Privacy Policy

Last Modified: 26 April 2026

This Privacy Policy explains how Drug Index.it ("DrugIndex.it", "we", "us", or "our") collects, uses, stores, protects, shares, retains, and deletes information when you access or use our digital health formulary platform, websites, applications, APIs, and related services (the "Services"). It also explains how our Services interact with Google user data when you choose to sign in with Google.

1. Information We Collect, Including Google User Data

We collect the following categories of information to provide and improve the Services:

  1. Account and contact information: Data such as your name, email address, contact details, account identifier, role, subscription status, and organization or distributor associations when applicable.
  2. Google user data: If you use Sign in with Google or Google One Tap, we access the Google account information needed to authenticate you, including your Google account email address, name, profile image/avatar if provided by Google, Google account identifier, and authentication tokens or ID token claims required to create and maintain your DrugIndex.it session. We do not request access to your Gmail, Google Drive, Google Calendar, contacts, files, or other Google product content.
  3. User content and app data: Content and information you submit, post, search, save, generate, or transmit through the Services, including conversations, preferences, and administrative records where applicable.
  4. Usage, device, and log data: Automatically collected information such as IP address, browser type, device information, access times, pages visited, session activity, security events, and diagnostic logs.
  5. Cookies and local storage: Data collected or stored through cookies, local storage, and similar technologies to keep you signed in, secure sessions, remember preferences, and improve the Services.

2. How We Use Google User Data and Other Information

We use your information for the following purposes:

  1. Authentication and account access: Google user data is used to verify your identity, create or connect your DrugIndex.it account, manage your login session, prevent unauthorized access, and let you access the Services.
  2. Service delivery: Operating, maintaining, personalizing, securing, and improving the Services, including account management, role-based access, subscription features, support, and platform reliability.
  3. Communication: Responding to inquiries, providing customer support, sending service notices, and sending product updates when permitted by law or when you opt in.
  4. Security, compliance, and abuse prevention: Detecting, investigating, and preventing fraud, misuse, policy violations, security incidents, and illegal activity.
  5. Analytics and product improvement: Understanding usage patterns so we can improve performance, reliability, and user experience. We do not use Google user data for advertising or for building unrelated user profiles.

3. How We Share Google User Data and Other Information

We do not sell Google user data or other personal information. We also do not share Google user data for advertising. We may share information only in the following limited circumstances:

  1. Authentication and infrastructure providers: We use Supabase and related hosting, database, security, and infrastructure providers to authenticate users, store account records, operate the Services, monitor reliability, and protect the platform. These providers process data on our behalf and are not permitted to use it for their own advertising purposes.
  2. Payment and customer support providers: When you purchase or manage a paid plan or request support, we may share the minimum information necessary to process payments, manage subscriptions, resolve support requests, and communicate with you.
  3. Legal and safety disclosures: We may disclose information when required by law, regulation, legal process, court order, or government request, or when we believe disclosure is necessary to protect the rights, safety, and security of users, DrugIndex.it, or others.
  4. Business transfers: If DrugIndex.it is involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction, subject to appropriate confidentiality and privacy protections.

Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4. Data Storage and Protection

We store account, authentication, app, and support data using managed cloud infrastructure and database services. We use reasonable administrative, technical, and organizational safeguards designed to protect information from unauthorized access, loss, misuse, alteration, and disclosure. These safeguards may include encrypted transport, access controls, role-based permissions, session controls, monitoring, backups, and restrictions on administrative access. No method of transmission or storage is completely secure, but we work to protect your information in a manner appropriate to the sensitivity of the data.

5. Data Retention and Deletion

We retain Google user data and other personal information only for as long as needed to provide the Services, maintain your account, comply with legal obligations, resolve disputes, enforce agreements, prevent abuse, and maintain security and audit records. Authentication session data is retained for the life of the session and related security needs. Account records are retained while your account is active and for a limited period afterward where needed for legal, tax, security, backup, or operational reasons.

You may request access to, correction of, export of, or deletion of your personal data by contacting support@drugindex.it. To request account or Google sign-in data deletion, email us from the account email address or provide enough information for us to verify that you control the account. We will process deletion requests within a reasonable period unless retention is required by law, necessary for security, or needed to complete an active transaction. You may also revoke DrugIndex.it access from your Google Account permissions page.

6. Your Rights and Choices

Depending on your jurisdiction, you may have rights regarding your personal information, including the right to access, update, correct, delete, restrict, or object to certain processing of your data. You can choose not to use Google sign-in and may use another available authentication method, such as email magic link, where offered. To exercise your rights, contact us using the details below.

7. Children's Privacy

Our Services are not intended for children under the age of 13. We do not knowingly collect personal information from individuals under 13. If you believe we have inadvertently collected such information, please contact us immediately.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page along with a new "Last Modified" date. Your continued use of our Services after changes have been posted constitutes your acceptance of the updated Policy.

9. Contact Us

If you have any questions, concerns, or data deletion requests related to this Privacy Policy or our data practices, please contact us at support@drugindex.it.