En Español

Privacy Policy

VitalFlo, Inc.

Last modified: May 3rd, 2021

VitalFlo, Inc., a North Carolina corporation (“VFlo”) provides this Privacy Policy to inform you of our policies and procedures regarding the collection, use, and disclosure of personal information we receive from users who (i) access or use the website www.vitalflohealth.com and its associated webpages and subdomains, if any (collectively, the “Site”), (ii) download, access, or use our mobile applications, including VitalFlo Mobile (each, an “App”), and/or (iii) who use the services, software, applications, plug-ins, components, functionality, or programs provided or offered now or in the future by VFlo, including via the Site or Apps (collectively, the “Services”).

Certain of VFlo’s Services, including the VitalFlo Mobile App, are designed to work in conjunction with certain third party products and services, including a third party spirometer (each a “Device”) and intermediary software application (“Intermediary App”). The Device and Intermediary App are made available by our third party partners and such third party partners are solely responsible for the Device and Intermediary App, including their privacy and data policies.   

Throughout this Privacy Policy, “you” or “your” shall refer to any person or entity accessing or using the Site or the Services or downloading, accessing, or using any Apps, and, unless otherwise stated, “we,” “our” or “us” will refer collectively to VFlo and VFlo’s  subsidiaries, affiliates, directors, officers, members, employees, agents, and contractors. Through our Services, we provide users with tools for monitoring their asthma, asthma symptoms, information relating to a user’s lung health, environmental data that may affect a user’s asthma, asthma symptoms or lung health and for sharing such data and information with their Providers (as defined below).  All such activities, the Site, the Apps, your access or use of the Site, and/or your download, access, or use of any Apps, each constitute “Services” for purposes of this Privacy Policy. You are not required to provide any personal information in order to browse the Site and learn more about our company, technology, products and services.  However, if you do provide information to us through our Site, this Privacy Statement applies to all such information that you may provide or we may collect from you through the website.


This Privacy Policy may change from time to time.  If we change this Privacy Policy, we will update the “Last modified” date above and provide a notice about the update on applicable Apps.  Continued use of the Services after the effective date of a change to this Privacy Policy will be deemed to be your agreement to those changes.


Information that you provide.  When you register for and access or use the Services, (as defined in our Terms of Use), we may collect (1) personal information, including:‎ name, mailing address, email address, phone number, username, password, demographic information (such as your age, height, weight, gender, occupation); (2) your doctor’s name, practice name, address, and contact information (each, a “Provider”); (3) information about your asthma and lung health; (4) any other information you provide while accessing or using the Services; and (5) information that we automatically collect as described in this Privacy Policy.  Some of this information will be retrieved and saved on our systems and may include a user token or other persistent identifier. In connection with your use of the Services, we may ask you additional questions regarding your symptoms and other health, situational or environmental conditions, and your responses may be stored, processed and shared with your Providers by us and through the App.  Such information regarding your asthma and lung health, symptoms, Device Data (defined below), and responses to follow-up questions through the Services will be referred to herein as your “User Health Data”. 

Device Data. If you are using a Device and Intermediary App in connection with your use of the Services, your Device collects data to measure and monitor airflow into and out of your lungs, including air intake and exhalation and the speed of your breath (“Device Data”).  The data collected may vary depending on your Device and the settings you have chosen for your Device, the Intermediary App (such as iSpirometry®), or our App. You may share the Device Data from the Intermediary App to us through our App or our third party messaging provider.  You control how you wish to share this Device Data with us and your Providers.  This information may include date and time of usage from your Device and your responses to our follow up questions.  

Information that your Providers provide.  You understand and agree that the Providers may contact us or you, we may contact them or you, they may share with us or you, and we may share with them or you any information about you that is necessary or useful to enable us to provide the Services that you request of us.  Such information may include, among other information, User Health Data and other information described in the Information you provide paragraph above.  

Direct communications.  When you or your Providers send email, post information on or through the Site or Apps, or communicate directly with us by some other method, we may collect information about you in such communications (and we may retain the communication) and use and share such information or communications as described in this Privacy Policy.  You agree that we may communicate with you about the Services through the App or using your email address, phone number, mailing address, or any other means of communication that you authorize or that you use to communicate with us.

Information Automatically Collected; Cookies; Tags.  When you access or use the Services, we may collect information about you and your computer or device, including through the use of both session and persistent “cookies,” “pixel tags,” or “web beacons” (collectively, “Tags”).  “Cookies” are small data files stored on your hard drive, and “pixel tags” or “web beacons” are small graphic files placed on a website or within the body of an email for the purpose of tracking your internet activity and tracking when emails are opened or accessed.  A “session” Tag will not collect information once you close the program used to access the Tag (e.g., a web browser), while a persistent Tag will collect information until it is deleted.

The type of information we automatically collect when you access or use the Services may include the IP (Internet Protocol) address of your computer or device; information about Tags on your computer or device; pages you viewed on the Site; how long you spent accessing each page; how long you used an App; times and dates that you accessed or used the Services; your computer or device type and operating system type; browser type and language; and other information about how you accessed or used the Services.

We also use Google Analytics to understand how the site is being used.  Google Analytics uses permanent cookies on your web browser to identify you as a unique user.  Please see Google’s privacy policy for more information on how such data is collected and shared by Google.


Administering the Services.  We use information you and Providers provide, and information that we collect as described in this Privacy Policy, to administer the Services; including to send you follow-up questions, notices or alerts, to allow you and other users to access and use the Services; to diagnose problems with the Site, Services, and Apps; to provide information you request or to respond to communications by you, your Providers; and to improve the Site, Services, or Apps. 

We also analyze your information and your access and use of the Services in order to improve and customize your experience, including remembering information so you will not have to reenter it. We may also use such information to contact you regarding changes, system maintenance and outage issues, account or membership issues, or otherwise troubleshoot problems related to the Site, Services, or Apps.

We may share with your Providers any information about you that is necessary or useful to enable us to provide the Services that you request of us.

Communications with your Providers. We may share your information with your Providers, including information collected from your Device (if applicable) and which you choose to share with us, including User Health Data, through our App or third party messaging partner.  We cannot control how any Provider may use or disclose of the information you may make available through use of the Service. 

Improving our Products and Services. We may use your data, including your User Health Data, to improve our algorithms, technology, products and services, including to train our software and to gain greater understanding of the factors involved in controlling and monitoring asthma and lung health.  For these purposes, unless otherwise expressly permitted by you, we will anonymize or de-identify your User Health Data in a way that complies with HIPAA requirements so that such User Health Data is not identifiable or linkable to you. For example, we may request that you consent to use of zip code level data so that we may track applicable environmental factors and improve our algorithms. 

Service providers.  We will disclose your information to our service providers that assist with the Site, Services, or Apps.  For example, we may use a third party messaging service to gather additional information about your symptoms based on information collected by the Device. We contractually require our service providers not to use or share your information for purposes other than as needed to provide the applicable services.  

Marketing Communications.  We may in the future distribute a newsletter or other marketing or promotional communications to inform our user about promotions, upcoming events, news about products and services offered by us and our selected partners or news and information relating to lung health, wellness or asthma conditions.  Prior to sending you any such newsletter or other marketing communications, we will obtain your consent.  Thereafter, our marketing emails will tell you how to “opt-out.”  If you opt out, we may still send you non-marketing emails, including emails about purchase confirmations, invoices, technical notices, security alerts, and support and administrative messages.

Other disclosures.  We may disclose your information if we have a good faith belief that access, use, preservation, or disclosure of such information is reasonably necessary to satisfy any applicable law, regulation, legal process or other governmental or law enforcement request; to enforce our Terms of Use, including investigation of potential violations; detect, prevent, or otherwise address fraud, security or technical issues; or protect against or mitigate harm to the rights, property or safety of us, you, other users, or the public as required or permitted by law. We may also use personal and health-related data, including geographic location and demographic data, to track overall symptom reporting, monitoring spread of CV19(or other disease)-like symptoms and reporting to public health databases and agencies.

Aggregate and non-personally identifiable information.  We may use non-identifiable anonymous data that is based on users’ access or use of the Services, including the User Health Data, and combine it with other anonymous data to create what is referred to as “Aggregate Data” that may be used by us to improve the Services or disclosed to third parties. Aggregate Data is information that describes the habits, usage patterns and/or demographics of users as a group but does not reveal the identity of particular users. For example, Aggregate Data may provide information on the types of procedures for which you may require additional reminders or tasks, or how different features of the Services are accessed or used by different demographic groups.  Aggregate Data may be used to determine such information as user demographics and access and usage patterns of the Services. We may use Aggregate Data to understand the needs of our users and to determine what kinds of products and services we can offer, including improvements and new products. We may also share Aggregate Data with third parties.  Except as described in this Privacy Policy, we will not provide your personally identifiable information for marketing or other purposes without your consent.

Corporate events.  If we become involved in a merger, acquisition, or any form of sale of some or all of our assets, your information may be included in the assets sold or transferred to the acquirer.  You agree that we may transfer or assign the information we have collected about you in connection with any such event.   In the event of a bankruptcy, insolvency, reorganization, receivership or assignment for the benefit of creditors, we may not be able to control how your personal information is treated, transferred, or used.

With permission.  We may share your information for reasons not described in this Privacy Policy only with your permission.


You may request that we delete personal information we collect about you by sending an email to privacy@vitalflohealth.com.  Upon your request or if you uninstall applicable Apps, we will take reasonable steps to remove your personal information from the active part of the Services.  However, due to the nature of the Site, Services, and Apps, it is not feasible for us to delete or destroy all personal information that you provide to us. Even if you request that we delete your personal information, we will retain any information that we are required by law to retain.  Information that we retain will be held in accordance with this Privacy Policy until such information is deleted or destroyed. Additionally, even after you request that we delete your personal information, copies of that information may remain viewable elsewhere to the extent it has been shared, copied, or stored by you, your Providers or third parties.


California requires operators of websites or similar services to make certain disclosures to users who reside in California regarding their rights, specifically:

Your Consumer Rights. California consumers have the right to request access to their personal data, additional details about our information practices and deletion of their personal information (subject to certain exceptions).  California consumers also have the right to opt out of sales of personal information, if applicable.   We describe how California consumers can exercise their rights under the CCPA below.  Please note that you may designate an authorized agent to exercise these rights on your behalf by providing written materials demonstrating that you have granted the authorized agent power of attorney.  Please note that if an authorized agent submits a request on your behalf, we may need to contact you to verify your identity and protect the security of your personal information.  We will not fulfill your CCPA request unless you have provided sufficient information for us to reasonably verify you are the consumer about whom we collected personal information.  We will not discriminate against you if you choose to exercise your rights under the CCPA.  

Rights to Know. You may request, no more than twice in a 12-month period, access to the specific pieces of personal data we have collected about you in the last 12 months.  You may also request additional details about our information practices, including the categories of personal information we have collected about you, the sources of such collection, the categories of personal information we share for a legitimate business or commercial purposes, and the categories of third parties with whom we share your personal information. You may make these requests by contacting using the contact information provided below in the “Contact Us” Section.   After submitting your request, please monitor your email for a verification email.  We are required by law to verify your identity prior to granting access to your data in order to protect your privacy and security. 

Copies of Personal Information. You may request, no more than twice in a 12-month period, transportable copies of your personal information that we have collected about you in the last 12 months.  You may make these requests by contacting using the contact information provided below in the “Contact Us” Section.   After submitting your request, please monitor your email for a verification email.  We are required by law to verify your identity prior to granting access to your data in order to protect your privacy and security. 

Deletion. You may request that we delete the personal information we have collected about you.  Please note that we may retain certain information as required or permitted by applicable law.  You may make these requests by contacting us using the contact information provided below in the “Contact Us” Section.  After submitting your request, please monitor your email for a verification email.  We are required by law to verify your identity prior to granting access to your data in order to protect your privacy and security.

Do-Not-Track. Some browsers give individuals the ability to communicate that they wish not to be tracked while browsing on the Internet. California residents are entitled to know how we respond to “Do Not Track” browser settings.  However, we do not currently take actions to respond to Do Not Track signals because a uniform technological standard has not yet been developed.


You may update, change, or correct your personal information through the App, the Services or by contacting us at support@vitalflohealth.com.  We will update your account, membership, or information as requested, provided, that we may decline to update information if we determine the request to be impractical (for instance, requests concerning information residing on backup tapes or other historical data) or to be inconsistent with our data retention practices (described above). In any case where we provide information access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort.


Social media sites.  We may have pages or other presence on various social networking sites or services, such as Facebook, Twitter, and the like.  Any information you post or provide through such sites and services will be subject to the policies of those sites and services.

Links to third-party sites.  This Privacy Policy addresses only the collection, maintenance, use, transfer and disclosure of information collected by or through the Site, Services, and Apps.   It does not apply to the practices of third parties, including any Device or Intermediary App providers that we do not own or control. We do not endorse or make any representations about third parties or third-party websites, devices or apps.  We encourage you to review the privacy policy of any such third parties.

Disclaimer and release.  We cannot control how any Providers, or third parties might use or disclose your information, so be sure that you trust them and that you are comfortable with the information that may be shared with them.  You are responsible for designating your Providers and for keeping your list of Providers current, so please add, remove, or modify relevant information about Providers as such information changes.


Our servers are located in the United States of America and the access and use of Services are governed by U.S. law, this Privacy Policy, and our Terms of Use.  By accessing or using the Services from outside the United States, you agree that you consent to the transfer of your personal information to the United States, and to the maintenance and processing of your information in the United States, which might not have protections that meet applicable requirements in the country in which you are located.


The Site, Services, and Apps are not intended for use by minors under the age of 13, unless through a parent or guardian.  If we learn that a child under the age of 13 has provided us with personal information without parental consent, we will promptly take reasonable and appropriate actions to remove such user and delete any personal information from our servers.


In certain situations, we are a "Business Associate," as defined by HIPAA (the federal Health Insurance Portability and Accountability act) of certain “covered entities”, and have certain federal, state and contractual restrictions as to how we can use your "protected health information" (PHI), including with respect to the Providers. In other situations, we are required by federal and state data protection laws to protect the confidentiality of your Personally Identifiable Information (PII). When acting as a Business Associate, we may only use or disclose your PHI and PII as required by law or, in the case of PHI, as permitted by the Business Associate Agreements (BAAs) we have with our customers including Providers, and as otherwise expressly permitted by you. Please be aware that when you give others access to your data (including PHI and PII), they may be able to use, reproduce, distribute, display, transmit, and/or communicate that data to others and the public. Please consider carefully what you choose to share or make public. We shall not have any responsibility for access, use or disclosure of your data by people you authorized to have access to your user account. If you are using the Service in coordination with your Providers or as part of a research study, you are granting access to your health information (including PHI and PII) to the Providers and study personnel. You expressly consent to the access and disclosures outlined in this section. 

In the absence of such business associate agreement or provider agreement, you understand and agree that your information is not protected under HIPAA.  However, we will take reasonable security measures to protect against unauthorized access to or unauthorized alteration, disclosure, or destruction of your information.  However, we cannot guarantee your information will be absolutely secure or that unauthorized persons will not access or use your personal information for improper purposes.  In the event of a breach of security affecting the personal information that you or Providers have provided to us, or the personal information that we have collected, we will take remedial actions as required by applicable laws, which might include providing you notice of such breach.  You agree that we may send you such notices via the Site, Services, Apps, email, or mail.


If you have any questions or suggestions regarding this Privacy Policy or the information described in this Privacy Policy, please contact us at: privacy@vitalflohealth.com.