Privacy Policy

QuickCCS (“we”, “us”, “our”) is a clinical decision support software-as-a-service platform designed for community pharmacists in Ireland. QuickCCS is operated as a sole trader business based in Ireland.

This Privacy Policy explains how we collect, use, store, and protect personal data when you use our platform at quickccs.ie. We are committed to complying with the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and the Irish Data Protection Act 2018.

If you have questions about this policy or your data, please contact us at privacy@quickccs.ie.

We use Vercel Analytics to collect anonymised, aggregated usage data (page views, performance metrics). Vercel Analytics does not use cookies and does not collect personally identifiable information. Data is processed by Vercel Inc. under a Data Processing Agreement.

We do not use Google Analytics, advertising cookies, or any form of behavioural tracking.

We rely on the following legal bases under GDPR Article 6 (and Article 9 for special category data):

• Contract (Article 6(1)(b)): Processing your account and billing data to provide the QuickCCS service you have subscribed to.
• Legitimate interests (Article 6(1)(f)): Operating and improving the platform, maintaining security, and fraud prevention, where these interests are not overridden by your rights.
• Legal obligation (Article 6(1)(c)): Retaining certain records where required by Irish law.
• Processing of special category (health) data as a processor: Under Article 9(2)(h), for the provision of health-related professional services, on the instruction of the pharmacy as Data Controller, and subject to a Data Processing Agreement.

We use the following trusted sub-processors to operate QuickCCS. All sub-processors are bound by appropriate data processing agreements and operate within the EEA or under adequate safeguards:

• Supabase (EU region — Ireland): Database hosting and authentication. All data is stored within the EU.
• Vercel: Platform hosting and deployment (EU edge network used where possible).
• Resend: Transactional email delivery (account confirmations, notifications). Email addresses are shared for this purpose only.
• PSI OData API: Used at registration to verify your PSI pharmacist registration number. No data is stored by QuickCCS beyond the verification result.

We do not sell, rent, or share your personal data with any third parties for marketing or advertising purposes.

We retain personal data only for as long as necessary for the purposes described in this policy:

• Account data: Retained for the duration of your subscription and for 12 months after account closure, unless you request earlier deletion.
• Consultation records (Pro/Group tiers): Retained for the period you specify, subject to a minimum of 8 years in line with Irish pharmacy records retention guidance, unless your subscription terms specify otherwise.
• Server logs: Retained for up to 30 days.
• Billing records: Retained for 7 years as required by Irish tax law.

When data is deleted, it is permanently removed from our systems and those of our sub-processors within 30 days, except where retention is required by law.

As a data subject, you have the following rights under GDPR:

• Right of access: You may request a copy of the personal data we hold about you.
• Right to rectification: You may ask us to correct inaccurate or incomplete data.
• Right to erasure (“right to be forgotten”): You may request deletion of your data, subject to legal retention obligations.
• Right to restriction of processing: You may ask us to restrict how we process your data in certain circumstances.
• Right to data portability: You may request your data in a structured, machine-readable format.
• Right to object: You may object to processing based on legitimate interests.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@quickccs.ie. We will respond within one month. You will not be charged for making a request.

If you are not satisfied with our response, you have the right to lodge a complaint with the Irish Data Protection Commission (DPC) at www.dataprotection.ie.

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure, including:

• All data transmitted via HTTPS/TLS encryption
• Data at rest encrypted by Supabase (AES-256)
• Access controls limiting data access to authorised personnel only
• Row-level security policies in our database layer
• Regular platform updates and security patching via Vercel/Supabase managed infrastructure

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Data Protection Commission within 72 hours and, where required, inform affected individuals without undue delay.

All patient consultation data and account data is stored on Supabase servers located within the EU (Ireland region). We do not transfer personal data outside the European Economic Area (EEA) except where appropriate safeguards are in place (e.g. Standard Contractual Clauses with sub-processors such as Vercel and Resend where their processing may occur outside the EEA).

QuickCCS is a professional platform intended for registered pharmacists only. We do not knowingly collect personal data from individuals under 18 years of age. Patient data processed through the platform is the responsibility of the pharmacy as Data Controller.

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email and will update the effective date at the top of this document. Continued use of QuickCCS after notification constitutes acceptance of the updated policy.

For any questions, data subject requests, or concerns about this Privacy Policy or our data practices, please contact:

Supervisory Authority: Data Protection Commission (DPC), 21 Fitzwilliam Square South, Dublin 2, D02 RD28. Website: www.dataprotection.ie