Legal

Privacy Policy

Effective date: January 1, 2025 · Last updated: January 1, 2025

1. Overview

Pill4Me Pharmacy Inc. (“Pill4Me”, “we”, “our”) is committed to protecting the privacy of your personal and health information. This policy describes how we collect, use, disclose, and safeguard information when you use our website (pill4.me), patient portal, and pharmacy services. We comply fully with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable BC privacy legislation.

2. Information we collect

Prescription transfer requests: Your name, phone number, and current pharmacy name. No account required.

Patient portal accounts: Your email address, medication history (synced from our pharmacy system, WinRx), prescription records, delivery preferences, and appointment history.

Blister pack signups: Your name, phone number, email (optional), and approximate number of medications.

Automatically collected: IP address (hashed for rate limiting — not stored in identifiable form), browser type, and pages visited. We do not use third-party advertising trackers.

3. How we use your information

  • To provide pharmacy services, including prescription transfers, refills, and delivery
  • To operate and secure your patient portal account
  • To communicate order and delivery status via SMS or email
  • To comply with legal and regulatory requirements (College of Pharmacists of BC, Health Canada)
  • To prevent fraud and abuse of our services (rate limiting)

We do not use your health information for marketing purposes, sell it to third parties, or share it for any purpose unrelated to your care.

4. Data storage and security

All patient data is stored in Canadian data centres (AWS ca-central-1 — Montreal, Canada). Data is encrypted at rest (AES-256) and in transit (TLS 1.3). Access to patient records is governed by Row-Level Security policies that ensure only you (or pharmacy staff with a legitimate purpose) can access your records.

5. Third-party services

Supabase: Database and authentication (stores personal data in ca-central-1)

Twilio: SMS notifications for transfer status and delivery updates

Clover: Payment processing (we do not store card numbers — Clover is PCI-DSS compliant)

WinRx (ARI Systems): Pharmacy management system — holds your prescription records

6. Your rights

Under PIPEDA, you have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Request deletion of your personal information (subject to legal retention requirements)
  • Withdraw consent to certain uses (note: this may limit our ability to provide services)

To exercise these rights, email privacy@pill4.me with the subject line “Privacy Request”. We will respond within 30 days.

7. Contact

Pill4Me Pharmacy Inc.

5625 Promontory Rd Unit 101, Chilliwack, BC V2R 4M5

Privacy Officer: privacy@pill4.me