Privacy policy

Why should I read this policy?

This policy describes how Flow Neuroscience collects, uses and protects your personal information.

What kind of information do we collect about you?

We collect information that helps us provide a service to you. Below, you find the types of data we collect and the reasons for why this data is collected:

  • Your email: When logging in to our services, you are identified by your email address. This allows you to recover your password, allows us to send you information about the services and answer any support requests you make.
  • Your age, treatment history and habits: We collect this kind of data to provide you with a personalized experience and to better understand when the treatment works or when it doesn't, and how it can be improved. You don't have to answer these types of questions if you don't want to.
  • Your current mental health: This allows you to track your treatment progress and allows for us to better understand how or for whom the treatment works.
  • Information about how, where and when you're using our services: By understanding how, where and when our services are used, we can improve your and all other users' experience of the services.
  • Purchasing and delivery information (in case you buy physical products from us): We need your address and payment details to enable your order of physical products. Also, since the Flow headset is a medical device we are required by law to store your information in case we need to make a recall.

For how long will you store information about me?

As long as you have an account with us, information will be stored. If you choose to terminate your account with us, your personal data will be retained for a maximum of 1 year and then erased. Information we use for sending newsletters or marketing will be retained until the time you choose to unsubscribe to this kind of information. We might store anonymised and aggregated data based on the information you provide even after you have ended your account with us. In this case, nothing that can identify you as an individual will be stored.

Who has access to the information you collect and keep regarding me?

Your personal data may be handled by staff who works for Flow Neuroscience, no third party has access to your personal information as long as the law does not require us to share it. We have procedures in place to ensure that your personal information is handled in a safe and secure manner in accordance with applicable legislation. For more information, please contact us via email.

In order to be able to offer you Klarna's payment options and in order for Klarna to assess whether you qualify for their payment options and to tailor the payment options for you, we will pass to Klarna certain aspects of your personal information, such as contact and order details. You can find general information on Klarna here. Your personal data is handled in accordance with applicable data protection law and in accordance with the information in Klarna's privacy statement.

Where and how do you store my information?

Your personal data is stored in data centers within the European Union. For technical reasons, our subcontractors may need to move information to other countries outside of the EU. If this happens, appropriate protection measures and standardized data protection measures approved by the EU Commission are used.

All communication between our websites, servers and apps are encrypted with industry standard techniques (HTTPS). The servers where data from our apps is stored are hosted by Amazon Web Services and physically located within the EU. The hosting provider managing our servers has the following security certifications to ensure that your data stays safe:

  • ISO 27001, 27017, 27018: Security Management Controls, Cloud Specific Controls, Personal Data Protection
  • SOC 1, 2, 3: Security, Availability & Confidentiality Reports

What are my rights?

  • Right to information: You can request a copy of the personal information Flow Neuroscience has collected about you.
  • Right to rectification: We want to ensure that your information is up to date and correct. You can request that your information be corrected or removed if you consider it incorrect.
  • Right to be forgotten: You can request us to delete your personal information. We may not delete data that the law requires us to keep.
  • Data portability: You can request that Flow Neuroscience transfer your personal data from our IT environment, either to another company or to you. This does not apply to information that the law requires us to keep.
  • Withdrawal of consent: You can withdraw your consent to share your information or to receive marketing / emails at any time. Either by unsubscribing from the mailing list or by contacting us through email.
  • Complaint: You can file a complaint with the Data Protection Authorities if you believe that we are treating your personal data in violation with GDPR.

How can I use my rights?

If you wish to use any of your rights, please contact us by email you'll find our email address at the bottom of this policy). If you want to file a complaint with the computer inspection, you need to contact them.

What about cookies?

Cookies are files with a small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your computer's hard drive.

Like many sites, we use "cookies" to collect information on our websites. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our sites. If your internet browser is set and configured to accept cookies, you consent to the use of cookies.

GDPR compliance

The GDPR (General Data Protection Regulation) is an important piece of legislation that is designed to strengthen and unify data protection laws for all individuals within the European Union. The regulation became effective and enforceable on the 25th of May 2018. Flow Neuroscience has undertaken the required business and technology steps to operate in a manner compliant with GDPR.

Updates to this policy

We may update this policy and will then notify you via email or our apps. This policy was last updated on April 27, 2020.


If you have any questions regarding this policy, regarding the use of your personal information or about your rights, please contact us at: