Privacy Policy

Profaama is deeply committed to protecting the privacy and security of our users' data. We understand the sensitivity of healthcare information and have designed our platform to be compliant with the Health Insurance Portability and Accountability Act (HIPAA). For our pharmacy clients ("Covered Entities"), Profaama acts as a "Business Associate" under HIPAA regulations, and we adhere to the stringent requirements set forth for protecting Protected Health Information (PHI).

We collect information necessary to provide our services to pharmacies and their patients.

Information from Pharmacies:

• Business information including name, address, and phone number.
• User accounts for pharmacy staff, including names, roles, and email addresses.

Information from Patients (on behalf of the pharmacy):

• Personally Identifiable Information (PII): Name, date of birth, phone number, email address.
• Protected Health Information (PHI): Prescription details, medication history, health conditions, communications with the pharmacy, and appointment details.

Website Usage Data:

We may collect standard information via cookies (e.g., IP address, browser type) for analytics and to improve site functionality. This data is not linked to PHI.

We use the information collected solely for the following purposes:

• To Provide and Manage the Service: To send automated reminders, facilitate secure messaging between patients and their designated pharmacy, manage appointments, and process payments.
• For Support and Maintenance: To troubleshoot technical issues and respond to user inquiries from both pharmacies and patients.
• To Improve Our Platform: We may use anonymized and aggregated data to analyze usage patterns and improve our platform's features and effectiveness. This data cannot be used to identify any individual patient or pharmacy staff member.

Your privacy is paramount. We only share information under specific circumstances:

• Within the Platform: A patient's information is strictly confidential and is only visible to them and the specific pharmacy (or pharmacies) they have authorized. Data is never shared between unaffiliated pharmacies.
• With Third-Party Service Providers: We use trusted third-party vendors for essential services like cloud hosting (e.g., AWS, Google Cloud), SMS gateways, and payment processing. These vendors are contractually bound by Business Associate Agreements (BAAs) under HIPAA, legally requiring them to maintain the same high level of security and privacy that we do.
• Legal Requirements: We may disclose information if required by law, such as in response to a court order, subpoena, or other lawful government request.
• No Sale of Data: We state unequivocally that we do not and will not sell personal information or PHI to third parties for marketing, advertising, or any other purpose.

We implement robust technical, administrative, and physical safeguards to protect your data:

• Encryption: All data is encrypted both in transit (using TLS/SSL) and at rest in our databases.
• Access Controls: User access is role-based to ensure pharmacy staff can only see the information necessary to perform their jobs.
• Regular Audits: We conduct regular internal and external security assessments and vulnerability scanning to ensure the integrity of our platform.

As a user, you have rights regarding your data:

• Access and Correction: Patients have the right to access and request corrections to their information. This is typically done by contacting their pharmacy directly.
• Data Portability: The right to receive a copy of their data, which can be facilitated through their pharmacy.
• Deletion: The right to request the deletion of their account and data, subject to the pharmacy's legal and professional obligations to retain medical records for a specific period.

We may update this Privacy Policy from time to time. We will notify users of any material changes via email or a notification on our platform.

If you have any questions or concerns about this policy or our privacy practices, please contact us at: