Aller au contenu
PharmEasy

Cette page n’est disponible qu’en anglais.

Voir en anglais

Legal

Privacy Policy

Last updated:

This Privacy Policy describes how PharmEasy (“PharmEasy”, “we”, “us”) collects, uses, stores, and protects information when you visit our website or use the PharmEasy pharmacy management software (the “Service”). PharmEasy is operated from Beirut, Lebanon.

We provide the Service to retail pharmacies in Lebanon and process personal data on their behalf. Each pharmacy that subscribes to PharmEasy is the data controller for its own customer and patient records; PharmEasy acts as a data processor for that data.

1. Information we collect

We collect the following categories of information:

  • Account information: name, email, phone, pharmacy name, role.
  • Pharmacy operational data: drug catalog, inventory, sales, purchases, suppliers, cash shifts, accounting entries, MoPH MediTrack submissions.
  • Customer and patient data entered by pharmacy staff: name, contact details, prescriptions, allergies, chronic conditions, and dispensing history.
  • Technical data: IP address, browser type, device identifiers, pages visited, and operational logs needed to run the Service securely.
  • Demo and contact requests submitted through public forms on this website.

2. How we use information

We use information to:

  • Operate, maintain, secure, and improve the Service;
  • Provide customer support and respond to inquiries;
  • Submit dispensing records to the Lebanese Ministry of Public Health (MoPH) MediTrack system as required by Lebanese pharmacy regulations;
  • Process payments and manage subscriptions;
  • Send service announcements and security notices;
  • Comply with applicable laws and regulatory requests.

We do not sell personal data. We do not use customer or patient data to train external machine-learning models.

3. Patient and customer health data

PharmEasy processes patient and customer health-related data on behalf of subscribing pharmacies, including prescriptions, allergies, chronic conditions, and clinical decision-support alerts. This data is treated as sensitive personal information, stored encrypted at rest, and accessible only to authorized users of the pharmacy that entered it. Cross-pharmacy access is not possible by design.

4. Cookies and tracking

We use cookies and similar technologies for:

  • Authentication: a session cookie set after sign-in, required for the Service to work.
  • Locale preference: a cookie (pharmeasy_locale) that remembers your chosen interface language.
  • Security: cookies that help prevent cross-site request forgery and detect abuse.

We do not use advertising cookies or third-party analytics that share data across sites.

5. Data sharing and processors

We share data only with sub-processors necessary to operate the Service, under written data-processing agreements:

  • Cloud infrastructure (Amazon Web Services, EU/Paris region);
  • Transactional email delivery providers;
  • Payment processors, when applicable;
  • The Lebanese MoPH MediTrack system, where transmission of dispensing data is required by law.

We do not sell, rent, or trade personal data to third parties for marketing.

6. Data residency and security

All PharmEasy production data is hosted on Amazon Web Services in the EU (Paris) region. Data is encrypted in transit (TLS 1.2 or higher) and at rest. Production databases are backed up daily with backups retained for 30 days and point-in-time recovery for the last 7 days. Access to production systems is limited to authorized PharmEasy engineers under audit logging.

7. Data retention

We retain personal data for as long as your pharmacy maintains an active subscription and for a reasonable period afterward to comply with legal, accounting, and regulatory obligations under Lebanese law. On request from a subscribing pharmacy, we will export and then delete that pharmacy's data, subject to records we are required to retain by law (for example, MediTrack submissions and accounting records).

8. Your rights

Depending on the law that applies to you, you may have the right to access, correct, delete, or export your personal data, and to object to or restrict certain processing. To exercise any of these rights, contact us at the address below or have your pharmacy administrator do so on your behalf.

9. Children

The Service is intended for use by licensed pharmacy staff. We do not knowingly collect personal information from anyone under the age of 18 directly; pharmacy records may contain dispensing history for minor patients only as recorded by the dispensing pharmacist.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced via email or an in-product notice at least 30 days before they take effect. The “Last updated” date at the top of this page always reflects the current version.

11. Contact

For privacy questions or to exercise your rights, contact us at hello@pharmeasy.app or by post: PharmEasy, Beirut, Lebanon.