Legal

App privacy policy

Privacy policy for merchants and end-customers using the PharmaBoost Shopify application.

Book a Free Digital Audit

Effective date: June 2026 · Draft for merchant review before App Store submission.

Who we are

PharmaBoost (pharmaboost.co.uk) provides the PharmaBoost Shopify application. For app-related privacy enquiries contact support@pharmaboost.co.uk.

Role of parties

When you install the app, you (the merchant) are the data controller for customer and patient data submitted through your storefront. PharmaBoost acts as a data processor for that shop-scoped data, processing it only to provide the app service.

Data we process

Depending on your configuration we may process: Shopify shop and staff session data; customer profile and registration fields; pharmacy, prescription, and NHS form submissions; order identifiers linked to submissions; product and variant metadata for limits and reorder rules; branding assets you upload; and billing status from Shopify.

Shop isolation

All application data is scoped by Shopify shop domain. We do not combine or use one merchant's customer data for another merchant's purposes.

Retention

Prescription and NHS submission retention follows your in-app Settings (default 90 days unless you change it). When you uninstall the app or receive a shop redact webhook, we delete or anonymise shop data as required by Shopify's mandatory webhook programme.

GDPR webhooks

We honour Shopify mandatory webhooks: customers/data_request (export), customers/redact, and shop/redact. Customer data requests produce a JSON export emailed to your pharmacist notification address configured in app Settings.

Subprocessors

App hosting on our infrastructure (UK/EU-aligned where practicable), Shopify platform APIs, and any email SMTP provider you configure. We do not sell personal data.

Security

HTTPS in transit; admin APIs require authenticated Shopify sessions; storefront routes use Shopify app proxy HMAC validation where applicable.

Your responsibilities

Publish your own privacy notice to customers, obtain lawful basis and consent where required, and configure forms to collect only necessary data. PharmaBoost is a workflow tool and does not provide legal advice.

Changes

We may update this policy. Material changes will be reflected on this page with an updated effective date.

View terms of service →