Privacy Policy

Last updated: February 22, 2026

1. What PharmaCom Is — and Is Not

PharmaCom is a compliance calendar and reminder service for independent pharmacies. We help you track regulatory deadlines — DEA registrations, state pharmacy permits, staff license renewals, annual training requirements, medication expiration checks, cold chain refrigeration checks, and business insurance renewals. We also provide a Compliance Analytics Dashboard and exportable PDF compliance reports.

Important: PharmaCom does not store patient data, prescriptions, medication records, or any Protected Health Information (PHI) as defined by HIPAA. Our service is limited to pharmacy and staff compliance records only. A HIPAA Business Associate Agreement (BAA) is not required to use PharmaCom.

2. Information We Collect

We collect only what is necessary to provide the service:

  • Account information: Your name, email address, and password (stored as a hashed value — never in plain text).
  • Pharmacy information: Pharmacy name, address, state, DEA registration number, and state permit numbers you choose to enter.
  • Staff information: Staff names, roles, license numbers, expiration dates, and training completion dates you choose to enter.
  • Compliance tracking dates: Dates you enter for medication expiration checks, cold chain refrigeration checks, and business insurance renewal — used solely to generate your compliance deadlines and reminders.
  • Contact preferences: Phone number and email address for sending compliance reminders.
  • Billing information: Handled entirely by Stripe. We never see or store your full card number.
  • Usage data: Basic server logs (pages visited, timestamps) for security and performance monitoring.

3. How We Use Your Information

  • To generate and display your pharmacy compliance calendar.
  • To send deadline reminders via WhatsApp and/or email at your chosen intervals.
  • To generate your Compliance Analytics Dashboard — a summary of your compliance health score, category breakdown, and 12-month deadline history.
  • To produce exportable PDF compliance reports when requested.
  • To process your subscription payment through Stripe.
  • To send transactional emails (account confirmation, trial notices, billing receipts).
  • To improve the service based on aggregated, anonymized usage patterns.

We do not sell your data. We do not use your data for advertising. We do not share it with third parties except as described in Section 4.

4. Third-Party Services We Use

Amazon Web Services (AWS) — Our servers and database are hosted on AWS in the United States (us-east-1). AWS is SOC 2 and ISO 27001 certified.
Postmark — Used to send transactional emails. Your email address is shared with Postmark solely for this purpose.
Twilio — Used to send WhatsApp reminders. Your phone number is shared with Twilio solely for this purpose.
Stripe — Processes subscription payments. Your payment information is handled directly by Stripe and is never stored on our servers.
Groq — Powers the AI Compliance Assistant chat feature. Queries you submit to the AI assistant may be processed by Groq's servers. Do not enter patient data or PHI into the chat.

5. Data Storage and Security

  • All data is encrypted in transit using TLS (HTTPS).
  • Passwords are hashed using PBKDF2 with SHA-256 — they are never stored or accessible in plain text.
  • Your pharmacy data is logically isolated — no other pharmacy account can access your records.
  • Our database runs on Amazon RDS with automated backups.
  • Access to production systems is restricted to authorized personnel only.

6. Data Retention

We retain your data for as long as your account is active. If you cancel your subscription, your data is retained for 30 days to allow for reactivation, then permanently deleted upon request. To request deletion, email us at [email protected].

7. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data at any time through your account settings.
  • Request deletion of your account and associated data.
  • Export your compliance data (available in settings).
  • Opt out of non-transactional communications.

8. Cookies

We use session cookies solely to keep you logged in. We do not use advertising cookies or third-party tracking cookies.

9. Changes to This Policy

We may update this policy periodically. If we make material changes, we will notify you by email at least 14 days before the changes take effect. Continued use of the service after that date constitutes acceptance of the updated policy.

10. Contact

Questions about this policy? Contact us at:

Zelos IT Solutions
Dallas, TX
[email protected]