Infrastructure and Hosting

Clara Rx currently utilizes cloud-based infrastructure providers and operational vendors to support application hosting, database services, communications, network protection, and related operational functions.

Our infrastructure providers may include:

• Fly.io
• Xata
• Amazon Web Services (AWS)
• Cloudflare

Infrastructure configurations, providers, and operational architectures may change periodically based on operational, security, compliance, performance, or business requirements.

HIPAA-Oriented Safeguards

Clara Rx provides software services that may involve the processing of Protected Health Information (“PHI”) on behalf of specialty pharmacies and healthcare organizations.

Our operational safeguards are designed to support healthcare privacy and security requirements and may include:

• Role-based access controls
• Authentication and authorization controls
• Audit logging
• Session management controls
• Infrastructure monitoring
• Operational logging
• Data access restrictions
• Security review processes
• Incident response procedures

Customers remain responsible for determining the appropriateness of their use of the services and for managing their own legal and regulatory compliance obligations.

Access Controls and Authentication

Clara Rx maintains authentication and access control procedures designed to limit access to authorized users and systems.

Security measures may include:

• Secure authentication workflows
• Session management controls
• Role-based permissions
• Access restrictions
• Account provisioning controls
• Logging and audit capabilities
• Administrative access controls

Customers are responsible for managing authorized user access within their environments, including timely removal of access for former personnel or unauthorized users.

Monitoring and Operational Security

Clara Rx may monitor systems, infrastructure, authentication activity, platform usage, network activity, and related operational events as necessary to maintain service reliability, operational integrity, platform security, and compliance obligations.

Monitoring activities may include:

• Infrastructure monitoring
• Authentication monitoring
• Security event logging
• Audit logging
• Error tracking
• Operational alerting
• Performance monitoring

Encryption and Data Protection

Clara Rx utilizes safeguards designed to protect information during transmission and storage. Security controls may include encryption technologies, secure communication protocols, access restrictions, and related technical safeguards.

Specific security implementations and operational configurations may vary based on service architecture, operational requirements, customer configurations, and infrastructure providers.

Incident Response

Clara Rx maintains operational processes intended to support identification, investigation, containment, remediation, and response to security incidents affecting the services or supporting infrastructure.

Response procedures may include:

• Incident investigation
• Operational containment measures
• Security remediation activities
• Internal escalation procedures
• Customer notifications where required by applicable law or contractual obligations

Service Availability and Reliability

Clara Rx strives to maintain reliable and secure services; however, uninterrupted availability cannot be guaranteed. Service availability may be affected by maintenance, infrastructure events, third-party provider outages, internet disruptions, security incidents, or other operational circumstances.

Third-Party Providers

Clara Rx utilizes third-party infrastructure, communications, payment processing, security, and operational vendors in connection with the services we provide.

Additional information regarding subprocessors and operational vendors may be found at: Subprocessors

Security Contact

Questions regarding Clara Rx security or compliance practices may be directed to: support@clararx.com