Privacy
Your data & deletion.
A plain-language summary of what we hold, how to get a copy, and how to delete everything.
1. What personal data we store
Drug Database is designed to hold as little personal data as possible. The information we keep is described below, and mirrors the full detail in our Privacy Policy.
| Data | Where it lives | Deleted with account? |
|---|---|---|
| Tenant name & owner email | tenants table | Yes — immediately on deletion |
| Session cookies | session_tokens table (SHA-256 hash only; never plaintext) | Yes — cascades with tenant row |
| API key hashes | api_keys table (SHA-256 hash + last 4 chars; plaintext never stored) | Yes — cascades with tenant row |
| API usage counters | api_usage table — endpoint, HTTP status, response time, request count per calendar period. Drug names and catalogue identifiers are never logged. | Yes — cascades via api_keys |
| Webhook subscriptions | webhook_subscriptions table (destination URL + HMAC signing secret) | Yes — cascades with tenant row |
| BYOL credentials | byol_credentials table, encrypted at rest with pgsodium AEAD | Yes — cascades with tenant row |
| Bucketed clinical context (PHI Gateway) | phi_audit_log — counters and elapsed-time values only (severity_max, warnings_returned, ms_elapsed). Request bodies, patient blocks, and warning text are never persisted. | Yes — cascades with tenant row; retained 7 years where healthcare compliance requires it |
| Stripe billing records | Stripe customer ID, last-4 card digits, subscription status. Card numbers and bank details are never held by Drug Database. | Stripe customer records retained per Swiss tax law (10 years for invoices) |
| Support correspondence | Emails and dashboard messages sent to support | Retained 3 years after ticket closure; email us to request earlier deletion |
All data is stored in Postgres hosted in Switzerland (Supabase eu-central-2 Zurich). We do not log drug names, ATC codes, NDC, GTIN, Pharmacode, or any clinical catalogue value. We do not embed advertising trackers or session-replay tools.
2. How to export your data
You can export your account data at any time from the Account page in the dashboard. The export includes:
- Your tenant record (name, owner email, country, tier, DPA acceptance date)
- Your API key list (name, environment, last-4 suffix, created/revoked dates)
- Your API usage counters by month
- Your webhook subscription list (URLs only — signing secrets are not exported)
The export is delivered as a JSON download directly from your browser session. No email is required and the file never transits our servers.
If you cannot access the dashboard, email privacy@drug-database.com from the address registered to your account and we will respond within 30 days with a portable copy.
3. How to delete your data
Self-serve (dashboard)
Logged-in users can permanently delete their account from the Account page in the dashboard. The deletion flow requires you to type your email address to confirm, then immediately:
- Revokes all active dashboard sessions
- Deletes the
tenantsrow and all data that cascades from it (API keys, usage counters, webhook subscriptions, BYOL credentials, PHI audit log rows, session tokens) - Redirects to the homepage
Deletion is permanent and irreversible. Data subject to mandatory retention under Swiss law (Stripe invoice records, certain audit log entries) cannot be deleted ahead of the statutory deadline.
Email request
If you cannot access the dashboard, email privacy@drug-database.com from the address registered to your account with the subject line “Account deletion request”. We will action your request within 30 days and confirm deletion by reply.
After deletion
Account records are purged within thirty days of the deletion request. Operational logs (30-day rolling window) and Stripe invoice records (10 years, Swiss tax law) are the only data that may survive past that window. We will confirm in writing what, if anything, was retained and under which legal basis.
4. Contact
For any data rights request — access, rectification, deletion, portability, or objection — contact:
- Email: privacy@drug-database.com
- Response time: 30 days (GDPR Art. 12 / nFADP Art. 16)
See also: our full Privacy Policy, including the legal bases for processing, data residency, subprocessors, and your right to lodge a complaint with the Swiss EDÖB or an EU supervisory authority.