Skip to content
PPharmOS
Book a demo

Legal

Privacy Policy

Last updated: 17 May 2026

In short:

Your pharmacy data is yours. We store it in India. We do not sell it, do not share it with advertisers, and we will hand it back to you in a clean format any time you ask.

This Privacy Policy explains how Smart Desizns (“we”, “us”, “PharmOS”) collects, uses, stores, and shares information when you use the PharmOS website (pharmos.app) and the PharmOS pharmacy management software (the “Service”). This policy is governed by the Digital Personal Data Protection Act, 2023 of India (“DPDP Act”).

1. Information we collect

Account information

  • Name, email address, mobile number
  • Pharmacy/business name and address
  • GSTIN and drug licence numbers (for tax compliance and account validation)
  • Billing address and payment information (handled by our payment processor — we do not store card numbers)

Operational data

When you use the Service to run your pharmacy, the Service processes inventory and stock data; sales, purchase, return, and credit-note transactions; customer, supplier, and party-ledger information; employee/user account data; and reports/exports generated from the above. This operational data is your data, not ours.

Usage data

IP address, browser type, OS, pages visited, features used, error logs, performance metrics, device identifiers for mobile apps.

Marketing and lead data

If you submit a contact form or book a demo we collect your name, email, phone, pharmacy name, city, UTM parameters, referrer, and your communication history with our team.

2. How we use information

  • Provide, maintain, and improve the Service
  • Process payments and send invoices
  • Send transactional communications (account verification, password reset, drug-licence renewal alerts)
  • Send marketing communications (only if you opted in — you can unsubscribe at any time)
  • Detect, prevent, and address technical issues, fraud, or abuse
  • Comply with legal obligations (tax records, regulatory enquiries)
  • Consent — for marketing communications, certain analytics, and any data you voluntarily provide
  • Contract performance — to deliver the Service you purchased
  • Legal obligation — to comply with Indian tax, drug-licence, and other regulatory requirements
  • Legitimate use under DPDP — such as security, fraud prevention, and grievance redressal

4. Sharing and disclosure

We do not sell your personal data. We share data with service providers (hosting, email delivery, payment processing, analytics) under confidentiality contracts; with regulators in response to valid Indian legal orders; and in business transfers (merger, acquisition) subject to this policy.

5. Data location and transfer

All data is stored on servers physically located in India. Backups are stored in India. We do not transfer your personal data outside India.

6. Retention

  • Active account data — retained while your subscription is active
  • Operational data after cancellation — retained for 90 days post-cancellation for export, then permanently deleted
  • Billing and tax records — retained for 8 years per Indian tax law
  • Marketing and lead data — retained until you request deletion or 36 months of inactivity, whichever is sooner
  • Usage and analytics logs — retained for 13 months in identifiable form, then anonymised or deleted

7. Your rights under DPDP

  • Access — request a copy of the personal data we hold about you
  • Correction — request that we correct inaccurate or incomplete data
  • Erasure — request that we delete your personal data (subject to legal retention obligations)
  • Withdraw consent — withdraw consent at any time for marketing or analytics
  • Grievance redressal — contact our grievance officer if you believe we have not handled your data appropriately
  • Nomination — nominate another individual to exercise your rights in case of your incapacity or death

To exercise any of these rights, email privacy@pharmos.app. We respond within 30 days.

8. Pharmacy operational data — your ownership

The data you create while running your pharmacy on the Service is your data. We process this data on your instructions, in our capacity as a Data Processor for purposes of the DPDP Act. You can export it at any time in CSV, JSON, or SQL formats. We do not use your operational data to train AI/ML models or for any purpose other than providing the Service to you.

9. Cookies and analytics

  • Essential cookies — for login session, security, and core functionality. Required for the Service to work.
  • Analytics — we use Plausible Analytics (privacy-first, no cookies, no cross-site tracking).

We do not use Google Analytics, Facebook Pixel, or any cross-site advertising trackers.

10. Third-party processors

Hosting (India), Razorpay (payments), Plausible (analytics), transactional email provider, WhatsApp Business API (optional). Each is bound by a Data Processing Addendum. Material changes are communicated via email.

11. Security

  • TLS 1.3 for data in transit
  • AES-256 encryption at rest
  • Tenant-level data isolation
  • Role-based access control
  • Daily encrypted backups with 30-day retention
  • Audit logs of all administrative actions
  • Annual security audits by independent reviewers

12. Children’s data

The Service is not intended for individuals under 18. We do not knowingly collect personal data from children.

13. Changes to this policy

Material changes will be notified via email at least 30 days before taking effect. The “Last updated” date at the top reflects the most recent revision.

14. Grievance officer and contact

Grievance Officer: Smart Desizns Compliance Team
Email: privacy@pharmos.app
Response time: Within 30 days of receipt

This policy is governed by the laws of India. Any disputes are subject to the exclusive jurisdiction of courts in Delhi.