Privacy Policy

Last updated: April 21, 2026

RxBasis (“we,” “us”) helps self-insured employers audit their Pharmacy Benefit Manager (PBM) contracts. This policy explains what we collect, how we use it, and your rights.

What we collect

  • Account information: email address and name you provide when you sign in through Clerk.
  • Uploaded documents: PBM contracts, plan documents, and pharmacy claims CSVs you upload for analysis.
  • Analysis outputs: the AI-generated risk scores, audit findings, and draft letters we produce from your inputs.
  • Usage data: basic logs (page loads, API request paths, timestamps) used to keep the service running.

How we use it

We use your uploads and account data to run the contract and claims analysis you asked for, display results back to you, and improve service reliability. We do not sell your data, and we do not train foundation models on your contracts.

Third parties we use

  • Clerk — authentication and user management.
  • Supabase (PostgreSQL) — storage for contract analyses and claims uploads (US region).
  • OpenAI— language-model API used to extract contract terms, generate risk scoring, and draft audit letters. Per OpenAI’s API terms, your prompts and completions are not used to train their models.
  • Railway / Vercel — application hosting.
  • CMS public datasets — we cross-reference NADAC pricing, NPPES pharmacy registry, and other public government datasets. No private data flows outbound to these sources.

Data retention

Uploaded documents and their derived analyses are retained so you can revisit them on your dashboard. You can delete your data at any time by contacting us. We delete all account-associated data within 30 days of an account deletion request.

Security

Data is encrypted in transit (TLS) and at rest (managed by Supabase). API access to our backend requires a Clerk-issued user identity plus a server-to-server proxy secret. We follow reasonable industry practices but make no guarantee of absolute security.

Your rights

You can request a copy of your data, correction of inaccurate data, or deletion of your data by emailing support@rxbasis.com. We will respond within 30 days.

Children

RxBasis is a B2B product and is not directed at anyone under 18.

Changes

If we change this policy materially, we will post the updated version here and notify signed-in users by email.

Contact

Questions: support@rxbasis.com.

← Back to home