Privacy Policy

1. Introduction

C2 Vault, LLC (“C2 Vault,” “Company,” “we,” “us,” or “our”) is committed to protecting the privacy and security of your information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you access or use our website, software platform, and related services (collectively, the “Application”).

By accessing or using the Application, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use the Application. This Privacy Policy should be read together with our Terms of Use.

2. Information We Collect

We collect the following categories of information:

(a) Information You Provide Directly

• Pharmacy Registration Details: Pharmacy name, legal name, National Provider Identifier (NPI), DEA registration number, state license number, address, phone number, and contact information.
• User Account Information: Name, initials, email address, role, and login credentials.
• Controlled Substance Transaction Records: Prescription reference numbers, drug names, NDC codes, quantities, dates, and chain-of-custody information you enter into the system.
• Support Communications: Information you provide when contacting our support team, including the content of messages, attachments, and related metadata.
• Payment Information: Billing details processed through our third-party payment processor. We do not store full credit card numbers on our servers.

(b) Information Collected Automatically

• Usage Data: Pages visited, features used, actions taken, timestamps, and frequency of use.
• Device and Browser Information: IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
• Audit Log Data: Automatically generated records of user activity within the Application for security and compliance purposes.
• Cookies and Similar Technologies: Essential cookies for authentication and session management. See Section 9 for details.

(c) Information from Third Parties

We may receive information from third-party services integrated with the Application, such as payment processors (e.g., Stripe) for subscription management, and NPI registry data for pharmacy verification during registration.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, operate, maintain, and improve the Application, including processing controlled substance records, generating compliance reports, and maintaining audit trails.
• Account Management: To create and manage your account, authenticate users, and process subscription payments.
• Communications: To send technical notices, security alerts, updates, support responses, and administrative messages related to the Application.
• Security and Fraud Prevention: To detect, prevent, and address technical issues, security threats, fraud, and unauthorized access.
• Analytics and Improvement: To analyze usage patterns, diagnose issues, and improve the functionality, performance, and user experience of the Application.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

• Service Providers: We share information with trusted third-party vendors who assist in operating the Application, including cloud hosting providers, payment processors, email delivery services, and analytics providers. These providers are contractually obligated to protect your information and use it only for the services they provide to us.
• Legal Requirements: We may disclose your information if required by law, subpoena, court order, or governmental regulation, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.
• Professional Advisors: We may share information with our legal, accounting, and financial advisors under confidentiality obligations as necessary for legitimate business purposes.
• With Your Consent: We may share information for any other purpose with your explicit consent.

5. Data Security

We implement industry-standard security measures to protect your data, including:

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using Transport Layer Security (TLS).
• Encryption at Rest: Stored data is encrypted using AES-256 encryption.
• Access Controls: Role-based access controls and authentication mechanisms to restrict access to authorized personnel only.
• Audit Logging: Comprehensive logging of system access and data modifications for security monitoring.
• Regular Assessments: Periodic security reviews and vulnerability assessments.

However, no method of electronic transmission or storage is 100% secure. While we strive to use commercially reasonable means to protect your information, we cannot guarantee its absolute security. In the event of a data breach that affects your personal information, we will notify you in accordance with applicable law.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Application. Specific retention periods include:

• Account Data: Retained for the duration of your active subscription and for a reasonable period thereafter to facilitate account reactivation or data export.
• Controlled Substance Records: Retained in accordance with DEA regulations and applicable state regulatory requirements, which generally require a minimum retention period of two (2) years.
• Audit Logs: Retained for a minimum of two (2) years for compliance purposes.
• Post-Termination: Upon account termination, you will have thirty (30) days to download your data. After this period, Company may permanently delete all account data.

You are solely responsible for maintaining your own backups or copies of records as required by federal, state, or regulatory law.

7. Your Rights and Choices

Subject to applicable law and regulatory retention requirements, you have the following rights regarding your personal information:

• Access: You may request access to the personal information we hold about you.
• Correction: You may request that we correct inaccurate or incomplete personal information.
• Deletion: You may request deletion of your personal information, subject to legal retention requirements (e.g., DEA recordkeeping obligations).
• Data Portability: You may export your data at any time through the Application.
• Opt-Out: You may opt out of non-essential communications at any time by following the unsubscribe instructions in our emails or contacting us directly.

To exercise any of these rights, please contact us at support@c2vault.com. We will respond to your request within thirty (30) days.

8. HIPAA and Protected Health Information

The Application is not intended to store or process patient names, dates of birth, addresses, diagnoses, or other protected health information (“PHI”) as defined under the Health Insurance Portability and Accountability Act (“HIPAA”). Users agree not to enter PHI into the Application except to the limited extent necessary for prescription tracking using non-identifiable prescription reference numbers.

To the extent we process PHI on your behalf, we do so in accordance with the terms of a separately executed Business Associate Agreement (“BAA”) and applicable HIPAA regulations. Company does not assume the role of a Business Associate unless expressly agreed to in a separate written agreement signed by both parties. You remain solely responsible for compliance with HIPAA and all other applicable privacy laws.

9. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

• Essential Cookies: Required for authentication, session management, and security. These cookies are necessary for the Application to function and cannot be disabled.
• Analytics Cookies: We use analytics tools (such as Google Analytics) to understand how users interact with the Application and to improve performance and user experience. These tools may collect anonymized usage data.

We do not use advertising cookies, behavioral tracking, or retargeting technologies. We do not sell data collected through cookies to third parties.

10. Children's Privacy

The Application is intended for use by licensed pharmacies and authorized pharmacy personnel who are at least 18 years of age. We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected information from an individual under 18, we will take steps to delete such information promptly.

11. International Data Transfers

The Application is hosted and operated in the United States. If you access the Application from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Application, you consent to the transfer of your information to the United States.

12. Third-Party Links and Services

The Application may contain links to third-party websites or services that are not owned or controlled by C2 Vault. We are not responsible for the privacy practices, content, or security of any third-party websites or services. We encourage you to review the privacy policies of any third-party services you access through or in connection with the Application.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify you by email or through a notice within the Application prior to the changes taking effect. Your continued use of the Application after such changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

14. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of New York, without regard to its conflict of law principles. Any disputes arising under or in connection with this Privacy Policy are subject to the dispute resolution provisions set forth in our Terms of Use.

15. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: