on the non-Flume Health website or the persons or entities associated with the non-Flume Health website. You may be subject to the privacy policy of the third party website as applicable and we are not responsible for the policies and practices of the third party websites. In addition, the policies and practices of third parties do not apply to your information, including Personal Information, obtained pursuant to this Privacy Policy.


11. Updates and Changes to Privacy Policy


The effective date of this Privacy Policy is set forth at the top of this webpage. We will notify you of any material change by posting notice on this webpage. Your continued use of the Services after the effective date constitutes your acceptance of the amended Privacy Policy. We encourage you to periodically review this page for the latest information on our privacy practices. Any amended Privacy Policy supersedes all previous versions. IF YOU DO NOT AGREE TO FUTURE CHANGES TO THIS PRIVACY POLICY, YOU MUST STOP USING THE SERVICES AFTER THE EFFECTIVE DATE OF SUCH CHANGES.


12. Contacts


If you have any comments, concerns or questions about this Privacy Policy, please contact us at Hello@Flume