Privacy Policies

Who we are

opflo provides software to hospitals to help manage peri-operative staffing resources and staff schedules. opflo also provides dashboards to analyze surgical case performance data. Our website is located at Policies for both our website and for our software are below. 

Website policy

What personal data we collect and why we collect it


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Policy for software provided to clients

Overview of how data are stored

opflo software may be utilized by hospitals in one of three ways: on-site, cloud computing, or hybrid installation. The data collected and stored by opflo (and opflo designated processors) depends on the method chosen by the hospital.

For on-site installs, all data pertaining to our software is stored and maintained by the hospital on their IT infrastructure. Although no data is stored outside the hospital infrastructure, limited data is viewable by opflo for debugging and troubleshooting purposes.

For cloud computing installs, data may be transferred to and/or stored on our cloud computing platform servers, provided by Amazon, Microsoft, and Tableau. Data transfer occurs using secure technologies and data is stored using industry standard security practices. The specific data elements stored on these cloud service providers varies from hospital to hospital and is regulated by opflo’s contract with the hospital.

For hybrid installs, a combination of internal hospital IT infrastructure and cloud computing is utilized. In most situations, this involves staff resource management and staff scheduling data stored internally, and a very limited set of data for surgical case performance dashboards stored on infrastructure hosted by our business intelligence provider, Tableau. For this type of installation, data stored on cloud service providers is regulated by the opflo’s contract with the hospital.

For the purposes of sales and marketing, as well as to provide news updates, opflo stores data on its own servers. Sales and marketing data are collected with permission from the client and removed upon request.

Purposes for processing personal information

Contractual purposes

We process personal information when it is necessary for the provision of our services, in line with the purposes agreed upon between opflo, llc and its clients. 

Legal purposes

We may use personal information where we consider it necessary for complying with laws and regulations, including collecting and disclosing staff member personal information as required by law or under judicial authorization.

Legitimate interest

We may also collect and use personal information when it is necessary for other legitimate purposes, such as to help us conduct our business more effectively and efficiently – for example, for general IT security management when auditing access of our platforms. We may also process your personal information to investigate violations of law or breaches of our or our client’s own internal policies.

We may also collect and process personal information for purposes of sales, marketing, and news updates to our clients and potential clients.

Types of personal information we process

 opflo only processes data provided by and specified by the client, and exact data processed depends on the services provided to the client. opflo does not store or process data for its own purposes.

Examples of types of personal information that may be processed include:

  • Identification data (e.g., name, gender, photograph)
  • Contact details (e.g., addresses, telephone numbers, email addresses)
  • Employment details (e.g., job title/position, roles in organization, privileges)
  • Technical information (e.g., IP addresses, user login / security information)

Specific data elements processed may be less or greater than those listed in categories above, dependent on what services the client requests and what data the client provides.

Data collected for sales and marketing purposes, and to provide news updates to clients and potential clients, include contact name, phone number, email address, and history of communication.

Who we share personal information with

 opflo takes care to provide access to personal information only to those who require such access to perform their tasks and duties in relation to the provision of our services. As noted above, dependent on type of installation, opflo data may be stored on third party processors such as Amazon Web Storage, Microsoft Cloud Computing, and Tableau hosted services. Generally, these processors do not have access to unencrypted data but may have access to technical data for purposes of security, auditing, and debugging of their platforms. Specifics on their GDPR compliance can be located at their respective websites.

Transfers to other third parties

We may also disclose personal information to third parties on other lawful grounds, including:

  • To comply with our legal obligations, including where necessary to abide by law, regulation or contract, but not limited to, a subpoena, government audit or search warrant
  • As necessary to establish, exercise or defend against potential, threatened or actual litigation
  • In connection with the sale, assignment or other transfer of all or part of our business; or
  • With your expressed consent

Transfer of personal information abroad

Data stored for on-site installs does not leave the client’s data center. Data stored via the cloud computing option is stored in a data center in the same geographic region as the client to conform with data protection and other applicable laws. An exception is that surgical performance dashboards stored on the Tableau hosted cloud platform may reside in a different geographical location than the client. However, opflo strives to meet the most stringent data protection laws no matter in which geographical region data is stored.

Data retention periods

For on-site installations, data are never retained by opflo but rather the client themselves. The client is responsible for removing all data per their policies.

For cloud computing or hybrid installs, personal information will be stored in accordance with applicable laws and kept for as long as needed to carry out the purposes described. Generally, this means your personal information will be retained until the termination of the relationship with opflo, llc.


Contact with any questions regarding this policy.


Updated 15 October, 2018