Privacy Policy

Our Commitment to Your Privacy

At Mediyaam, we understand that your pharmacy handles sensitive patient information daily. Your trust is paramount, and we're committed to protecting the privacy and security of all data processed through our platform. This Privacy Policy explains how we collect, use, store, and safeguard your information when you use our Pharmacy ERP software.

1. Information We Collect

1.1 Information You Provide to Us

Account Information: When you register for Mediyaam, we collect your pharmacy name, business address, contact details, license numbers, and authorized user information including names, email addresses, and phone numbers.

Patient Data: Our system processes patient information necessary for pharmacy operations, including names, contact details, prescription information, medication histories, insurance details, and health-related data. We act as a data processor on your behalf and never claim ownership of this data.

Transaction Data: We collect information about purchases, inventory management, supplier interactions, billing records, and payment processing details to facilitate your pharmacy operations.

Support Communications: When you contact our support team, we maintain records of your inquiries, feedback, and our responses to provide better service and improve our platform.

1.2 Information Collected Automatically

Usage Data: We automatically collect information about how you interact with Mediyaam, including features used, time spent on different modules, search queries, and system performance metrics.

Device Information: We collect device identifiers, browser types, operating systems, IP addresses, and network information to ensure compatibility and security.

Cookies and Tracking: We use essential cookies for authentication and session management. Analytics cookies help us understand usage patterns to improve our service. You can control cookie preferences through your browser settings.

2. How We Use Your Information

2.1 Service Delivery

We use your information to:

• Provide and maintain the Mediyaam ERP platform
• Process prescriptions, manage inventory, and facilitate billing
• Generate reports and analytics for your pharmacy operations
• Ensure regulatory compliance and maintain audit trails
• Facilitate integrations with insurance providers, suppliers, and healthcare systems

2.2 Communication

We may contact you to:

• Send important service updates, security alerts, and system notifications
• Provide customer support and respond to your inquiries
• Share product updates, new features, and educational content (you can opt-out anytime)
• Conduct user surveys to improve our services

2.3 Platform Improvement

We analyze aggregated, de-identified data to:

• Enhance platform performance and user experience
• Develop new features based on user needs
• Identify and fix technical issues
• Conduct research to improve pharmacy workflow efficiency

3. Data Security & Compliance

3.1 Security Measures

We implement industry-leading security practices:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access controls ensure users only see data relevant to their responsibilities
• Authentication: Multi-factor authentication (MFA) available for all user accounts
• Infrastructure: Data hosted on secure, SOC 2 Type II certified cloud infrastructure
• Monitoring: 24/7 security monitoring and intrusion detection systems
• Backups: Automated daily backups with point-in-time recovery capabilities

3.2 HIPAA Compliance

Mediyaam is designed to support HIPAA compliance for covered entities. We:

• Sign Business Associate Agreements (BAAs) with healthcare providers
• Implement administrative, physical, and technical safeguards required by HIPAA
• Maintain detailed audit logs of all system access and data modifications
• Conduct regular security risk assessments and vulnerability testing
• Train our staff on HIPAA privacy and security requirements

3.3 Data Retention

We retain your data as follows:

• Active Accounts: Data retained for the duration of your subscription
• Regulatory Requirements: Prescription and transaction records maintained per local pharmacy regulations (typically 3-7 years)
• Account Deletion: Upon request, we delete your data within 30 days, except where legal retention is required
• Backups: Deleted data may persist in encrypted backups for up to 90 days before permanent deletion

4. Data Sharing & Disclosure

4.1 We Never Sell Your Data

We do not and will never sell, rent, or trade your personal information or patient data to third parties for marketing purposes.

4.2 Service Providers

We share data with trusted service providers who help us operate our platform:

• Cloud Hosting: Secure data storage and infrastructure management
• Payment Processors: Secure payment processing for subscriptions
• Analytics Services: Aggregated, de-identified usage analytics
• Customer Support Tools: To provide efficient technical support

All service providers are contractually bound to protect your data and use it only for specified purposes.

4.3 Healthcare Integrations

With your explicit authorization, we may share data with:

• Insurance companies for claims processing and verification
• Healthcare providers for prescription verification and patient care coordination
• Pharmaceutical suppliers for inventory management
• Regulatory bodies for compliance reporting

4.4 Legal Requirements

We may disclose information when required by law, such as:

• Responding to valid legal processes (subpoenas, court orders)
• Protecting our rights, property, or safety, or that of our users
• Investigating fraud or security incidents
• Complying with regulatory audits and investigations

5. Your Rights & Choices

5.1 Access & Portability

You have the right to:

• Access all data stored in your Mediyaam account
• Export your data in standard formats (CSV, JSON, PDF)
• Request a copy of your data for migration purposes

5.2 Correction & Deletion

You can:

• Update or correct inaccurate information directly in the platform
• Request deletion of your account and associated data
• Modify user permissions and access controls

5.3 Communication Preferences

You control your communication preferences:

• Opt-out of marketing emails while still receiving critical service notifications
• Customize notification settings within your account
• Unsubscribe links included in all marketing communications

5.4 Data Processing Objections

You may object to certain data processing activities. Contact us at privacy@mediyaam.com to discuss your concerns.

6. International Data Transfers

If you're located outside our primary operating region, your data may be transferred to and processed in countries where our servers are located. We ensure appropriate safeguards are in place through:

• Standard Contractual Clauses approved by relevant authorities
• Compliance with applicable data protection frameworks
• Equivalent security measures regardless of data location

7. Children's Privacy

Mediyaam is designed for use by licensed pharmacies and healthcare professionals. Our platform is not intended for individuals under 18 years of age. While pharmacies may process prescriptions for minors, we do not knowingly collect personal information directly from children.

8. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will:

• Notify you of material changes via email and in-app notifications
• Update the "Last Updated" date at the top of this policy
• Provide a 30-day notice period before significant changes take effect
• Maintain an archive of previous policy versions upon request

9. Contact Us

We're here to address your privacy concerns and questions:

Email: privacy@mediyaam.com
Data Protection Officer: dpo@mediyaam.com
Support: support@mediyaam.com
Phone: Available through your account dashboard
Response Time: We aim to respond to all privacy inquiries within 48 hours

10. Additional Resources

For more information about data protection and your rights:

• Security Practices: Visit our Security Center for detailed technical documentation
• HIPAA Information: Review our HIPAA Compliance Guide
• Data Processing Agreement: Available for enterprise customers
• Incident Response: Our security incident response procedures are documented in your admin portal