Privacy Policy

Last updated: April 1, 2026 · Effective: April 1, 2026

Plain English summary: FormCheckRx is a drug formulary reference tool. We do not collect, store, or transmit any patient information. We only know your email address (if you subscribe) and the drug names you search. We never sell your data.

1. Who We Are

FormCheckRx ("we," "us," or "our") operates the website formcheckrx.com and the FormCheckRx application (collectively, the "Service"). FormCheckRx is a Medicaid drug formulary reference tool that allows healthcare professionals to look up drug coverage information.

We are not a healthcare provider, health plan, clearinghouse, or covered entity under the Health Insurance Portability and Accountability Act (HIPAA). FormCheckRx provides reference information only and does not process, store, or transmit Protected Health Information (PHI).

2. Information We Collect

Information you provide:

Account information: If you subscribe, we collect your email address and payment information (processed by Stripe — we never see your full card number)
Drug search queries: The drug names you search are sent to our AI provider (Anthropic) to generate formulary results. We do not log searches tied to your identity.

Information collected automatically:

IP address (used for rate limiting only, not stored long-term)
Browser type and device type (for compatibility)
Pages visited on our website (via anonymous analytics)

What we do NOT collect:

Patient names, dates of birth, or any patient-identifying information
Member ID numbers or insurance information
Medical diagnoses or health conditions
Social Security numbers
Any Protected Health Information (PHI) as defined by HIPAA

⚠️ Important: Do not enter any patient-identifying information into the FormCheckRx search bar. The search tool is designed for drug names only. Any patient information you enter will be transmitted to our AI provider and is not protected by HIPAA through this service.

3. How We Use Your Information

To provide and improve the FormCheckRx Service
To process payments and manage your subscription
To send account-related emails (receipts, renewal notices, service updates)
To respond to your support requests
To detect and prevent fraud and abuse
To comply with legal obligations

We do not use your information for advertising. We do not sell your information to third parties. We do not share your email with marketers.

4. Third-Party Services

We use the following third-party services to operate FormCheckRx:

Anthropic (Claude AI): Drug search queries are sent to Anthropic's API to generate formulary responses. Anthropic's privacy policy applies to data processed through their API. Drug names searched are sent to Anthropic but are not tied to your identity. See anthropic.com/privacy
Stripe: Payment processing. Stripe handles all payment card data. We never store your full card number. See stripe.com/privacy
Vercel: Website hosting. Your IP address may be logged by Vercel's infrastructure. See vercel.com/legal/privacy-policy

5. HIPAA Compliance Statement

FormCheckRx is a formulary reference tool, not a healthcare covered entity or business associate under HIPAA. Our Service is designed to be used with drug names only — no patient information.

Healthcare professionals using FormCheckRx are responsible for ensuring they do not enter Protected Health Information (PHI) into the Service. FormCheckRx does not sign Business Associate Agreements (BAAs) because our Service is not designed to process PHI.

If your organization requires HIPAA-compliant tools that process PHI, please consult your compliance officer before using FormCheckRx for any workflow that involves patient-specific information.

6. Data Security

We implement industry-standard security measures to protect your information:

All data transmitted to and from FormCheckRx is encrypted using TLS/SSL (the padlock in your browser)
API keys are stored as encrypted environment variables, never in code
Payment data is handled entirely by Stripe and never touches our servers
We do not maintain a database of user searches or patient-related queries
Access to admin systems requires password authentication

7. Data Retention

Account data: Retained while your account is active and for 90 days after cancellation
Payment records: Retained for 7 years as required by financial regulations
Server logs: Automatically deleted after 30 days
Search queries: Not retained on our servers (processed in real-time and discarded)

8. Your Rights

Depending on your location, you may have the right to:

Access the personal information we hold about you
Request correction of inaccurate information
Request deletion of your account and associated data
Opt out of marketing emails (unsubscribe link in every email)
Data portability (export your account data)

To exercise any of these rights, email us at [email protected]

9. Children's Privacy

FormCheckRx is intended for healthcare professionals and adults only. We do not knowingly collect information from children under 13. If you believe a child has provided us with personal information, contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify subscribers by email at least 14 days before material changes take effect. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

For privacy questions or concerns: