Privacy Policy

Your privacy matters to us. Learn how we collect, use, and protect your information.

Our Commitment

We collect only what we need to serve you. Your medical data is encrypted, secured, and never sold. CPSA is fully POPIA compliant.

Information We Collect

Contact Information

Name, email, phone number — used for order processing and support.

Medical Information

Prescriptions, medical history, allergies — used to safely compound your medications.

Payment Information

Bank details (EFT only) — processed securely. We do not store full banking credentials.

Usage Information

IP address, browser type, pages visited — anonymized analytics to improve our site.

How We Use Your Information

  • Process and fulfill medication orders
  • Deliver medications safely
  • Communicate about order status
  • Provide customer support
  • Comply with pharmaceutical regulations (POPIA, Schedule 1)
  • Improve our website and services

Medical Data & POPIA Compliance

Medical data is classified as 'special personal information' under POPIA and handled with the highest protection. Encrypted in transit and at rest, accessible only to authorized clinical staff, retained only as legally required.

Prescriptions and medical information are handled with the highest level of security and are only accessible to authorized CPSA staff members.

See our POPIA Compliance page for full details on your rights and our legal obligations.

Data Security

Encryption

TLS 1.2+ in transit. AES-256 at rest.

Access Controls

Only authorized staff can access medical information. Access is logged and audited.

Secure Servers

SOC 2 compliant hosting with regular security audits.

Regular Backups

Securely backed up and tested for recovery.

Do We Share Your Information?

We do not sell or share your personal information for marketing. We only share when necessary to fulfill orders or when required by law.

We may share information with trusted service providers (payment processors, email services) only to the extent necessary to serve you. All service providers sign data processing agreements and must handle data securely.

Third-Party Services

Our website uses the following third-party services:

  • Supabase — Database hosting (medical data stored securely)
  • Vercel — Website hosting (no medical data)
  • Email Service — Order confirmations (POPIA compliant)
  • Analytics — Website usage (anonymized)

Cookies & Analytics

We use cookies to track website usage and improve your experience. These are non-identifying and include analytics to understand how visitors use our site.

You can control cookies through your browser settings. Disabling cookies may affect some functionality on our site.

Your Privacy Rights

Right to Access: Request a copy of all personal data we hold.

Right to Correct: Ask us to fix inaccurate information.

Right to Delete: Request deletion where legally permitted.

Right to Restrict: Limit how we process your data.

Right to Object: Opt out of certain processing activities.

To exercise any of these rights, contact us at info@compounding.co.za

Questions or Changes?

This policy may be updated from time to time. We'll notify you of significant changes via email or prominent notice on our website.

If you have questions about our privacy practices, please contact us at info@compounding.co.za

Last updated: 1 April 2026