Privacy Policy

Last updated: June 28, 2026

PilotFlow ("we", "our", or "us") operates an AI-powered patient communication platform for healthcare providers. This Privacy Policy explains how we collect, use, and protect information when you use our services.

1. Information We Access

When a healthcare provider authorizes PilotFlow, we request access to their Google account to:

• Send emails on their behalf to patients who have scheduled appointments or opted in to communications
• Create email drafts for the provider to review before sending

We do not access, read, or store the contents of any existing emails in the provider's inbox.

2. How We Use Google User Data

PilotFlow's use of information received from Google APIs is limited to the following purposes:

• Sending patient appointment reminders and follow-up communications on behalf of the authorized healthcare provider
• Creating email drafts for provider review

We do not use Google user data to serve advertisements, build user profiles, or for any purpose other than providing the email communication service described above.

We do not sell, share, or transfer Google user data to any third parties.

3. Google API Services User Data Policy

PilotFlow's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4. Data Storage and Security

OAuth refresh tokens are stored securely in our systems and are used solely to send emails on behalf of the authorized provider. Patient information (names, email addresses, appointment dates) is stored in Google Sheets under the provider's control. PilotFlow does not maintain a separate database of patient records.

5. Data Retention

We retain OAuth credentials only for as long as a provider is an active PilotFlow customer. Upon termination of service, all credentials are deleted within 30 days. Providers may revoke access at any time through their Google Account settings at myaccount.google.com/permissions.

6. Healthcare Provider Responsibilities

Healthcare providers using PilotFlow are responsible for ensuring that patient communications comply with applicable laws, including HIPAA. PilotFlow sends communications only to contacts explicitly provided by the healthcare provider.

7. Children's Privacy

PilotFlow is a business-to-business service for healthcare providers. We do not knowingly collect personal information from individuals under 18.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify active customers of material changes via email.

9. Contact

If you have questions about this Privacy Policy or how we handle your data, contact us at:
jordan@pilotflow.org