Privacy Policy.

PillPilot, Inc. (“PillPilot,” “we,” “us”) operates an AI-driven pharmacy operations platform. This policy explains what information we collect, how we use it, how we protect it, and the choices you have. We treat protected health information (PHI) as a fiduciary trust and only handle it where it is necessary to deliver the service.

1. Information we collect

We collect information that helps us run the service, support our customers, and comply with our legal obligations. The categories below describe what we receive, how we get it, and why.

• Account & business information. Pharmacy name, NPI, addresses, billing details, the contact information of the pharmacists and owners who set up and use PillPilot. Provided by you during onboarding.
• Operational data. Workflow events generated by our agents — prescriptions read, calls handled, PMS writes, override decisions, audit ledger entries. Generated automatically as you use PillPilot.
• Protected Health Information (PHI). Patient, prescriber, drug, payer, and adherence data we process to fill prescriptions, answer calls, or surface insights. Received from your PMS, e-Rx feeds, telephony, and adjacent systems with your authorization. Always handled under a Business Associate Agreement (BAA).
• Voice & text content. Recordings, transcripts, and SMS exchanges that pass through PillPilot’s voice agent. Captured only for the calls and conversations our agents handle on your behalf.
• Device & usage information. IP address, browser, device type, and basic interaction logs from the dashboard and overlay. Collected for security, troubleshooting, and product analytics.
• Communications. Email, ticket, and call content when you contact us for support, sales, or feedback.

2. How we use information

We use information to deliver, operate, and improve PillPilot — and for no purpose that is incompatible with running the service responsibly.

• Service delivery. Run the intake and voice agents, write to your PMS, route calls and messages, generate audit ledger entries, and surface insights for your team.
• Clinical safety. Apply hard- and soft-stop rules, flag potential overrides, and create reviewable records that pharmacists rely on to keep patients safe.
• Customer support. Respond to questions, troubleshoot incidents, and document resolutions.
• Security & integrity. Detect abuse, prevent fraud, monitor system health, and meet HIPAA, state board, and regulatory obligations.
• Product improvement. Improve agent accuracy, refine PMS adapters, and tune workflows. We use de-identified or aggregated data wherever possible — PHI is not used to train general-purpose models.
• Communications. Send service announcements, security notices, contract updates, and (with consent or as legally permitted) marketing email you can unsubscribe from at any time.

3. PHI and HIPAA

PillPilot acts as a Business Associate to its pharmacy customers (Covered Entities). We sign a BAA with every customer before any PHI flows. PHI is segmented by customer and processed only as the BAA and our service contracts permit.

• PHI is encrypted in transit and at rest with industry-standard ciphers.
• Access is role-based; engineering staff cannot view PHI without a documented support ticket and audit-trailed approval.
• Voice transcripts are scrubbed before model inference; PHI is not retained in third-party LLM contexts.
• De-identified aggregate metrics may be retained for product analytics and benchmarking.
• Patients should contact the pharmacy that uses PillPilot to exercise rights of access, amendment, or accounting under HIPAA. We support our customers in fulfilling those requests.

4. How we share information

We do not sell personal information. We share information only in the limited circumstances below, each governed by appropriate contracts and safeguards.

• Subprocessors. Cloud infrastructure (AWS), telephony providers, observability and security tooling, and customer support tools. A current list is available on request and updated when material changes occur.
• Customers. Information is segmented by customer and only made available to authorized users of that account. PillPilot does not share one customer’s data with another.
• Legal & safety. When required by law, valid legal process, or when we believe disclosure is necessary to protect rights, property, or safety.
• Corporate transactions. If PillPilot is involved in a merger, acquisition, or asset sale, we will provide notice before personal information is transferred and becomes subject to a different policy.

5. How we protect information

Security is the floor of the product, not a feature. Our practices include encryption in transit and at rest, least-privilege access controls, tenant isolation, audit logging of every PMS write and agent decision, automated vulnerability scanning, code review, and continuous compliance monitoring. Detailed security documentation is available under NDA at security@pillpilot.ai.

6. Cookies and analytics

We use a minimal set of first-party cookies to keep you signed in, remember preferences, and run basic analytics on the marketing site. We do not use third-party advertising cookies. You can disable cookies in your browser settings; some authenticated features will require cookies to function.

7. Your choices and rights

• Access & correction. Account holders can update business contact information from the dashboard or by emailing us.
• Marketing email. Use the unsubscribe link in any marketing message, or email us to opt out of all non-transactional email.
• Data subject requests. Patients should contact the pharmacy. Pharmacy operators can email privacy@pillpilot.ai with requests; we respond within applicable legal timelines.
• Regional rights. Where state privacy laws apply (CA, CO, CT, VA, etc.), we honor applicable rights including access, deletion, and opt-out from sale or sharing. PillPilot does not sell personal information.

8. Data retention

We retain account, operational, and audit data for the duration of the customer relationship and as required to meet legal, regulatory, and clinical-record obligations. PHI retention is governed by the Business Associate Agreement and applicable state law. De-identified aggregate metrics may be retained indefinitely.

9. Children

PillPilot is sold to pharmacies, not to consumers, and is not directed at children. PHI processed on behalf of pediatric patients is handled under the same HIPAA controls as all other PHI.

10. Changes to this policy

We will update this policy as the service evolves. Material changes will be communicated to customers in advance. The “Last updated” date at the top of this page reflects the most recent revision.

11. Contact us

Privacy questions: privacy@pillpilot.ai
Security & vulnerability reports: security@pillpilot.ai
General contact: contact@pillpilot.ai

PillPilot, Inc. · Made for pharmacies · © 2026