How we collect, use, store, and protect your information. We take patient data seriously and aim to be transparent about what happens to it.
Last updated: June 7, 2026 · Version 1.0
Plain-language summary
We store your account info, medication list, and pharmacist case messages on Google Firebase (a HIPAA-eligible cloud platform). We never sell your personal health information. You can delete your account at any time. AI processing of your messages passes through Anthropic, which has its own privacy practices.
Comply with legal obligations, such as records required by professional pharmacy regulations
We do not use your personal health information for advertising, and we do not sell it to data brokers, insurers, or marketers.
3. AI processing and third parties
Many features of PharmD.AI use large language models (LLMs) to generate responses. The current AI provider we use is Anthropic (the company that develops the Claude family of models). When you ask a question, send a message, or upload a photo for analysis, the relevant text and image data is transmitted to Anthropic's API to generate a response.
Anthropic has its own privacy and data handling policies, available at anthropic.com/legal/privacy. As of this writing, Anthropic states that API content is not used to train their models by default. However, we are not able to make legal warranties about Anthropic's practices — you should review their policies yourself if this matters to you.
Practical advice: do not share information you would not want processed by an AI service, such as Social Security numbers, financial account numbers, or extremely sensitive personal narratives. Our service does not need that data and you should not provide it.
Other third-party services we rely on include:
Google Firebase — cloud database and authentication (HIPAA-eligible)
Google Translate — on-page translation if you switch languages
Google Analytics 4 — aggregate usage statistics (no individual-level identification)
Your account information, medication list, allergies, and case communications are stored on Google Firebase (Firestore), a HIPAA-eligible cloud platform that uses encryption in transit (TLS) and at rest. Access to your records is controlled by Firestore security rules — only you (when signed in to your account) and our authorized licensed pharmacists can read your records.
Passwords are not stored in plain text. We use Firebase Authentication, which manages password hashing on its end.
While we take reasonable measures to secure your data, no online service can guarantee 100% security. We strongly recommend that you use a strong unique password, keep your account credentials private, and contact us immediately if you suspect unauthorized access.
5. When we share information
We share your personal information only in limited situations:
With our licensed pharmacists on the platform, so they can read and respond to your questions
With service providers who help us operate the platform (Firebase, Anthropic, Google, EmailJS, Hostinger), under their respective privacy commitments
For legal reasons, when required by law, court order, or to protect the safety of users or the public
In a business transfer — if PharmD.AI is acquired or transferred to another entity, your data may transfer with the service (we will notify you in advance of any material change)
We do not sell your personal health information. We do not share your data with advertisers, data brokers, or marketers for advertising purposes.
6. Your rights and choices
You have several rights regarding your data:
Access your data: sign in to your portal at any time to view your medication list, case history, and account information
Correct your data: edit your medications, allergies, and account information directly in the portal
Delete your account: request account deletion via your portal settings, or email admin@pharmdai.com. We will delete your account and associated data within 30 days, unless we are required by law to retain certain records (such as pharmacist case logs for professional documentation purposes)
Export your data: email us to request a copy of your data in a machine-readable format
Opt out of analytics: use a browser extension that blocks Google Analytics, or use private/incognito mode
Withdraw consent: stop using the service at any time, with or without deleting your account
Residents of California, the EU, or other jurisdictions with specific privacy laws may have additional rights, such as the right to data portability or the right to object to certain processing. To exercise these rights, contact us at admin@pharmdai.com.
7. How long we keep data
We retain personal information for as long as your account is active, plus a reasonable period to satisfy legal, professional documentation, or legitimate operational requirements. Specifically:
Account information and medication records: retained while your account is active; deleted within 30 days of account deletion request
Pharmacist case communications: retained for a period required by professional pharmacy standards (typically several years) for documentation purposes, even after account deletion. This is so we have a record of the clinical advice given, in case it is later questioned
Usage and analytics data: aggregated and retained indefinitely in anonymized form
Backup copies: may persist in our backups for up to 90 days after deletion before being overwritten
8. Cookies and analytics
We use cookies and similar technologies to keep you signed in, remember your language preference, and collect aggregate usage statistics through Google Analytics 4 (GA4). The cookies we use include:
Authentication cookies — set by Firebase to keep you signed in
Preference cookies — e.g. pharmd_lang to remember your language choice
Analytics cookies — set by Google Analytics to measure traffic, page views, and user flow in aggregate
You can disable cookies in your browser settings, but doing so may break sign-in and other features. You can also use browser extensions to block analytics scripts.
9. Children's privacy
PharmD.AI is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided information to us, please contact us at admin@pharmdai.com and we will delete the information.
Users between 13 and 18 should use the service only with the involvement of a parent or guardian.
10. Changes to this policy
We may update this privacy policy as our service evolves or as required by law. When we make material changes, we will notify you through the platform and update the "Last updated" date at the top of this page. Continued use of PharmD.AI after a material update constitutes acceptance of the updated policy.
11. Contact us
If you have questions about this privacy policy or about how we handle your information, you can reach us at: