R
RxRecon Pro
Log In Get Started
← Back to Home

Privacy Policy

Effective Date: January 1, 2025 · Last Updated: January 1, 2025

RxRecon Pro ("we", "us", "our", or the "Company") is committed to protecting your privacy and the privacy of your patients. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our pharmacy reconciliation and audit intelligence platform ("Service"). By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

1. Information We Collect

We collect several categories of information to provide, maintain, and improve the Service:

1.1 Account Information

When you register for an Account, we collect:

  • Your name, email address, and phone number;
  • Your pharmacy's corporate name, DBA (doing business as), address, and contact information;
  • Your pharmacy's DEA registration number and NPI (National Provider Identifier);
  • Your pharmacy management system (PMS) vendor and version;
  • Your chosen username and encrypted password credentials;
  • Billing information including payment method details (processed securely through our payment processor).

1.2 Uploaded Operational Data

As part of the core functionality of the Service, you upload pharmacy operational data including:

  • Dispensing reports and prescription records from your pharmacy management system;
  • Wholesaler and distributor invoice files (Kinray, Cardinal, McKesson, ABC/Cencora, Smith, etc.);
  • Insurance claim and reimbursement data;
  • Patient name, date of birth, prescription details, and insurance information contained within dispensing reports;
  • Prescriber information including NPI and DEA numbers;
  • NDC (National Drug Code) data, medication names, strengths, and package sizes;
  • Controlled substance schedule classifications and inventory records.

Important: All data uploaded to the offline dashboard version of the Service is processed entirely within your local browser and is never transmitted to our servers. For the cloud-hosted version, data is encrypted during transmission and storage.

1.3 Usage Data

We automatically collect information about how you interact with the Service:

  • Log files including IP addresses, browser type, operating system, and device identifiers;
  • Features accessed, reports generated, and buttons clicked;
  • Timestamps of login, logout, and data upload activities;
  • Error logs and diagnostic data to help us improve the Service;
  • Session duration and navigation patterns within the platform.

1.4 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to maintain your session state, remember your preferences, and analyze usage patterns. These cookies are essential for the functioning of the Service and are not used for third-party advertising or behavioral tracking. You may disable cookies through your browser settings, but this may limit your ability to use certain features of the Service.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide the Service: Processing dispensing records, reconciling wholesaler invoices, generating audit reports, and performing analytics are the core functions of the platform. We use your uploaded data solely for these purposes.
  • To maintain and improve: We analyze usage patterns and error logs to identify bugs, improve performance, and develop new features. This analysis uses aggregated, de-identified data whenever possible.
  • To communicate with you: We use your contact information to send service-related notifications, security alerts, billing information, and product updates. You may opt out of non-essential communications at any time.
  • To ensure security: We monitor login patterns and access logs to detect unauthorized access, fraud, and security threats.
  • To comply with legal obligations: We may process your data as required by applicable laws, regulations, court orders, or legal processes.

3. How We Protect Your Information

We implement a comprehensive, multi-layered security program to protect your data:

  • Encryption at rest: All data stored on our servers is encrypted using AES-256, the industry-standard encryption algorithm.
  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3.
  • Access controls: Role-based access control (RBAC) ensures that users can only access data they are authorized to view. Multi-factor authentication (MFA) is available and strongly recommended for all accounts.
  • Audit logging: We maintain comprehensive logs of all data access, modifications, and administrative actions for compliance and forensic purposes.
  • Regular security assessments: We conduct annual penetration testing, vulnerability assessments, and security code reviews by independent third-party auditors.
  • Employee training: All personnel with access to PHI undergo annual HIPAA and security awareness training.
  • Physical security: Our cloud infrastructure is hosted in SOC 2 Type II certified data centers with 24/7 physical security, biometric access controls, and redundant power and connectivity.

4. How We Share Your Information

We do not sell, rent, or trade your information to third parties for marketing or advertising purposes. We share information only in the following limited circumstances:

  • Service Providers: We engage trusted third-party vendors to perform functions on our behalf, such as payment processing, cloud hosting, and email delivery. These providers are contractually bound to maintain the confidentiality and security of your data and are permitted to use it only for the specific services they provide to us.
  • Legal Compliance: We may disclose information if required to do so by law, subpoena, court order, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, property, or safety, or that of our users or the public.
  • Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of the transaction. We will notify you via email and/or a prominent notice on our website before your information becomes subject to a different privacy policy.
  • With Your Consent: We may share information with third parties when you have given us explicit consent to do so.

5. Data Retention

We retain your data for as long as your Account is active or as needed to provide the Service to you. After Account termination or cancellation, we retain your data for a period of seven (7) years to comply with applicable healthcare record-keeping regulations (including federal and state pharmacy laws), after which all PHI and operational data will be permanently deleted from our systems. Backup data may be retained for up to 90 days after deletion for disaster recovery purposes, after which it is also permanently purged.

Usage data, log files, and aggregated analytics are retained for up to 3 years for security, compliance, and product improvement purposes.

6. Your Rights and Choices

Depending on your jurisdiction and the nature of your data, you may have the following rights:

  • Access: You can request a copy of the personal information we hold about you.
  • Correction: You can update or correct your Account information at any time through your Account dashboard.
  • Deletion: You can request deletion of your Account and associated data. We will comply within 30 days, subject to legal retention requirements.
  • Export: You can export your data, including all uploaded reports and generated analytics, at any time through the Service.
  • Opt-out: You can opt out of non-essential communications by updating your notification preferences or contacting us directly.
  • Restriction: You can request that we restrict the processing of your data in certain circumstances.

To exercise any of these rights, please contact us at privacy@rxreconpro.com. We will respond to all requests within 30 days.

7. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will take steps to delete such information promptly. If you believe we may have collected information from a child, please contact us immediately.

8. International Data Transfers

Our servers are located in the United States. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer. We comply with applicable data protection laws regarding international transfers, including the use of Standard Contractual Clauses where required.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Service functionality. We will notify you of material changes by posting the updated policy on our website and sending notice to the email address associated with your Account. We encourage you to review this Privacy Policy periodically. The "Last Updated" date at the top of this page indicates when the policy was last revised.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

RxRecon Pro Privacy Office
Email: privacy@rxreconpro.com
Address: 197 State Route 18S, East Brunswick, NJ 08816
Phone: (877) 912-8348

← Back to Home
© 2025 RxRecon Pro. All rights reserved.