How We Built Flamingo: Privacy, Security, and Trust in Healthcare Tech

When we started building Flamingo, we knew we were asking people to trust us with something precious: their family's medical history. Not just data points in a database—but conversations with doctors, diagnoses that changed lives, moments of fear and hope, information that could be life-saving or deeply private.

That responsibility keeps us awake at night. In a good way.

This isn't a typical "how we built our startup" story. It's about the decisions we made—and continue to make—about security, privacy, and ethics when building healthcare technology. Because trust isn't something you claim. It's something you earn, every single day.

Why We Built This

Flamingo wasn't born from a whiteboard session about market opportunities. It came from lived experience.

Our founder's father was diagnosed with cancer. Coordinating his care across multiple specialists, countries, and family members was overwhelming. Critical information lived in scattered notes, forgotten conversations, and memories that couldn't be relied upon. Important details fell through the cracks. The family felt helpless.

"I realized," our founder recalls, "that we had 21st century technology for almost everything—except for the thing that mattered most. Managing healthcare for someone we loved was still happening via scraps of paper, patchy memories, and frantic phone calls. It was absurd."

We built Flamingo to solve a real problem we'd experienced personally. That's why we understand what's at stake. It's not theoretical. This is about real families, real health crises, real lives.

The Trust Question

Healthcare data is different from other data.

Your shopping habits, while personal, aren't life-or-death. Your medical history is. It's sensitive. It's intimate. Mishandled, it could be used to discriminate against you for insurance, employment, or simply your dignity and privacy.

Every person who signs up for Flamingo is making a leap of faith. They're trusting that we'll:

• Keep their data secure from hackers and breaches
• Never sell or share their information
• Respect their privacy completely
• Handle their data ethically
• Be transparent about our practices
• Still be here when they need us

That trust is sacred. Here's how we honour it.

Security: What We Actually Do

Let's talk specifics, because "we take security seriously" is meaningless without details.

Encryption in transit and at rest

Your data is encrypted whenever it moves between your device and our servers (TLS encryption in transit) and when it's stored on disk (AES-level infrastructure encryption at rest). Data intercepted between your device and our servers would be unreadable. Data on disk is protected against physical compromise at the data centre level.

Flamingo's intelligence features—AI summaries, structured data extraction, cross-record analysis—require us to process your data on our servers. That's the core of what makes the product useful. We won't call this "end-to-end encryption" in the way that term is used for messaging apps, because that would be misleading. Instead, we protect your data with strong encryption at every stage and strict access controls over who can do what with it. We think that honesty is more respectful than a buzzword.

Your data lives in the UK

All Flamingo data is hosted in London (AWS eu-west-2), in data centres that comply with UK data protection regulations. We chose UK hosting deliberately: your health data stays in your jurisdiction, subject to UK law and UK regulatory oversight.

We don't route your data through servers scattered around the world. We don't store it wherever is cheapest. It lives in London, protected by some of the strongest data protection laws in the world.

Strict access controls

Access to production data is governed by a written policy, with audit logging that tracks who accesses what. We follow the principle of data minimisation—using anonymised or synthetic data wherever practical, and real data only where necessary for quality assurance of features like AI summaries and structured data extraction. Access controls are role-based, even at our current team size, because building good habits early matters.

We could have claimed we never look at user data. But that wouldn't be true for any company building AI-powered health features, and we'd rather earn your trust through honesty than marketing. What we can tell you: access is controlled, it's audited, and it's governed by policy—not left to good intentions.

Infrastructure security

• Hosting on established cloud infrastructure with automatic security patching
• Multi-factor authentication available for all accounts
• Role-based access control (you decide exactly who sees what in your vault)
• HTTPS on every connection—your device to our servers, our servers to external services

No system is perfect

Anyone claiming their system is 100% secure is lying. We can't promise you'll never be affected by a security incident. What we can promise is:

• We've built security into every layer we control
• We're constantly monitoring and improving
• If a breach ever occurs, we'll notify affected users promptly—within 72 hours as UK GDPR requires, and sooner if we can
• We'll explain clearly what happened and what we're doing about it

Privacy: More Than Just Security

Security protects your data from unauthorised access. Privacy is about respecting what you want done with your data—even when access is authorised.

What we collect (and why)

We only collect information necessary for Flamingo to function:

• Account information (email, name) to identify you and communicate
• Health information you choose to add (because that's the entire point)
• Usage data (which features you use) to improve the platform

Our website uses cookies for analytics and to understand how people find us. We'll always ask for your consent before setting non-essential cookies, as UK law requires. Critically, your health data and your marketing data are completely separate worlds. We will never use anything from your health vault to target advertising, build marketing profiles, or inform any commercial decision about you.

What we will never do

• Sell your data. Not to advertisers, data brokers, pharmaceutical companies, insurance companies, or anyone else.
• Use your health information for marketing or advertising—not to you, not to anyone
• Share your data with third parties without your explicit consent
• Train AI models on your data without your explicit, informed consent
• Build profiles of you based on your health information

This isn't just policy—it's foundational to why Flamingo exists. The moment we compromise on this is the moment we've failed our mission.

Your data, your control

Flamingo is designed as a permanent health vault—a record that grows more valuable the longer you use it, kept for as long as you choose. But you remain in control at every point:

• You can export your complete data at any time in standard formats
• You can delete individual records or your entire account
• When you delete something, we remove it from our live systems and all derived data—AI summaries, extracted values, and structured records generated from the deleted source are all removed too
• Deleted data may persist briefly in automated backups until our standard backup rotation clears them. We'd rather be upfront about that than pretend deletion is instantaneous across every system
• You control exactly who has access to what information in your vault
• You can revoke shared access at any time

Compliance: Why We Think About Regulation Differently

We don't view compliance as a checkbox exercise. These regulations exist to protect you, and we think carefully about how they apply to what we're building.

UK GDPR and Data Protection Act 2018

As a UK-based company handling sensitive health data, we comply with UK GDPR requirements including:

• Explicit consent for processing your health data (which GDPR classifies as "special category" data requiring the highest level of protection)
• Data minimisation (only collecting what we need)
• Purpose limitation (only using data for stated purposes)
• Your rights to access, correct, export, and delete your data

We've designed Flamingo around these requirements from the ground up—not bolted them on afterwards.

HIPAA: Designing for US Healthcare Standards

As a direct-to-consumer app where you input your own data, HIPAA doesn't currently apply to Flamingo in a strict legal sense. Many companies would stop there.

We've chosen not to. We're voluntarily pursuing alignment with HIPAA standards—the US healthcare privacy framework—because US users rightly expect healthcare apps to meet these standards, and because we believe building to the highest applicable standard is simply the right approach. This means working toward Business Associate Agreements with our data processors, building administrative and technical safeguards that meet HIPAA requirements, and designing breach notification procedures that satisfy both UK and US standards.

We're not there yet, and we won't claim compliance until the work is done. But we're building toward it deliberately, because retrofitting security is always harder than building it in from the start.

International privacy by design

Our privacy framework is designed to meet the standards of the strictest jurisdictions we operate in. That means a user in Canada, Australia, or New Zealand receives the same privacy protections as a user in the UK—not because we're legally required to in every case, but because we don't believe in offering different tiers of privacy based on where you happen to live.

The Decisions That Keep Us Honest

Compliance and security are necessary but not sufficient. Some of the hardest decisions we make aren't about what's legal—they're about what's right.

AI and your health data

Flamingo uses AI to make your health information more useful—generating structured summaries of appointments, extracting key details from documents, and surfacing relevant information when you need it. This is core to our product.

Here's how we handle it responsibly:

• We use AI services from providers whose data handling practices we've assessed and hold to our standards
• AI features analyse your data to serve you—not to build datasets for anyone else
• We will never train AI models on your data without your explicit, informed consent
• AI in Flamingo helps you understand your health and ask better questions. It does not diagnose, prescribe, or replace clinical judgement

Family sharing and safety

Flamingo allows families to share health information—a parent sharing their records with adult children coordinating their care, for instance. We've thought carefully about how to make this powerful without making it dangerous.

Our protections:

• Granular access controls: share specific information, not everything
• You choose what to share and with whom, on a per-item basis
• Access can be revoked at any time, without the other person being notified
• Shared data is a live view of the source, not a copy—if the owner deletes something or revokes access, it's gone for everyone
• Private vault sections that only you can see, even from people you share other information with

Data requests from authorities

Our position on government and law enforcement data requests:

• We require valid legal process (a court order or warrant) before disclosing any user data
• We will notify affected users of requests unless we are legally prohibited from doing so
• We will challenge requests we believe are overly broad or inappropriate
• We will never build backdoor access into our systems for any government or agency—backdoors compromise security for everyone

The business model question

How do we make money if we're not selling data?

Flamingo operates on a subscription model. You pay us; we provide a service. That's it.

This matters more than it might seem. When a product is free, you're usually the product—your data funds the business through advertising or sales to third parties. When you pay for a product, the company's incentive is to build something valuable enough to be worth paying for. Our interests and yours point in the same direction.

We're not funded by pharmaceutical companies, insurance providers, or anyone else who might want access to your data. Our only customer is you.

What Could Go Wrong

Let's talk about realistic risks, because pretending they don't exist doesn't help anyone.

Scenario: Data breach

Despite our security measures, a sophisticated attack could compromise data. We can't guarantee it will never happen—no one can.

Our response commitments:

• Immediate investigation and containment
• Notification to affected users within 72 hours (the UK GDPR standard), and sooner if possible
• Notification to the ICO (Information Commissioner's Office) as required by law
• Clear explanation of what was accessed and what it means for you
• Support for affected users
• Transparent post-incident reporting on what happened and what we've changed

Scenario: Company acquisition or closure

What happens to your data if Flamingo is sold or shuts down?

Our commitments:

• If Flamingo is acquired, we will require any buyer to honour our existing privacy commitments to users
• If Flamingo closes, users will receive advance notice and the ability to export all their data before the service shuts down
• Your data belongs to you. If we can no longer provide the service, you take your data with you

The Human Side

Behind all the technical specifications and policies are people who care deeply about getting this right.

We built Flamingo because we needed it ourselves. We've sat in hospital waiting rooms trying to remember what the last consultant said. We've managed care for family members across time zones. We've experienced firsthand the anxiety of knowing that important health information is scattered across notebooks, voicemails, and fading memories.

When we make decisions about features, security, or privacy, we ask: "Would we trust this with our own family's medical information?" If the answer is no, we don't build it.

That's not a marketing line. It's genuinely how we work. Our families' data is in Flamingo too.

Why This Matters

You might read all this and think: "That's interesting, but does it really matter? My medical information isn't that sensitive."

Here's why it matters:

Medical data can be used to deny you insurance, employment, or housing. It can be used by domestic abusers to control partners. It can be exposed in ways that cause embarrassment, discrimination, or harm. It contains information about mental health, sexual health, genetic predispositions—things that remain deeply personal and often stigmatised.

Even if you personally don't feel vulnerable, building systems that protect privacy and security protects everyone—especially the most vulnerable.

Our Promise

We can't promise perfection. We can promise:

• We'll never compromise your privacy for profit
• We'll be transparent about our practices and honest about our limitations
• We'll earn your trust through actions, not just words
• We'll evolve our practices as technology and threats change
• We'll always remember that behind every data point is a real person and a real family

Your family's health story matters. The trust you place in us by sharing it matters. We don't take that lightly.

This is more than a business to us. It's a responsibility we're honoured to carry.

Questions? We're Listening

If you have questions about security, privacy, or how we handle data, ask us. We're happy to explain our practices in as much detail as you want.

Because trust isn't built through marketing copy. It's built through open, honest conversation and consistent, ethical action.

Thank you for trusting us with something that matters.

Have security or privacy questions about Flamingo? We're always happy to discuss our practices. Get in touch through our contact page.