Privacy Policy

We collect information necessary to provide prescription verification and dispensing services. This includes:

• Account information: Name, email address, professional registration numbers (for clinicians and admin reviewers), and authentication credentials.
• Prescription data: Patient name, date of birth, prescribed medications, dosages, prescribing clinician details, and clinical notes submitted through the platform.
• Usage data: Log data including IP addresses, browser type, pages visited, and timestamps to maintain security and improve our service.
• Device information: Device identifiers used for multi-factor authentication and push notification delivery.

We use collected information to:

• Verify prescriptions using our AI analysis pipeline (powered by Google Gemini 2.5 Pro via Vertex AI within our GCP project).
• Facilitate human clinical review of AI-generated safety analyses.
• Match prescriptions with partner pharmacies for dispensing.
• Enable patients to track the status of their prescriptions.
• Send notifications about prescription status changes via email and push notifications.
• Process payments between patients, pharmacies, and the platform.
• Maintain platform security, detect fraud, and comply with legal obligations.

We do not use patient data for advertising, marketing to third parties, or any purpose unrelated to prescription verification and dispensing.

All data is stored on Google Cloud Platform infrastructure located within the United Kingdom and European Union. We implement industry-standard security measures including:

• AES-256 encryption for data at rest.
• TLS 1.3 encryption for all data in transit.
• Role-based access controls with multi-factor authentication for all staff access.
• Regular security audits and penetration testing.
• Automated backup and disaster recovery procedures.

All AI processing is performed within our Google Cloud Platform project via Vertex AI. Patient data is not shared with external AI services or used for model training.

We share data with the following categories of third parties, strictly as necessary to provide our services:

• Partner pharmacies: Prescription details necessary for dispensing, shared only after verification is complete.
• Payment processors: Stripe processes payments on our behalf. Stripe's privacy policy governs their handling of payment data.
• Cloud infrastructure: Google Cloud Platform hosts our services. Data processing agreements are in place to ensure GDPR compliance.

We do not sell, rent, or trade personal data to any third party. We do not share data with third-party AI providers for model training or any other purpose.

Under the UK GDPR and the Data Protection Act 2018, you have the following rights regarding your personal data:

• Right of access: Request a copy of all personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your data, subject to legal retention requirements for clinical records.
• Right to restrict processing: Request that we limit how we use your data.
• Right to data portability: Receive your data in a structured, machine-readable format.
• Right to object: Object to processing of your data in certain circumstances.

To exercise any of these rights, please contact us using the details below. We will respond to all requests within 30 days.

We retain prescription and clinical data for a minimum of 8 years in line with NHS records management guidelines. Account data is retained for as long as your account is active, plus 2 years after deletion to comply with regulatory requirements.

Usage logs and analytics data are retained for 12 months and then anonymised or deleted. Payment records are retained for 7 years as required by HMRC.

If you have questions about this privacy policy or wish to exercise your data protection rights, please contact us:

Email: privacy@doses.ai

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been infringed.