Privacy Policy

Last updated: April 2026

FaxBackRx ("we", "us", "our") operates a prescription clarification fax service for independent pharmacists. This Privacy Policy explains how we collect, use, and protect information about our users and their patients.

1. Information We Collect

Pharmacy Account Information

• Pharmacy name, NPI number, address, and phone/fax numbers
• Pharmacist name and license number
• Email address and encrypted password
• Stripe customer ID (for billing - we do not store full payment details)

Prescriber Directory

• Prescriber name, NPI, fax number, phone, practice name
• This information is entered by you and used only to send fax clarifications

Fax Request Data (Protected Health Information)

Patient information entered into clarification requests (name, date of birth, Rx number, medication details) constitutes Protected Health Information (PHI) under HIPAA. This data:

• Is transmitted only via encrypted fax to the prescriber you specify
• Is stored in an encrypted database accessible only to your pharmacy account
• Is NEVER included in server logs or error reports
• Is retained for your records and audit trail purposes

2. HIPAA Compliance

FaxBackRx is designed to support HIPAA compliance for covered entities:

• Minimum Necessary: We collect only the PHI needed to generate and send the clarification fax
• Encryption in Transit: All data transmitted to/from FaxBackRx is encrypted via HTTPS and TLS
• Encryption at Rest: The database containing PHI is encrypted at rest
• Access Controls: JWT authentication ensures only your pharmacy account can access your data
• Audit Trail: All actions are logged (without PHI) in an audit log table
• BAA Available: We will execute a Business Associate Agreement upon request

3. How We Use Your Information

• To generate and transmit clinical clarification faxes to prescribers you specify
• To provide your tracking dashboard and account features
• To process subscription billing through Stripe
• To send automated follow-up faxes on your behalf
• To maintain security and prevent fraud

We do not sell, rent, or share your data or your patients' PHI with any third parties for marketing purposes.

4. Third-Party Services

• SRFax: Healthcare-grade encrypted fax service used to transmit your clinical faxes. SRFax is HIPAA compliant.
• Stripe: Payment processing. We transmit billing email and receive customer/subscription IDs. No payment card data is stored by FaxBackRx.

5. Data Retention

Fax request records are retained for a minimum of 6 years to support HIPAA audit requirements. You may request data deletion by contacting us, subject to applicable legal obligations.

6. Your Rights

You have the right to access, correct, or request deletion of your account data. Contact us at [email protected]. Note that PHI in fax records may be subject to retention requirements.

7. Security

We implement industry-standard security measures including encrypted storage, secure authentication, rate limiting, and regular security reviews. No system is 100% secure - please use strong passwords and keep your credentials confidential.

8. Changes to This Policy

We may update this Privacy Policy. We will notify you of significant changes by email or via in-app notice.

9. Contact

For privacy questions or to request a BAA: [email protected]