Privacy Protocols.
Last Revised: January 8, 2026
1. Data Collection Architecture
ZuvFlo collects clinical data necessary for the operation of dialysis facilities, including patient vitals (BFR, Venous Pressure, KT/V), lab results, and staff scheduling information. This data is collected through direct IoT bridge connections to dialysis machines and authenticated input from clinical staff.
2. Military-Grade Encryption
All data is encrypted at rest using AES-256 and in transit using TLS 1.3. We maintain multi-region, air-gapped backups to ensure 99.99% data availability. ZuvFlo is SOC2 Type II certified and undergoes quarterly penetration testing by third-party security firms.
3. HIPAA & Regulatory Compliance
As a Business Associate under HIPAA, ZuvFlo enters into comprehensive Business Associate Agreements (BAAs) with all clinical clients. We implement all required administrative, physical, and technical safeguards. All sessions are logged with biometric-linked audit trails.
4. Zero-Trust Data Policy
We do not sell, rent, or monetize patient or facility data. Data is only shared with authorized clinical partners (e.g., hospital EMRs like Epic or Cerner) through validated FHIR/HL7 interfaces at the explicit configuration of the facility administrator.
Compliance Inquiry
For formal data access requests, BAA inquiries, or security whitepapers, please contact our Compliance Officer.