← Back to sign-in

Privacy Policy

Last updated: June 2026

1. Overview

Santa Rosa Commercial Investment, Inc. (SRCI Pharm-Route) respects your privacy and is committed to protecting personal and protected health information (PHI) entrusted to us by the pharmacies we serve and their patients. This Privacy Policy describes what data we collect, how we use it, and your choices.

2. Information we collect

To deliver prescription orders we collect:

  • Patient details — name, address, phone, prescription items (PHI under HIPAA)
  • Pharmacy details — name, address, contact info
  • Driver / staff details — name, email, role, vehicle plate
  • Delivery data — GPS coordinates of stops, signature image, POD photos, timestamps
  • Payment info — Square transaction references (we never store full card numbers)

3. HIPAA compliance

We act as a Business Associate to the participating pharmacies. PHI is handled in accordance with the Business Associate Agreement (BAA) executed with each pharmacy. Access is restricted to authorized personnel on a need-to-know basis and logged in our audit system.

4. How we use information

  • To plan, dispatch, and complete prescription deliveries
  • To notify patients and pharmacies of delivery status via SMS/email
  • To generate proof-of-delivery (POD) records the pharmacy may need for audits
  • To bill participating pharmacies for completed deliveries

We do not sell, rent, or trade your information. We do not use PHI for marketing.

5. Third-party services

We use the following processors strictly for the purposes above:

  • Google Maps — address geocoding and route planning
  • OSRM — driving-distance computation
  • Twilio — SMS delivery notifications (when configured)
  • Gmail / Google Workspace — invoice and notification emails
  • Square — credit-card payment processing for invoices
  • MongoDB Atlas — encrypted database hosting

Each provider is contractually bound to safeguard data they process on our behalf.

6. Data retention

We retain PHI and delivery records for the longer of (a) the period the pharmacy requires for its own regulatory record-keeping (typically 7 years), or (b) the period required by federal/state law. After this period the data is securely deleted.

7. Your choices

  • You may text STOP at any time to opt out of SMS notifications.
  • You may request a copy or correction of your PHI by contacting your pharmacy.
  • You may request deletion of your account-level data by emailing us directly.

8. Security

All data is transmitted over HTTPS (TLS 1.2+), encrypted at rest, and access-controlled via JWT-based authentication with role-based permissions (Super Admin, Dispatcher, Pharmacy Staff, Driver).

9. Children

Our service is not directed to children under 13. We do not knowingly collect data from anyone under 13.

10. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the latest revision. Material changes will be communicated to participating pharmacies.

11. Contact

Privacy questions or HIPAA-related requests? Email santarosacommercial@gmail.com.

This is a starter template. Have your legal counsel review and customize before going live.

Made with Emergent