0

Regulatory & Legal Information

Privacy Policy

Last Updated: June 19, 2026

1. Introduction & Regulatory Compliance

Apotheca, Inc. ("Apotheca," "we," "us," or "our") operates as a licensed pharmaceutical manufacturer, repacker, and wholesale distributor. We are committed to protecting the corporate, licensing, and personal information of our business partners. This Privacy Policy details how we collect, process, secure, and disclose information through our B2B online ordering portal (the "Portal").

Due to the nature of wholesale drug distribution, our data practices align with applicable state licensing board requirements, FDA GxP (Good Distribution/Manufacturing Practices) data integrity principles, and applicable healthcare security standards.

2. Information We Collect

To establish a B2B partner account and request wholesale pharmaceutical orders, we collect the following information:

  • Corporate Account Details: Legal business name, business entity type, doing-business-as (DBA) names, tax identifiers, and physical business operations addresses.
  • Regulatory Licensing Data: Professional medical license numbers (MD, DO, NP, RN), state pharmacy license numbers, DEA registration details, facility license numbers, and their respective states of license.
  • Contact Person Information: First and last name, business email address, phone number, and billing/shipping addresses.
  • Portal Usage & Ordering History: System logs capturing order request details (item codes, descriptions, quantities, and optional fulfillment notes), session audit logs (timestamps, authenticated user emails, and masked IP addresses).

3. How We Use Your Information

We process the collected data for the following essential B2B business and regulatory compliance purposes:

  • Credential Verification: Validating that billing and shipping accounts possess active, unrestricted licenses under state law to purchase wholesale prescription pharmaceuticals or medical devices.
  • Order Handling: Processing order inquiries and transferring requests into our offline Enterprise Resource Planning (ERP) billing and shipping system.
  • Audit & Compliance Logging: Maintaining immutable system records (audit trails) to demonstrate GxP compliance and verify order submission details for regulatory bodies.
  • Customer Support: Communicating with your designated staff regarding account access, regulatory verification updates, and order confirmations.
NOTE: Payment processing does not occur on this website. All financial transactions, billing cycles, and invoice clearing are handled securely off-line via our ERP system and authorized banking channels.

4. Data Security & GxP Integrity

Apotheca implements technical, administrative, and physical controls to secure account and ordering data in accordance with GxP and HIPAA security principles:

  • Session Protection: Authenticated sessions are secured using server-side session management, automated timeouts, and encrypted transport layers (HTTPS).
  • Direct Access Prevention: Sensitive directories and data files (including B2B ordering records and system logs) are protected at the server level via access control rules (such as .htaccess configuration files) that deny direct web access to prevent unauthorized data exposure.
  • Audit Trails: In compliance with FDA 21 CFR Part 11 electronic records regulations, all order inquiries, credential updates, and administrator modifications are logged in an append-only, immutable security log file (capturing user identifiers, timestamps, and masked IP coordinates) to ensure data traceability and prevent tampering.
  • Retention & Archive: All transaction records and logs are maintained securely in archival storage for the statutory retention periods mandated by state boards of pharmacy, the FDA, and the Drug Supply Chain Security Act (DSCSA).

5. Progressive Web App (PWA) Caching & Device Security

To optimize portal speed and guarantee offline accessibility to public-facing documentation, this website utilizes a Progressive Web App (PWA) service worker (sw.js) and local browser Cache Storage. Please review our local caching policies:

  • Cached Assets: The service worker caches static assets including HTML pages (such as the Home page, About page, Privacy Policy, and Terms of Service), CSS styling rules, system JavaScript utilities, and brand image assets. This allows key legal disclosures and reference pages to load immediately and remain viewable when offline.
  • Sensitive Data Exclusion: To comply with GxP and HIPAA security guidelines, no confidential partner account information, user passwords, session tokens, transaction details, or product order logs are ever written to or stored within the PWA's local browser cache.
  • Shared-Device Security Warning: Because the PWA registers on your device and may cache static navigation structures, accessing the B2B portal from public or shared workstations poses security risks. Users are strictly instructed to click "Log Out" at the end of every session, which clears active memory tokens. For maximum security on shared devices, users should also clear browser cache and storage upon session completion.

6. HIPAA Compliance & Protected Health Information (PHI) Exclusion

Apotheca operates strictly as a B2B wholesale pharmaceutical distributor. We do not provide patient care, nor do we host or manage patient health databases:

  • Exclusion of PHI: Our website and B2B ordering portal are not designed, intended, or authorized to receive, store, or transmit patient medical records or Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA).
  • User Restrictions: Licensed partners and site users are strictly prohibited from entering, submitting, or uploading any patient-identifying health information in any open-text fields, including order notes (e.g. fulfillment instructions), contact forms, or partner application forms. All submissions must be limited strictly to non-patient business, licensing, and corporate logistics details.
  • Business Associate Agreements (BAAs): Because Apotheca does not process, handle, or store PHI through this portal, Apotheca does not execute Business Associate Agreements for portal access.

7. Data Sharing & Third-Party Disclosure

We do not sell, trade, rent, or lease account or ordering data to third-party marketing networks. Data sharing is strictly limited to the following pathways:

  • Logistics & Fulfillment Partners: Sharing shipping addresses, contact names, and phone numbers with verified carriers (such as UPS Cold Chain or specialized freight lines) to ensure the safe delivery of products.
  • Regulatory Audits: Disclosing licensing and shipping logs to state boards of pharmacy, the FDA, or law enforcement agencies when legally required to verify compliance with the Drug Supply Chain Security Act (DSCSA) or controlled substance regulations.
  • Internal Processing: Sharing data among internal customer success, licensing, and compliance departments.

8. Not Medical Advice / B2B Only

This website and its Portal are intended solely for licensed healthcare providers, commercial facilities, and registered pharmacies. No content, product descriptions, or portal outputs constitute medical advice, diagnosis, or treatment.

9. Contact Information

For questions or updates regarding your account data, please contact us at:

Apotheca, Inc.
Phoenix, Arizona
Phone: (602) 252-5244
Email: customerservice@apotheca-inc.com