Sign In
Sign In

Flono Privacy Policy

Version 1.0 | Effective Date: May 5, 2026

Flono is owned by RevSEA Co., Ltd.

We have adopted this Privacy Policy, which determines how we are processing the information collected by Flono, which also provides the reasons why we must collect certain personal data about you. Therefore, you must read this Privacy Policy before using Flono website.

1. Legal Relationship and Parties

This Privacy Policy (“Policy”) governs the collection, processing and storage of data by RevSEA, operating as Flono (“the Provider”), a clinic management software-as-a-service (SaaS) provider.

The Subscriber (defined as the legal entity or licensed practitioner purchasing the subscription) acknowledges that the Provider acts solely as a Data Processor. The Subscriber acts as the Data Controller (or Health Information Custodian) and assumes all legal responsibility for the collection, accuracy, and use of Patient Data within the Flono environment.

2. Scope of Service

The Subscriber acknowledges and agrees that Flono is an internal-facing business tool only. The Provider does not provide a Patient-facing interface, booking portal, or direct access for third-party patients. The Subscriber is solely responsible for obtaining necessary patient consents for the digital recording of their medical information, including but not limited to, handwritten stylus notes, anatomical drawings, and clinical photography.

3. Indemnification and Medical Liability

The Provider provides a platform for the recording of clinical data through stylus-based input and digital templates. The Provider does not offer medical advice and is not a healthcare provider. *The Subscriber agrees to indemnify and hold harmless the Provider against any claims of medical malpractice, misdiagnosis, or professional negligence resulting from the use of the platform.

  • The Provider shall not be held liable for any data loss, corrupted handwriting files, or inaccuracies in the Intelligence Dashboard that may impact the Subscriber’s clinical or financial decision-making.

4. Data Categories and ProcessingA

The Provider processes the following data categories under the instruction of the Subscriber:

  • Subscriber Account Data: Legal name, contact information, and PCI-compliant payment tokens processed via third-party providers (Stripe).

  • Personnel Data: Login credentials and audit logs for Clinic Staff (Doctors, Beauticians, Receptionists,Cashiers).

  • Clinical Patient Data: Individually identifiable health information (IIHI), medical history, billing records, and treatment photographs.

  • Non-Typographic Data: Stylus-input metadata and vector-based handwriting files used for clinical charting.

5. Access Control and Role-Based Permissions

The Flono platform provides functionality for the Subscriber to implement Role-Based Access Control (RBAC).

  • The Subscriber is legally obligated to configure these permissions in accordance with local healthcare privacy laws.

  • The Provider disclaims all liability for unauthorized internal data breaches caused by the Subscriber's failure to properly restrict staff access to sensitive patient files, billing records, or photographs.

6. Data Security and Breach Notification

The Provider employs industry-standard Administrative, Physical, and Technical safeguards, including TLS 1.3 encryption and firewalled database architecture.

  • In the event of a confirmed data breach originating from the Provider’s infrastructure, the Provider will notify the Subscriber within the timeframe required by applicable law.

  • The Subscriber remains responsible for notifying their individual Patients of any such breach as required by their local jurisdiction.

7. Data Retention and Termination

The Provider shall retain data only for the duration of the active subscription.

  • Upon termination or expiration of the subscription, the Provider reserves the right to delete all Subscriber and Patient data following a thirty (30) day grace period, unless a shorter period is required by law.

  • It is the Subscriber’s sole responsibility to export clinical records and patient files prior to account termination. The Provider assumes no liability for the destruction of medical records following the closure of a Subscriber account.

8. Third-Party Integrations and Omnichannel Data

For Subscribers utilizing the Omnichannel Sync (Flono Pro), the Provider acts as a conduit for data flowing from third-party platforms (e.g., Meta/Messenger).

  • The Provider is not responsible for the privacy practices of these third-party platforms.

  • The Subscriber warrants that their use of external booking leads complies with all anti-spam and telecommunications privacy regulations.

9. Jurisdiction and Dispute Resolution

This Policy shall be governed by and construed in accordance with the laws of the Thailand in which RevSEA Co., Ltd is registered. Any disputes arising from the use of Flono shall be settled through binding arbitration, and the Subscriber waives any right to participate in class-action litigation.

11. Zero-Access Architecture and Data Encryption

The Provider (Flono and RevSEA) operates on a restricted-access infrastructure.

  • No Access to Clinical Data: The Provider’s employees and Super Admins are technically and contractually barred from accessing Patient medical records, treatment photos, or handwritten clinical notes. These records are encrypted at rest.

  • No Access to Payment Credentials: All financial transactions are handled via Stripe. The Provider does not store, transmit, or have access to raw credit card numbers or CVV data.

  • Clinic User Privacy: The Clinic Admin is the sole manager of Clinic User accounts and Patient records. The Provider does not monitor or access individual Clinic User login credentials or their internal interactions with Patient data, except for automated system audit logs for security purposes.

12. Links to Other Websites

Our website may contain links to other websites that are not owned or controlled by us. Please be aware that we are not responsible for such other websites or third parties' privacy practices. We encourage you to be aware when you leave our website and read the privacy statements of each website that may collect personal information.

13. Information Security

We secure information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure. We keep reasonable administrative, technical, and physical safeguards to protect against unauthorized access, use, modification, and personal data disclosure in its control and custody. However, no data transmission over the Internet or wireless network can be guaranteed.

14. Contact And Representation

If you would like to contact us to understand more about this Policy or wish to contact us concerning any matter relating to individual rights and your Personal Information, you may send an email to legal@flono.io.

Contact Us

hello@flono.io

© 2026 RevSEA Co., Ltd. All rights reserved.

Find Us

Privacy Policy

Terms of Use