Privacy Policy

Effective date: 11/11/2025
Company: [PharmaInvoice Ltd] (“PharmaInvoice”, “we”, “us”, “our”)
Registered address: 19 glen road norton stourbridge
Contact: loujtromans@gmail.com

1) Scope

This policy explains how we collect, use, share, and protect personal data when you visit pharmainvoice.framer.website, use our web or mobile applications, connect your email to ingest invoices, or interact with us in any other way. It applies to customers, users, and website visitors.

2) Who we are and our roles

For account, billing, marketing, and website data we act as the Data Controller.
For invoice content and any data you send us from your systems, we generally act as the Data Processor, and process it on your instructions under a Data Processing Agreement (DPA).

3) What we collect

A) Data you provide

  • Account and profile: name, role, email, phone, password hash, MFA secrets.

  • Organisation details: pharmacy name, ODS code, addresses, supplier info, user permissions.

  • Billing: payment method, billing contact, VAT number, transaction history.

  • Support and sales: messages, call notes, feedback, and attachments.

B) Data we process on your behalf (processor role)

  • Invoices and attachments: supplier name, dates, product names, pack sizes, PIP codes or SKUs, quantities, unit and line prices, credits, delivery charges, VAT.

  • Email ingest metadata: sender, subject, timestamp, and the invoice files themselves when routed to us.

  • Market pricing inputs you upload or connect via third parties.

C) Data collected automatically

  • Product usage: features used, clicks, events, device and browser type, IP address, time zone, language.

  • Website analytics and cookies. See Cookies section.

D) Data from third parties

  • Identity or single-sign-on providers.

  • Payment processors.

  • Pricing data partners and public sources used to enrich market analytics.

We do not target or knowingly process children’s data.

4) How we use your data

Controller uses

  • Provide, secure, and maintain the service.

  • Authenticate users and prevent fraud or abuse.

  • Billing, account management, and customer support.

  • Product analytics to improve performance and usability.

  • Service communications and optional product updates or marketing (with opt-out).

Processor uses (on your instruction)

  • Parse and standardise invoice PDFs and emails.

  • Match products to market references and compute min/avg/max.

  • Track 7/14/30-day trends, detect surges, and forecast price movements.

  • Generate AI-assisted summaries and supplier switch suggestions.

  • Provide dashboards, exports, and API responses to your users and systems.

Aggregation and anonymisation

We may create aggregated or anonymised statistics for benchmarking and market insights. These outputs do not identify you or your patients and may be shared publicly or with customers.

5) Legal bases (UK/EU GDPR)

  • Contract: to deliver the service you requested.

  • Legitimate interests: service improvement, security, fraud prevention, and certain marketing to existing customers.

  • Consent: where required for optional cookies or marketing.

  • Legal obligation: to comply with laws and valid requests.

6) Email access and permissions

If you connect an email account, we only access what is needed to ingest supplier invoices or related credits and statements. You can disconnect at any time from your settings. We do not read unrelated personal emails.

7) Automated decision-making and AI features

Our analytics highlight overpaying, rising SKUs, supplier switch opportunities, and price forecasts. These are decision support features. They do not produce legal or similarly significant effects on individuals. You can always review and override suggestions.

8) How we share data

We share personal data only with:

  • Sub-processors that host, store, or process data to run the service. Current list: [link to sub-processor page].

  • Payment providers for billing.

  • Analytics and error monitoring vendors.

  • Professional advisers (legal, accounting, security).

  • Authorities where required by law or to protect rights, safety, or property.
    We do not sell personal data.

9) International transfers

Where data leaves the UK/EEA, we rely on adequacy decisions or Standard Contractual Clauses with the UK Addendum. Security and privacy obligations flow down to all sub-processors.

10) Security

We apply administrative, technical, and physical safeguards:

  • Encryption in transit and at rest.

  • Access controls with least privilege and MFA for staff.

  • Audit logging and monitoring.

  • Secure development practices and vulnerability management.

  • Regular backups and tested recovery procedures.
    No system is perfectly secure. You are responsible for keeping your credentials safe and managing your organisation’s user access.

11) Retention

  • Account, billing, and contract records: kept for the life of the account and for up to 7 years after closure to meet legal and tax requirements.

  • Invoice data we process for you: retained per your instructions or your contract settings.

  • Backups: time-limited per our backup schedule.
    We delete or anonymise data when no longer needed.

12) Your rights (UK/EU)

You may request:

  • Access to your personal data.

  • Rectification of inaccurate data.

  • Erasure in applicable cases.

  • Restriction or objection to certain processing.

  • Data portability.

  • Withdrawal of consent where processing relies on consent.

Submit requests to loujtromans@gmail.com. We may need to verify identity and will respond within one month. You can complain to the ICO at ico.org.uk, but please contact us first so we can help.

13) Cookies and similar technologies

We use necessary cookies to run the site, and optional analytics or advertising cookies with consent where required. You can manage preferences in our Cookie Banner or your browser.

Typical cookies we use:

  • Strictly necessary: session and security.

  • Analytics: product usage and website traffic.

  • Preferences: user settings.

  • Marketing (optional): only if we run campaigns and you consent.

See our Cookie Notice for a current list and lifetimes.

14) Third-party links

Our website may link to other sites. Their privacy practices are their own. Review their policies before sharing data.

15) Customer responsibilities

You are responsible for:

  • Lawful collection of any personal data you upload to PharmaInvoice.

  • Providing required notices to your staff and suppliers.

  • Choosing appropriate retention periods in your settings and contract.

  • Managing user access and single sign-on.

16) Changes to this policy

We will post updates on this page and adjust the effective date. Material changes may be notified by email or in-product messages.

17) Contact

Questions or requests: loujtromans@gmail.com

Annex: Short Cookie Notice:

We use cookies to make our site work and to improve it. Necessary cookies are always on. Analytics and marketing cookies are optional. Select “Accept all” to consent to all cookies or “Manage preferences” to choose. You can change your choice at any time in the footer. See our Cookie Notice for details.


Get Started

$666 USD

Get Started

$666 USD

Get Started

$666 USD