How Pharmacyp handles your data.
Pharmacyp is a SaaS clinical decision support tool for prescribers. This page explains what data we collect, how we protect it, and the obligations users accept when entering data into the product.
Effective May 18, 2026
A clinical decision support tool. The prescriber decides.
Pharmacyp is a web-based clinical decision support (CDS) product for licensed prescribers and authorized clinical staff. It surfaces guideline-backed drug–drug interaction and pharmacogenomic context alongside the citation that backs every flag. Pharmacyp is not currently integrated with any electronic health record system and is not a substitute for clinical judgment — the prescriber retains full responsibility for every prescribing decision.
Account, usage, and the clinical inputs you provide.
- Account data — the name, institution, professional role, and email address you provide when you create a clinician account.
- Clinical inputs — the medication lists, CYP genotypes, and case context you enter into Pharmacyp to receive an analysis. These are stored against your account so you can revisit prior analyses.
- Usage telemetry — which findings were viewed, request latency, and error logs. Used to operate and improve the product. We do not use any third-party advertising or product-analytics SDK at this time.
Use synthetic or de-identified inputs only.
Users must not enter real, identifying patient health information (PHI) into Pharmacyp. The product is currently a standalone web tool: it is not under a Business Associate Agreement, is not configured as a HIPAA-covered service, and is not certified as a system of record for protected health information. Patient cases entered into Pharmacyp should use synthetic or properly de-identified data.
This requirement is part of how Pharmacyp is used appropriately today. As the product matures toward EHR integration and formal covered-entity status, this section will be updated and account holders notified before any change in data handling.
Encrypted at rest and in transit. Limited access.
Application data is stored in a managed Postgres database (Supabase), encrypted at rest and in transit. Access to the production environment is limited to the Pharmacyp engineering team on a least-privilege basis. The per-finding clinical formatter is backed by Anthropic’s Claude API, which receives only the structured rule-engine output for the finding being formatted — no free-form chat, no broader account context, and never any data beyond what is needed to generate the citation-grounded summary for that finding.
No sale, no ad sharing, no external model training.
- We do not sell your data to anyone.
- We do not share account or usage data with advertisers.
- We do not use account or clinical input data to train external machine learning models.
- We do not route data through third parties beyond the named infrastructure providers above.
Only what authentication requires.
Pharmacyp uses a session cookie issued by Supabase to keep clinician accounts signed in. We do not use third-party product analytics or advertising cookies at this time. If we add analytics in the future, this page will be updated and account holders will be notified.
Access, correction, and deletion on request.
You may request access to, correction of, or deletion of your account data at any time by emailing the contact below. We will respond within a reasonable period and confirm in writing once the requested action is complete.
Privacy and data inquiries.
For any question about this policy or about how Pharmacyp handles data, contact filipemburmester@gmail.com.
We will notify account holders of material changes.
Material changes to this policy will be communicated by email to account holders before they take effect. The effective date at the top of this page is updated each time the policy is revised.