Privacy Policy
CMRxpert Health, Inc.
Last Updated: February 27, 2025
Table of Contents
1 Introduction
This Privacy Policy describes how CMRxpert Health, Inc. (“CMRxpert,” “we,” “our,” or “us”) collects, uses, discloses, stores, and protects personal information in connection with the CMRxpert mobile application, related websites, and other online properties (collectively, the “Platform”).
It applies to your use of our pharmacy, telemedicine, and related healthcare services (collectively, the “Services”). By creating an account on the Platform or otherwise accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.
2 Scope of Services
Our Services may include, without limitation:
3 Eligibility & Use by Minors
The Services are intended for individuals who are 18 years of age or older.
Minors may use the Services only with the consent and active supervision of a parent or legal guardian. The parent or legal guardian is responsible for the minor’s use of the Services. Parents or guardians may request deletion of a minor’s information by contacting us at:
Subject line: “Removal of Minor Information”
4 Information We Collect
We may collect the categories of information described below, depending on how you use the Platform and Services.
A. Personal Information
B. Health & Medical Information Sensitive Data
When you use our telemedicine and pharmacy-related Services, we may collect health and medical information, including:
We do not collect national identity numbers (such as CNIC).
C. Payment Information
We may collect transaction records, billing details, and related information. Payment card details are processed by third-party payment processors using their secure systems and are not stored on our servers.
D. Device & Usage Information Auto-Collected
E. Marketing & Analytics Information Future
If and when marketing and analytics features are enabled, we may collect information about your interaction with advertisements or promotional content, engagement metrics, usage trends, and inferences drawn from your use of the Platform to improve or personalize Services.
5 How We Collect Information
We may collect information from the following sources:
Directly from you
When you create an account, update your profile, upload prescriptions, participate in consultations, place orders, or contact customer support.
Automatically
Through cookies, software development kits (SDKs), and other tracking and analytics technologies implemented in the Platform.
From healthcare providers & pharmacies
With your authorization, for purposes such as fulfilling prescriptions or supporting consultations.
From payment processors
To confirm and reconcile transactions and payments.
6 How We Use Your Information
We use personal information for the purposes set out below and as otherwise permitted or required by applicable law.
Healthcare & Pharmacy Services
Scheduling consultations, reviewing prescriptions, performing medication reviews, and providing clinical updates to patients and providers.
Account Management & Support
Creating and administering accounts, verifying identity, responding to inquiries, and communicating about your use of the Services.
Payments & Fraud Prevention
Processing payments, maintaining transaction records, preventing fraud and abuse, and managing chargebacks and billing disputes.
Legal & Compliance
Complying with healthcare, data protection, and financial laws; responding to legal processes; enforcing our terms and policies.
Marketing & Service Improvement (If Enabled)
Sending promotional communications (subject to your consent), analyzing and improving platform performance, and developing new features. You may opt out of marketing communications at any time using the unsubscribe mechanism or by contacting us (see Section 18).
7 Telemedicine & Health Data Protection
Health and medical information is treated as Sensitive Personal Data and receives enhanced protections. Such information is:
Used only for purposes related to telemedicine consultations, prescriptions, pharmacy services, and healthcare operations.
Shared only with licensed healthcare professionals (e.g., doctors, nurses, and pharmacists), authorized pharmacies, and other parties involved in providing healthcare services to you.
Protected through appropriate administrative, technical, and physical safeguards.
We do not sell identifiable health or medical data.
8 Pharmacy Marketplace Future Functionality
If CMRxpert operates a marketplace in the future, we may facilitate transactions between you and licensed third-party pharmacies through the Platform. Prescription and order-related information will be disclosed to such pharmacies solely to fulfill your requests. Partner pharmacies will be required, through contractual obligations, to implement appropriate privacy and security measures to protect your information.
9 Delivery Partners Future Functionality
If we engage third-party delivery partners to deliver medications or products, we may share limited information necessary for delivery, such as your name, phone number, and delivery address. Delivery partners will not receive access to your medical history, consultation notes, or other detailed health information.
10 Cookies & Tracking Technologies
We may use cookies, mobile identifiers, and similar tracking technologies on the Platform to:
You may manage or disable cookies and tracking tools through your browser or device settings. Please note that disabling certain technologies may affect the functionality or performance of the Platform.
11 Disclosure of Personal Information
We may disclose personal information to the following categories of recipients, for the purposes described in this Privacy Policy:
Licensed doctors, pharmacists, and other healthcare providers involved in your care
Partner pharmacies that dispense and deliver medications
Payment service providers and financial institutions
Cloud hosting, data storage, analytics, and IT service providers
Delivery partners (limited information only)
Professional advisors (such as lawyers or auditors), where necessary
Law enforcement, regulators, courts, or other authorities when disclosure is required or permitted by law
We do not disclose personal information for third-party direct marketing purposes.
12 Cross-Border Data Transfers
Due to the use of cloud infrastructure and third-party service providers, your personal information may be stored or processed in countries other than Pakistan.
When we transfer personal information across borders, we implement appropriate safeguards, which may include data protection agreements and contractual clauses, access controls and security measures, and requirements that service providers handle personal information in a manner consistent with this Privacy Policy and applicable laws.
13 Data Retention
We retain personal information for as long as reasonably necessary to provide the Services to you, meet medical recordkeeping and other legal or regulatory requirements, resolve disputes and enforce our agreements, and detect and prevent fraud or misuse.
When personal information is no longer required for these purposes, we will take reasonable steps to securely delete, anonymize, or otherwise de-identify it in accordance with our data retention policies and applicable law.
14 Your Rights
Subject to applicable law and certain exceptions, you may have the right to:
Access — Request access to the personal information we hold about you.
Correction — Request correction or updating of inaccurate or incomplete information.
Deletion — Request deletion of your personal information, where legally permissible.
Objection & Restriction — Object to or restrict certain types of processing.
Withdraw Consent — Withdraw consent for marketing communications or certain processing activities, where processing is based on consent.
Information — Request information about how and with whom your personal information is shared.
You may exercise these rights by contacting us at info.crmplus01@gmail.com. We may need to verify your identity before responding to your request and may be unable to fully comply where laws require us to retain certain data.
15 Data Security
We implement reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, loss, misuse, alteration, or destruction. These measures may include:
Encrypted data transmission
Secure cloud storage and regular backups
Role-based and need-to-know access controls
Monitoring for suspicious activity
However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.
16 Mobile Application (App Store & Google Play)
The CMRxpert mobile application (“App”) is available for download through the Apple App Store and Google Play Store. The following additional terms apply to your use of the App.
16.1 Third-Party App Store Terms
Your download and use of the App may also be subject to the terms and policies of Apple Inc. (“Apple”) or Google LLC (“Google”), as applicable. In the event of any conflict between this Privacy Policy and the applicable store’s terms, the more protective provision shall prevail with respect to your personal information. Neither Apple nor Google is a party to this Privacy Policy and they bear no responsibility for the App or its content.
16.2 Device Permissions
The App may request access to certain features or data on your device, including:
Camera
For video consultations and scanning prescriptions or documents.
Microphone
For audio during telemedicine consultations.
Push Notifications
For appointment reminders, prescription updates, and important alerts.
Storage / Photo Library
To upload lab reports, prescriptions, or medical documents.
Location (optional)
To find nearby pharmacies or for delivery services.
You may grant or revoke these permissions at any time through your device settings. Revoking certain permissions may limit the functionality of the App.
16.3 Apple App Tracking Transparency (iOS)
In compliance with Apple’s App Tracking Transparency framework, we will request your permission before tracking your activity across other companies’ apps and websites. You may allow or deny this request at any time through your iOS device’s privacy settings. Denying tracking will not affect your ability to use the core features of the App.
16.4 Google Play Data Safety
In accordance with Google Play’s Data Safety requirements, we disclose the types of data we collect and share through the App in the Google Play Data Safety section of our listing. We do not sell personal data. Health and medical data is encrypted in transit and you may request deletion of your account and associated data by contacting us.
16.5 In-App Purchases & Subscriptions
If the App offers in-app purchases or subscriptions, such transactions are processed by the respective app store (Apple or Google) according to their terms. We receive transaction confirmations but do not have access to your full payment details processed by the app stores. For subscription management, cancellations, and refund requests related to app store purchases, please contact Apple or Google directly.
16.6 Account & Data Deletion
In compliance with Apple App Store and Google Play Store requirements, you may request deletion of your account and all associated personal data at any time. You can do so through the App’s account settings or by contacting us at info.crmplus01@gmail.com. Upon receiving a verified deletion request, we will delete or anonymize your data within 30 days, except where retention is required by applicable healthcare regulations or law.
16.7 Children’s Privacy (COPPA & App Store Guidelines)
The App is not directed at children under the age of 13 (or the applicable age in your jurisdiction). We do not knowingly collect personal information from children without verified parental consent. If we learn that we have collected personal data from a child without proper authorization, we will take steps to delete that information as soon as practicable. Parents or guardians who believe their child has provided personal information to us may contact us at info.crmplus01@gmail.com.
16.8 California Privacy Rights (CCPA/CPRA)
If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know, delete, and opt out of the “sale” or “sharing” of personal information. We do not sell personal information. To exercise your California privacy rights, please contact us at info.crmplus01@gmail.com.
17 Changes to This Privacy Policy
We may update or revise this Privacy Policy from time to time. The updated version will be posted on the Platform and will be effective as of the “Last Updated” date indicated at the top. Where required by law, we will notify you of material changes and, if necessary, obtain your consent to such changes before they take effect.
18 Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:
CMRxpert Health, Inc.
Attn: Privacy Office
info.crmplus01@gmail.com
CMRxpert Health, Inc., Privacy Office