IQRA PharmaNet
← Back

Privacy Policy

IQRA PharmaNet — SaaS Platform

Last Updated: June 2026

Effective Date: June 2026



1. Introduction


IQRA Clinical AI Systems ("we", "us", "Company") operates IQRA PharmaNet. This Privacy Policy explains how we collect, use, protect, and share information about pharmacies ("Pharmacy Users") and their customers ("End Users") who use our platform.


This policy complies with:

  • Information Technology Act, 2000 (India)
  • Digital Personal Data Protection Act, 2023 (DPDPA)
  • Applicable rules under Drugs and Cosmetics Act, 1940


    • 2. Information We Collect


    2.1 Pharmacy Registration Data

  • Pharmacy name, address, city, area
  • Owner name, mobile number, email
  • Drug License number and expiry date
  • GSTIN (optional)
  • Subdomain chosen

    • 2.2 Operational Data (entered by pharmacy)

  • Medicine inventory, prices, expiry dates
  • Supplier information
  • Sales transactions and bills
  • Customer names and phone numbers
  • Prescription uploads (PDF/images)
  • Staff accounts

    • 2.3 Customer Data (via customer portal)

  • Customer name, phone number
  • Delivery address
  • Order history
  • Saved medicines (favourites)

    • 2.4 Technical Data

  • IP address at login
  • Browser and device type
  • Login timestamps
  • API usage logs

    • 2.5 Payment Data

  • Payment method (UPI, card)
  • Transaction reference numbers
  • We do NOT store full card numbers — payments are processed by Razorpay


    • 3. How We Use Your Information


    | Purpose | Legal Basis |

    |---------|------------|

    | Providing the pharmacy management service | Contract performance |

    | Sending subscription invoices | Legal obligation (GST) |

    | WhatsApp order notifications | Consent (you provide customer numbers) |

    | Security and fraud prevention | Legitimate interest |

    | Service improvement and analytics | Legitimate interest |

    | Legal compliance | Legal obligation |



    4. Data Storage and Security


    4.1 Storage Location

  • Data is stored on servers located in India (or EU-compliant servers)
  • Database backups are encrypted

    • 4.2 Security Measures

  • Passwords are hashed using Werkzeug PBKDF2-SHA256
  • HTTPS encryption for all data in transit
  • Database access restricted to application only
  • Regular automated backups
  • Session timeout after 30 minutes of inactivity

    • 4.3 Retention

    | Data Type | Retention Period |

    |-----------|-----------------|

    | Active account data | Duration of subscription |

    | Post-cancellation data | 30 days (for export) |

    | Billing records | 7 years (GST compliance) |

    | Audit logs | 2 years |

    | Prescription images | 3 years (Drugs Act compliance) |



    5. Sharing of Information


    We do NOT sell your data. We share data only with:


    | Recipient | Purpose | Data Shared |

    |-----------|---------|-------------|

    | Razorpay | Payment processing | Billing details only |

    | WhatsApp (Meta) | Order notifications | Phone + message only |

    | Cloud hosting provider | Infrastructure | Encrypted server data |

    | Legal authorities | If legally required | As required by law |



    6. Patient/Customer Data Responsibilities


    6.1 Pharmacy Users are the Data Fiduciary for their customers' data.


    6.2 We act as the Data Processor on your behalf.


    6.3 You are responsible for:

  • Obtaining customer consent for data collection
  • Informing customers their data is stored on IQRA PharmaNet
  • Responding to customer data requests

    • 6.4 Prescription data is treated as sensitive personal data and protected accordingly.



    7. Your Rights (DPDPA 2023)


    You have the right to:

  • **Access** your data — export anytime from settings
  • **Correct** incorrect data
  • **Delete** your account and data
  • **Data portability** — export as CSV/PDF
  • **Withdraw consent** — cancel subscription anytime
  • **Grievance redressal** — contact our Data Protection Officer


    • 8. Cookies


    We use minimal cookies for:

  • Session authentication (essential — cannot be disabled)
  • CSRF protection (security — cannot be disabled)

    • We do not use tracking or advertising cookies.



    9. Children's Privacy


    Our service is not intended for persons under 18. We do not knowingly collect data from minors.



    10. Changes to This Policy


    We will notify you 15 days before material changes via email. Continued use constitutes acceptance.



    11. Contact and Grievance Officer


    Data Protection Officer

    IQRA Clinical AI Systems

    Email: privacy@iqraclinicalai.com


    Grievance Officer (DPDPA)

    Email: grievance@iqraclinicalai.com

    Response time: Within 30 days


    Privacy Policy · Terms & Conditions · Refund Policy · Disclaimer