Privacy Policy

Information you provide directly:

• Account information: Email address and authentication credentials when you create an account
• Query history: Drug names, interaction queries, and research questions you submit to our AI assistant
• Patient profiles (optional): Medication lists stored locally on your device for personalized analysis
• Feedback and support: Communications you send to us

Information collected automatically:

• Usage data: Pages visited, features used, query patterns (anonymized)
• Technical data: Browser type, device information, IP address (for security and rate limiting)
• Performance data: Response times, error logs (anonymized)

We use collected information for the following purposes:

• Service delivery: Process drug interaction queries, generate pharmacokinetic models, and provide AI-powered research assistance
• Service improvement: Analyze usage patterns to improve accuracy and user experience
• Security: Detect and prevent abuse, fraud, and unauthorized access
• Communication: Send service updates, security alerts, and (with consent) product news
• Compliance: Meet legal obligations and respond to lawful requests

We do NOT:

• Sell your personal information to third parties
• Use your data for targeted advertising
• Share your medication queries with pharmaceutical companies
• Create profiles for marketing purposes

Third-party AI providers and their locations:

• Anthropic (Claude AI): United States - Primary AI provider for drug interaction analysis and research queries. Subject to US privacy laws.
• OpenAI (GPT-4): United States - Fallback AI provider. Subject to US privacy laws.
• Google (Gemini): United States - Alternative AI provider. Subject to US privacy laws.
• xAI (Grok): United States - Alternative AI provider. Subject to US privacy laws.

What data is sent overseas:

• Your drug interaction queries and research questions
• Context from your conversation (within the same session)
• No personal identifiers (name, email) are included in AI queries

Safeguards:

• All data transmission uses TLS 1.3 encryption
• AI providers are contractually bound to protect data
• Anthropic, OpenAI, and Google have SOC 2 Type II certifications
• We use API-only access (your data is not used to train models)

By using PharmaGraphX, you consent to the overseas transfer of your query data as described above. If you do not consent, you may use the curated database features without AI chat functionality.

We implement robust security measures to protect your information:

• Encryption: All data in transit uses TLS 1.3; sensitive data at rest uses AES-256
• Authentication: JWT-based authentication with secure session management
• Rate limiting: Distributed rate limiting to prevent abuse
• Access controls: Principle of least privilege for all system access
• Monitoring: Real-time security monitoring and anomaly detection
• Local storage: Patient medication profiles are stored locally on your device, encrypted, and never transmitted to our servers unless you explicitly use AI features

Database-free architecture: We intentionally do not store user data in a central database. Your chat history is stored locally in your browser. This minimizes the data we hold and reduces breach risk.

You have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your account and associated data
• Data portability: Export your data in a machine-readable format
• Withdraw consent: Opt out of non-essential data processing

How to exercise your rights:

Contact us at privacy@pharmagraphx.com with your request. We will respond within 30 days (or 45 days for complex requests). We may verify your identity before processing requests.

Local data: Since most user data is stored locally in your browser, you can delete it directly through your browser settings (clear site data for pharmagraphx.com).

In the event of a data breach that is likely to result in serious harm to affected individuals, we will:

• Notify the Office of the Australian Information Commissioner (OAIC) within 72 hours of becoming aware of the breach (as required under the Notifiable Data Breaches scheme)
• Notify affected individuals as soon as practicable with details of the breach and recommended protective actions
• For EU users, notify relevant supervisory authorities under GDPR requirements
• Document the breach, our response, and lessons learned

We use minimal cookies necessary for service operation:

• Essential cookies: Authentication tokens, session management, CSRF protection
• Preference cookies: Theme settings, language preferences (stored locally)
• Analytics (optional): If enabled, anonymized usage statistics via privacy-focused analytics (PostHog) with no personal data collection

We do NOT use third-party advertising cookies or cross-site tracking.

PharmaGraphX is intended for use by healthcare professionals, researchers, and adult students. We do not knowingly collect personal information from children under 16 (or 13 in some jurisdictions). If you believe we have inadvertently collected such information, please contact us immediately at privacy@pharmagraphx.com.

We may update this privacy policy from time to time. We will notify you of material changes by:

• Posting the updated policy on this page with a new effective date
• Sending an email notification to registered users (for significant changes)
• Displaying a prominent notice on our platform

Your continued use of PharmaGraphX after changes take effect constitutes acceptance of the updated policy.

For privacy-related inquiries, requests, or complaints:

External complaints:

If you are not satisfied with our response, you may lodge a complaint with:

• Australia: Office of the Australian Information Commissioner (OAIC) -www.oaic.gov.au
• EU: Your local Data Protection Authority