Privacy Policy
Last updated: April 22, 2026
1. Information We Collect
ClaraRx collects only the information necessary to provide and improve our pharmacy management services. This includes contact details submitted through our website (name, email, phone, pharmacy name), usage data generated within the platform, and protected health information (PHI) processed on behalf of our pharmacy customers under Business Associate Agreements.
2. How We Use Your Information
We use collected information to operate and maintain the ClaraRx platform, respond to demo requests and support inquiries, comply with applicable healthcare regulations (HIPAA, HITECH), improve the security and reliability of our services, and fulfill our contractual obligations to pharmacy customers.
3. Data Security
All data is encrypted at rest using AES-256 (via managed PostgreSQL encryption, pgcrypto, and S3 server-side encryption) and in transit using TLS 1.2+. We maintain per-customer database isolation — no shared tenancy. Access is controlled through role-based permissions with row-level and field-level security enforced at the database layer. Secrets are managed centrally via Infisical with no credentials stored in code.
4. Data Retention
We retain customer data for the duration of the service agreement and as required by applicable law and regulation. PHI is retained in accordance with HIPAA and state-level requirements. Upon contract termination, customer data is securely deleted or returned per the terms of the Business Associate Agreement.
5. Third-Party Services
ClaraRx integrates with third-party services solely to deliver core platform functionality — including claims clearinghouses (Powerline, Change Healthcare), clinical data providers (First Databank), shipping carriers (via Shippo), and identity providers (Google Workspace, Microsoft Azure AD). All third-party integrations are subject to contractual data protection obligations.
6. Your Rights
You may request access to, correction of, or deletion of your personal information by contacting us. For PHI inquiries, please contact your pharmacy provider directly, as ClaraRx processes PHI on their behalf as a Business Associate.
7. Compliance
ClaraRx maintains compliance with HIPAA, HITECH, and is pursuing SOC 2 Type II certification. Our security controls are documented and mapped across all trust service criteria. We conduct regular security assessments and maintain comprehensive audit logging of all system activity.
8. Contact
For privacy-related questions or requests, please reach out via our contact form or email us at privacy@clararx.com.