Privacy Policy

Your privacy matters to us. Learn how we collect, use, and protect your information.

Our Commitment

We collect only what we need to serve you. Your medical data is encrypted, secured, and never sold. CPSA is fully compliant with South Africa's POPIA (Protection of Personal Information Act) and prioritizes your privacy above all else.

Information We Collect

Contact Information

Name, email, phone number — used for order processing, delivery, and customer support.

Medical Information

Prescriptions, medical history, allergies, current medications — used to safely compound and dispense your medications.

Payment Information

Bank details (EFT only), payment history — used to process payments securely. We do not store full banking credentials.

Usage Information

IP address, browser type, pages visited — collected via analytics to understand how you use our site and improve performance.

How We Use Your Information

  • Process and fulfill your medication orders
  • Deliver medications safely to you
  • Communicate about order status and delays
  • Provide customer support and answer questions
  • Comply with South African pharmaceutical regulations (POPIA, Schedule 1)
  • Improve our website and services based on usage patterns
  • Send non-marketing updates about service changes

Medical Data & POPIA Compliance

Medical data (prescriptions, medical history) is classified as 'special personal information' under POPIA and is handled with the highest level of protection. All medical data is encrypted in transit and at rest, accessible only to authorized clinical staff members, and retained only as long as legally required.

Prescriptions and medical information are handled with the highest level of security and are only accessible to authorized CPSA staff members.

See our POPIA Compliance page for full details on your rights and our legal obligations.

Data Security

Encryption

All data in transit uses TLS 1.2+ encryption. Medical data at rest is encrypted using AES-256.

Access Controls

Only authorized CPSA staff can access your medical information. Access is logged and audited regularly.

Secure Servers

Our servers are maintained by trusted providers with SOC 2 compliance and regular security audits.

Regular Backups

Data is backed up securely and tested regularly for recovery capability.

Do We Share Your Information?

We do not sell or share your personal information with third parties for marketing purposes. We only share information when necessary to fulfill your order (e.g., with delivery partners, payment processors) or when required by law.

We may share information with trusted service providers (payment processors, email services) only to the extent necessary to serve you. All service providers sign data processing agreements and must handle data securely.

Third-Party Services

Our website uses the following third-party services:

  • Supabase — Database hosting and API (medical data stored securely)
  • Vercel — Website hosting (no medical data)
  • Email Service — For order confirmations and notifications (compliant with POPIA)
  • Analytics — To understand website usage (anonymized, no medical data)

Cookies & Analytics

We use cookies to track website usage and improve your experience. These are non-identifying and include analytics to understand how visitors use our site.

You can control cookies through your browser settings. Disabling cookies may affect some functionality on our site.

Your Privacy Rights

Right to Access: Request a copy of all personal data we hold about you.

Right to Correct: Ask us to fix inaccurate or incomplete information.

Right to Delete: Request deletion of your data (where legally permitted).

Right to Restrict: Ask us to limit how we process your data.

Right to Object: Opt out of certain processing activities.

To exercise any of these rights, contact us at info@compounding.co.za

Questions or Changes?

This policy may be updated from time to time. We'll notify you of significant changes via email or prominent notice on our website.

If you have questions about our privacy practices, please contact us at info@compounding.co.za

Last updated: 7 June 2026