Privacy Policy

1. Introduction

PharmaSmart ("we", "our", or "us") operates a cloud-based pharmacy management system that helps pharmacies in Zambia manage their inventory, sales, patients, and operations. This Privacy Policy applies to all users of our system including pharmacy owners, staff members, and system administrators.

By using PharmaSmart, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use our services.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide when:

• Registering Your Pharmacy: Business name, owner name, email address, phone number, physical address, business registration details
• Creating User Accounts: Username, full name, email, phone number, role (owner/pharmacist)
• Using the System: Inventory data, sales records, supplier information, branch details
• Patient Management: Patient names, contact information, prescription history (if using Standard or Premium plans)
• Payment Information: Payment proofs, transaction references, mobile money details

2.2 Automatically Collected Information

When you use PharmaSmart, we automatically collect:

• Usage Data: Login times, features accessed, actions performed
• Device Information: IP address, browser type, operating system
• Performance Data: Page load times, errors, system performance metrics
• Audit Logs: User actions, data modifications, security events

2.3 Information We Do NOT Collect

• Credit card numbers or banking passwords
• Social security numbers or national IDs
• Health information beyond what you enter in patient records
• Personal browsing history outside our system

3. How We Use Your Information

We use the collected information for:

3.1 Service Delivery

• Providing pharmacy management functionality
• Processing sales and inventory management
• Managing user accounts and access control
• Enabling offline functionality through PWA

3.2 Payment Processing

• Managing subscriptions and billing
• Processing payment approvals
• Generating invoices and receipts
• Tracking subscription status and renewals

3.3 System Improvement

• Analyzing usage patterns to improve features
• Identifying and fixing technical issues
• Developing new features based on user needs
• Optimizing system performance

3.4 Communication

• Sending subscription renewal reminders
• Notifying about system updates or maintenance
• Responding to support requests
• Sending important security notifications

3.5 Security and Compliance

• Preventing fraud and unauthorized access
• Maintaining audit logs for security
• Complying with legal obligations
• Enforcing our terms of service

4. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data is encrypted in transit using HTTPS/SSL
• Access Control: Role-based permissions ensure only authorized users can access data
• Data Isolation: Each pharmacy's data is completely isolated from others
• Audit Logs: All access and modifications are logged for security
• Regular Backups: Daily automated backups to prevent data loss
• Secure Authentication: Password hashing and session security
• Server Security: Firewall protection and regular security updates

Note: While we implement strong security measures, no system is 100% secure. We cannot guarantee absolute security of your data.

5. Data Sharing and Disclosure

5.1 We DO NOT Sell Your Data

We will never sell, rent, or trade your personal information or pharmacy data to third parties.

5.2 When We May Share Information

We may share limited information only in these circumstances:

• Service Providers: Hosting providers (for server infrastructure) and email services (for notifications)
• Legal Requirements: When required by law, court order, or government regulations
• Business Transfers: In the event of a merger, acquisition, or sale of assets (with notice to users)
• With Your Consent: When you explicitly authorize us to share information

5.3 Data Not Shared

• Patient records are never shared without explicit authorization
• Sales data and financial information remain confidential
• Inventory details and supplier information are protected

6. Your Rights and Choices

You have the following rights regarding your information:

6.1 Access and Correction

• View all data stored in your account
• Update or correct inaccurate information
• Export your data in a portable format

6.2 Data Deletion

• Request deletion of your pharmacy account
• Delete specific records (patients, suppliers, etc.)
• Right to be forgotten (within legal constraints)

6.3 Opt-Out Rights

• Unsubscribe from marketing emails
• Disable non-essential notifications
• Reject cookies (may affect functionality)

6.4 Account Closure

You may close your account at any time. Upon closure, we will:

• Disable access to your account within 24 hours
• Delete your data within 30 days (except what we must retain for legal/accounting purposes)
• Provide a final data export if requested before deletion

7. Data Retention

We retain your information for as long as necessary to provide services and comply with legal obligations:

• Active Accounts: Data retained while your subscription is active
• Closed Accounts: Data deleted 30 days after account closure
• Legal Requirements: Financial and tax records retained for 7 years (Zambian law)
• Audit Logs: Security logs retained for 90 days
• Backup Data: Backups automatically purged after 90 days

8. Patient Data Protection

Patient information (available in Standard and Premium plans) receives special protection:

• Consent: You are responsible for obtaining patient consent before entering their information
• Access Control: Only authorized pharmacy staff can access patient records
• Data Isolation: Patient data is isolated per pharmacy
• Confidentiality: We never share patient information without authorization
• Retention: Patient records are retained according to Zambian health regulations

Important: As the pharmacy owner, you are responsible for complying with patient privacy laws and obtaining necessary consents.

9. Cookies and Tracking

We use cookies and similar technologies for:

• Authentication: Keeping you logged in
• Preferences: Remembering your settings
• Security: Preventing fraud and unauthorized access
• Analytics: Understanding how the system is used (anonymized)

You can disable cookies in your browser, but this may affect system functionality, particularly the login and offline features.

10. Third-Party Services

PharmaSmart uses the following third-party services:

• Hosting Provider: For server infrastructure (data stored in secure data centers)
• Email Service: For sending notifications and password resets
• CDN Providers: For faster loading of libraries (Bootstrap, etc.)

These providers have access only to information necessary to perform their functions and are obligated to maintain confidentiality.

11. International Data Transfers

Your data is primarily stored on servers in [Specify Location]. If data is transferred internationally, we ensure appropriate safeguards are in place to protect your information in accordance with Zambian data protection requirements.

12. Children's Privacy

PharmaSmart is a business application not intended for children under 18. We do not knowingly collect information from minors. If you believe we have inadvertently collected information from a minor, please contact us immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or for legal/regulatory reasons. We will notify you of significant changes by:

• Email notification to your registered address
• Prominent notice in the system
• Updating the "Last Updated" date at the top of this policy

Continued use of PharmaSmart after changes constitutes acceptance of the updated policy.

14. Contact Us

15. Governing Law

This Privacy Policy is governed by the laws of the Republic of Zambia. Any disputes arising from this policy will be resolved in accordance with Zambian law and jurisdiction.