Legal
Privacy Policy
Last updated: June 29, 2026
This Privacy Policy explains how VaxFlow ("we", "us", or "our") collects, uses, shares, and protects personal data when you visit our website or use our vaccine ordering and supply platform (the "Services").
This page is maintained by VaxFlow as a starting template and is not a substitute for independent legal review. Please adapt it to the jurisdictions, regulatory regimes (including HIPAA, GDPR, or local public-health laws), and customer commitments that apply to your deployment.
1. Who we are
VaxFlow operates the Services. For questions about this Policy or to exercise your rights, contact us at info@cubiq-solutions.com.
2. Data we collect
Information you provide
- Account and profile data — name, work email, role, organization, and contact details.
- Operational data — vaccine orders, schedules, allow-lists, stock levels, budgeting and labelling information, and related records you enter into the platform.
- Communications — messages, demo requests, and support inquiries you send us.
Information collected automatically
- Device and usage data — IP address, browser type, pages viewed, and interaction events used to operate and improve the Services.
- Cookies and similar technologies — see "Cookies" below.
Information from third parties
We may receive limited information from identity providers, integration partners, or ministry/warehouse systems you choose to connect to the Services.
3. How we use data
- Provide, maintain, and improve the Services.
- Authenticate users, secure accounts, and prevent abuse.
- Route orders to the appropriate regional offices and warehouses.
- Monitor stock levels, expiry, and operational performance.
- Communicate with you about the Services, including updates and support.
- Comply with legal obligations and enforce our agreements.
4. Legal bases (EEA/UK users)
Where applicable, we rely on the following legal bases:
- Performance of a contract with you or your organization.
- Compliance with a legal obligation.
- Our legitimate interests in operating, securing, and improving the Services, balanced against your rights.
- Your consent, where required (for example, for certain cookies or marketing).
5. Healthcare and sensitive data
The Services are designed for vaccine supply operations. You are responsible for determining the categories of data you enter and for ensuring you have the appropriate legal basis or authorization to do so. Where the Services are used to process protected health information or other regulated data, the parties will, where required, enter into a separate data processing or business associate agreement.
6. How we share data
We do not sell personal data. We share data only:
- With your organization — administrators and authorized users in your organization can access data submitted on its behalf.
- With service providers — hosting, infrastructure, analytics, and support vendors that process data on our behalf under written agreements.
- With integration partners — only when you direct us to connect to a warehouse, ministry, or other system.
- For legal reasons — to comply with law, respond to lawful requests, or protect rights, safety, and security.
- In a business transaction — in connection with a merger, acquisition, or asset sale, subject to confidentiality obligations.
7. International transfers
Data may be processed in countries other than where you are located. Where required, we use appropriate safeguards (for example, standard contractual clauses) for such transfers.
8. Data retention
We retain personal data for as long as needed to provide the Services, meet legal and regulatory obligations, resolve disputes, and enforce our agreements. Operational records may be retained for longer periods where required by public-health, financial, or audit regulations applicable to your organization.
9. Security
We implement administrative, technical, and physical safeguards designed to protect personal data. No system can be guaranteed completely secure; you are responsible for keeping your credentials confidential and configuring access controls appropriately within your organization.
10. Your rights
Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, or object to processing of your personal data, or to data portability. You may also have the right to lodge a complaint with a supervisory authority. To exercise these rights, contact us at info@cubiq-solutions.com. If your data is controlled by your organization (for example, your employer), please direct your request to them first.
11. Cookies
We use a small number of cookies and similar technologies to operate the website, remember your preferences, and measure performance. You can manage cookies through your browser settings. Where required, we will request your consent before placing non-essential cookies.
12. Children
The Services are not directed to children, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us so we can take appropriate action.
13. Changes to this Policy
We may update this Policy from time to time. Material changes will be communicated through the Services or by other reasonable means. The "Last updated" date above indicates when this Policy was most recently revised.
14. Contact
Privacy questions, requests, and complaints can be sent to info@cubiq-solutions.com.