This Privacy Policy describes how Rx Contract IQ collects, uses, and shares information about you when you use our platform and services.
Table of Contents
We collect information you provide when you register for an account, use our platform, or communicate with us, including name, email address, job title, firm name, uploaded PBM proposal documents, and payment information processed through our PCI-compliant payment processor.
We automatically collect log data (IP address, browser type, pages visited, timestamps), device information, usage data about features accessed, and performance data to monitor service reliability.
We use collected information to provide and improve our services, manage accounts, deliver customer support, conduct analytics, send service communications, comply with legal obligations, and detect and prevent fraud. We do not sell your personal information, and we do not use uploaded PBM proposal data for any purpose other than providing your requested analysis.
We share information only with trusted service providers under strict data processing agreements, in connection with business transfers (with notice), when required by law, to protect rights and safety, or with your explicit consent. We never sell personal data to third parties.
We retain personal information while your account is active or as needed to provide services. You may request deletion at any time by contacting [email protected]. Certain data may be retained longer as required by law. Aggregated, anonymized data may be retained indefinitely.
We implement AES-256 encryption at rest, TLS 1.3 in transit, role-based access controls, and regular third-party security assessments. No method of transmission is 100% secure; you are responsible for maintaining the confidentiality of your credentials.
Depending on your jurisdiction, you may have rights to access, correct, delete, or port your personal information, and to object to or restrict certain processing. Submit requests to [email protected]. We respond within 30 days.
To the extent our services involve Protected Health Information (PHI) as defined under HIPAA, we operate as a Business Associate and maintain safeguards consistent with HIPAA's Privacy and Security Rules. We execute Business Associate Agreements (BAAs) with applicable customers upon request. PHI is encrypted at rest and in transit, access is role-controlled, and full audit logs are maintained.
We use essential cookies (required for authentication and session management), analytics cookies (to understand platform usage), and preference cookies (to remember settings). You can control cookie preferences through your browser; disabling certain cookies may affect platform functionality.
Our platform is not directed to individuals under 18. If you believe we have inadvertently collected information from a minor, contact [email protected] and we will promptly delete such information.
We may update this Privacy Policy from time to time. We will notify you of material changes by email or platform notice at least 30 days before they take effect. Continued use after the effective date constitutes acceptance.
For questions about this policy or our data practices, contact our Privacy Team: