Legal

Privacy Policy

Last updated: March 15, 2026

1. Introduction

This Privacy Policy describes how Seztech Inc. ("RxCompliant," "we," "us," or "our"), located in Plano, Texas, collects, uses, discloses, and protects information when you use our prescription verification platform, website at rxcompliant.com, APIs, widgets, and related services (collectively, the "Service").

Given the nature of our Service, we process prescription documents and related health information. We take the privacy and security of this data extremely seriously and have implemented safeguards consistent with HIPAA (Health Insurance Portability and Accountability Act) standards.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name and email address
  • Company name and website URL
  • Billing information (processed securely by Stripe; we do not store full card numbers)
  • API keys and integration configuration

2.2 Prescription Documents (Protected Health Information)

When customers of our merchant clients upload prescription documents through the RxCompliant widget, we collect:

  • The prescription document file (image or PDF)
  • Prescriber information extracted by our AI (name, NPI number, DEA number if present)
  • Patient name as it appears on the prescription
  • Prescription date and any expiration date
  • AI analysis results including confidence scores
  • NPI registry verification results

2.3 Technical Information

We automatically collect:

  • IP address (anonymized after 30 days)
  • Browser type and version
  • Device information
  • Pages visited and actions taken
  • API request logs (endpoint, timestamp, response code)

3. How We Use Your Information

  • Prescription verification: To analyze uploaded documents using AI, verify prescriber credentials via the NPI federal registry, and provide approval/rejection decisions.
  • Service operation: To provide, maintain, and improve the Service, including the merchant dashboard, API, and widget.
  • Communication: To send transactional emails (upload alerts, approval notifications), account notices, and optional product updates.
  • Compliance: To maintain audit logs required for regulatory compliance.
  • Analytics: To understand usage patterns and improve the Service. We use aggregated, de-identified data for analytics.

4. Data Storage and Security

4.1 Prescription Document Storage

All prescription documents are stored in Cloudflare R2 object storage with the following security measures:

  • Private buckets: No public URLs. Documents are never accessible via a direct link.
  • Pre-signed URLs: When a merchant needs to review a prescription, we generate a time-limited pre-signed URL that expires after 15 minutes.
  • Encryption at rest: All files are encrypted at rest using AES-256 encryption.
  • Encryption in transit: All data transfers use TLS 1.2 or higher.

4.2 Database Security

  • Application database is encrypted and access-controlled.
  • Passwords are hashed using bcrypt with a minimum cost factor of 12.
  • API keys are hashed and only the prefix is stored in plaintext for identification.
  • Database backups are encrypted.

5. HIPAA Awareness

While RxCompliant is not a Covered Entity under HIPAA, we recognize that the prescription documents processed through our platform may constitute Protected Health Information (PHI). We have implemented administrative, technical, and physical safeguards consistent with HIPAA Security Rule standards, including:

  • Access controls and audit logging for all PHI access
  • Encryption of PHI at rest and in transit
  • Automatic session timeouts and secure authentication
  • Employee training on data handling procedures
  • Incident response procedures for potential data breaches

For Business plan customers, we offer a Business Associate Agreement (BAA) upon request. Contact compliance@rxcompliant.com for details.

6. Data Retention

  • Prescription documents: Retained for 7 years from the date of upload unless the merchant requests earlier deletion, consistent with most state prescription record retention requirements.
  • AI analysis data: Retained for the same period as the associated prescription document.
  • Account data: Retained for the duration of the account plus 30 days after deletion.
  • API logs: Retained for 90 days, then archived for 1 year.
  • IP addresses: Anonymized after 30 days.

Merchants may request deletion of specific prescription records through the dashboard or by contacting support. Deletion requests are processed within 30 days, subject to legal retention requirements.

7. Data Sharing and Disclosure

We do not sell, rent, or trade personal information or prescription data. We may share data with:

  • Service providers: Cloudflare (hosting and storage), Stripe (billing), and email delivery services, under data processing agreements.
  • AI processing: Prescription documents are processed by Anthropic's Claude AI for analysis. Documents are processed in accordance with Anthropic's data processing terms and are not used for model training.
  • NPI Registry: Prescriber NPI numbers are verified against the publicly available NPPES federal database.
  • Legal requirements: We may disclose information if required by law, subpoena, court order, or government request.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate information
  • Request deletion of your account and associated data
  • Export your data in a machine-readable format
  • Opt out of marketing communications
  • Object to processing of your data for certain purposes

To exercise these rights, contact us at privacy@rxcompliant.com.

9. Cookies and Tracking

We use essential cookies for authentication and session management. We do not use third-party advertising trackers. We may use privacy-respecting analytics to understand usage patterns.

10. Children's Privacy

Our Service is designed for businesses and is not directed at individuals under 18. We do not knowingly collect information from children. If a prescription uploaded through the widget belongs to a minor, it is processed solely for the purpose of prescription verification on behalf of the merchant.

11. International Data Transfers

Our services are hosted in the United States. If you are accessing the Service from outside the United States, please be aware that your data will be transferred to, stored, and processed in the United States.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice on our website. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Seztech Inc.
Plano, Texas
Email: privacy@rxcompliant.com
General: support@rxcompliant.com