Last Updated: January 1, 2025
Protecting your privacy is important to us. This Privacy Policy explains how Pharmalytics LLC (“Pharmalytics,” “We,” “Us”) collects, uses, and discloses information through the Pharmalytics Platform and Services. This Privacy Policy does not apply to any third-party websites, services, or applications, even if they are accessible through our Platform. Unless otherwise defined here, capitalized terms have the same meanings as in our Terms of Use.
Revisions to this Privacy Policy
Any information collected through our Services is governed by the Privacy Policy in effect at the time of collection. We may revise this Privacy Policy periodically. Material changes will be communicated through updates posted on the Platform or by direct communication, and the ‘Last Updated’ date will be modified accordingly.
Collection and Use of Information
We collect information to provide, maintain, and improve our Services. The types of information we may collect include:
- Email address
• First and last name
• Contact information
• Payment information (credit/debit card details for paid services)
• Usage data, including access logs and feature interaction data
Information Sharing and Disclosure
Pharmalytics LLC does not sell your personal information. We may share limited information only as described below:
- With Service Providers: Information may be shared with trusted contractors and vendors who support our business operations.
- Payment information may be shared with financial institutions solely for transaction processing.
- With Third Parties: We may share aggregated or anonymized information for research, analytics, and industry benchmarking. We may also share information as permitted by law with service providers bound by confidentiality obligations.
- In Business Transactions: In the event of a merger, acquisition, or sale of assets, user information may be transferred to a successor entity.
- For Legal Compliance and Protection: We may disclose information when necessary to comply with applicable laws, enforce our rights, respond to legal requests, or protect the safety of Pharmalytics LLC, our users, or the public.
- Pharmalytics does not disclose pharmacy-specific, prescriber-specific, or dispensing-pattern data to PBMs, wholesalers, manufacturers, or regulatory bodies unless: (1) explicitly authorized in writing by the Covered Entity, or (2) required by applicable law. Pharmalytics does not independently report pharmacies for compliance review, CSMP escalation, suspicious order monitoring, or diversion investigation.
- SMS opt-in or phone numbers for the purpose of SMS are not being shared with any third party and affiliate company for marketing purposes.
- Pharmalytics maintains a list of subprocessors and will provide it upon request. Pharmalytics will notify customers 30 days before adding or materially changing subprocessors handling PHI.
- For a full list of our service providers please contact your representative.
Your Choices
You have choices regarding how we collect, use, and share your information. Declining to provide requested information may limit access to certain features.
• Opt-Out: We may send newsletters or promotional communications from time to time. You may opt out of these communications by following the unsubscribe link provided. However, certain service or legal communications (such as updates to these Terms or billing notifications) are mandatory and cannot be opted out of.
Security of Your Information
Pharmalytics LLC employs reasonable administrative, physical, and electronic safeguards to protect your data from unauthorized access, disclosure, or misuse. Sensitive data transmitted through the Platform is encrypted using SSL or equivalent technologies.
Despite these precautions, no method of transmission or storage is completely secure, and Pharmalytics LLC cannot guarantee absolute protection. We disclaim liability for damages arising from unauthorized access or security breaches beyond our control.
All analytics involving PHI are performed solely on behalf of the Covered Entity in accordance with the Business Associate Agreement. Pharmalytics does not use identifiable PHI for its own business purposes.
Pharmalytics does not knowingly provide services to any person located in the EU or UK. If you are located in the EU or UK, do not use the Pharmalytics Platform.
Pharmalytics operates as a Business Associate and handles PHI exclusively under HIPAA-authorized purposes as defined in the Business Associate Agreement.
Data Retention
Pharmalytics retains personal information only for as long as necessary to fulfill the purposes for which it was collected, including the provision of the Pharmalytics Platform, compliance with legal and regulatory obligations, maintaining business and financial records, resolving disputes, securing our systems, and enforcing our agreements. Retention periods vary by data type and are based on:
- The nature and sensitivity of the information
- HIPAA requirements and state pharmacy regulations
- Statutory limitations periods for legal claims
- Operational needs and security requirements
- Contractual obligations with Covered Entities and customers
PHI retention is dictated solely by the Covered Entity. Pharmalytics does not retain PHI beyond the period required to perform contracted services unless retention is required by applicable law. All PHI retention, deletion, and archival instructions are executed according to the Covered Entity’s documented
directives under the Business Associate Agreement.
Unless a longer retention period is required by law, Pharmalytics generally retains:
- Account information (name, email, profile data): For the duration of the account + up to 7 years thereafter
- Usage logs and device data: 1–3 years, depending on security and audit requirements
- Payment and transaction records: 7 years, as required by financial regulations
- Communications with support: 1–3 years
- Backup and disaster recovery archives: For the life of the backup cycle, typically 30–180 days, and not individually deletable
Pharmalytics may retain de-identified or aggregated information indefinitely, provided it does not contain personal information and cannot reasonably be re-identified.
Data Destruction
When personal information is no longer needed and the retention period has expired, Pharmalytics securely deletes or destroys the information in accordance with:
- HIPAA’s administrative, physical, and technical safeguard standards
- NIST SP 800-88 guidelines for data destruction (or successor standards)
- FTC disposal rules
- Industry standards for secure deletion
Destruction methods may include secure wiping, cryptographic erasure, or permanent removal from active and backup systems. When destruction is infeasible—such as in immutable system logs or backup archives—Pharmalytics continues to maintain the data under the same administrative, technical, and physical safeguards required for active data.
Inability to Immediately Delete Backup Copies
Some personal information may persist in encrypted backups or disaster recovery archives that cannot be practically isolated or modified. In such cases, Pharmalytics retains these backups only for system integrity and disaster recovery, and continues to protect them under the same HIPAA-grade controls until they are automatically overwritten or destroyed according to our backup lifecycle schedule.
Legal Holds
If required for litigation, investigations, regulatory requests, or legal compliance, certain data may be preserved beyond its normal retention period until the hold is lifted.
No Professional Advice
Pharmalytics provides data analytics, reports, dashboards, and insights for informational purposes only. Pharmalytics does not provide medical, legal, regulatory, compliance, or business advice. All decisions regarding dispensing, prescriber actions, inventory, controlled-substance compliance, CSMP preparation, or regulatory reporting are solely the responsibility of the pharmacy and its licensed personnel. Pharmalytics does not guarantee compliance with federal or state law.
Phishing Warning
‘Phishing’ is a fraudulent attempt to obtain personal information. Pharmalytics LLC will never request your password, username, or personal details through unsolicited or insecure communications. If you receive suspicious messages claiming to be from Pharmalytics, do not respond or click any links.
Links to Other Sites
The Pharmalytics Platform may contain links to third-party websites or services not operated by Pharmalytics LLC. Any information you provide to such third parties is subject to their own privacy policies. Pharmalytics LLC is not responsible for the privacy, security, or content practices of these third-party services. We recommend reviewing their privacy policies before sharing personal information.
Questions or Concerns
If you have any questions or concerns about this Privacy Policy, please contact us at:
Pharmalytics LLC
1725 W Dr Martin Luther King Jr Blvd, Suite 101
Tampa, FL 33607
Phone: 813-807-5290