Privacy
Data Privacy Notice
How CII HERO collects, uses, stores, and protects your data. Written in plain language, because you should be able to understand exactly what happens to your pharmacy's records.
Effective: March 2026
Version: 1.0
Applies to: the CII HERO software application
This Data Privacy Notice describes how Apothem Rx LLC ("we," "us," "our") collects, uses, stores, and protects data when you use the CII HERO software application ("Software").
1 Data that stays on your computer
The following data is stored on your local computer in an encrypted database:
- Inventory transactions — all controlled substance records (receipts, dispensing, adjustments, destructions, and so on)
- Product catalog — drug names, NDC numbers, strengths, and on-hand quantities
- User accounts — usernames, roles, and hashed passwords for pharmacy staff
- Audit trail — the complete, hash-chained log of all transactions and administrative actions
- Pharmacy profile — your pharmacy name, DEA number, address, and NPI
How your cloud backup is protected
Inventory transactions are also transmitted to our cloud backup service in encrypted form (see Section 2). They are encrypted on your computer with your database key before they are sent, and they remain encrypted at rest on our servers.
Because we also hold your encryption key in escrow so we can help you recover your data on a new computer (see Section 2), this encryption is a strong additional layer of protection, not a claim that we are technically unable to access your data. As a matter of policy, we do not access, view, or use your transaction contents except as described in Section 3. Apothem Rx is the custodian of your key; CII HERO is not a zero-knowledge or "vendor-blind" service.
Local encryption
Your local database is encrypted using AES-256 encryption (via SQLCipher). The encryption key is stored in your computer's Windows Credential Manager, which is protected by your Windows user account.
2 Data transmitted to the cloud
When your installation is activated and connected to the internet, the following data is transmitted to our cloud infrastructure (hosted on Supabase):
- Encrypted transaction backups — each inventory transaction is encrypted on your computer using AES-256-GCM before transmission and stored on our servers in encrypted form. This includes drug names, quantities, Rx numbers (if entered), and staff initials, all encrypted before they leave your computer.
- Encrypted database snapshots — periodic full backup copies of your encrypted database are uploaded to secure cloud storage. These remain encrypted with your database key.
- Pharmacy registration data — Pharmacy ID, pharmacy name, and activation status
- System Manager credentials — authenticated via Supabase Auth (passwords are never stored in plaintext on our servers; Supabase uses bcrypt hashing)
- Database encryption key — securely escrowed in our cloud infrastructure so we can help you recover your data if you move to a new computer. The key is transmitted over TLS and stored server-side. This means Apothem Rx is the custodian of your key, chosen deliberately so that a lost passphrase never locks you out of your own records.
- Feedback submissions — if you use the in-app feedback feature, your message and username are transmitted
- Update checks — the Software periodically checks for new versions. Only your current version number is sent; no pharmacy or patient data is included.
What we do NOT collect
No patient names, dates of birth, or diagnosis codes. CII HERO tracks inventory quantities and Rx numbers for dispensing transactions, but does not link them to patient identities.
No Protected Health Information (PHI) as defined by HIPAA. The Software is designed to avoid storing PHI.
No browsing history, keystrokes, or screen recordings. No usage analytics or telemetry beyond what is listed above.
3 How we use your data
We use transmitted data only for the following purposes:
- Account authentication — verifying your identity when you log in
- Data backup and recovery — storing encrypted backups so your data can be restored if your computer is replaced or damaged
- Encryption key escrow — holding your database encryption key so you can recover access to your data through your cloud account
- Software updates — delivering bug fixes and new features
- Product improvement — reviewing anonymized feedback to improve the Software
We do not sell, rent, or share your data with third parties for marketing or advertising purposes.
4 Data security
| Layer | Protection |
| Local database | AES-256 encryption (SQLCipher) |
| Local key storage | Windows Credential Manager (DPAPI) |
| Data in transit | TLS 1.2 or higher |
| Cloud backup storage | AES-256-GCM encryption, applied on your computer before upload |
| Cloud authentication | Supabase Auth with bcrypt password hashing |
| Session security | 15-minute idle timeout with password re-authentication |
5 Data retention
- Local data — remains on your computer for as long as you use the Software. You control it entirely.
- Cloud backups — retained for the duration of your subscription. If your subscription ends, cloud data is retained for 90 days before deletion.
- Encryption key escrow — retained as long as your pharmacy account exists in our system.
6 Your rights
You have the right to:
- Access — request a copy of the data we store about your pharmacy in the cloud
- Delete — request complete deletion of your cloud-stored data at any time
- Export — export your local database at any time via the backup feature
- Opt out — discontinue cloud backup features by contacting support. Note: System Manager login and subscription validation require an internet connection; clinical staff (pharmacists, technicians, interns) can log in and work offline.
To exercise any of these rights, contact us at [email protected].
7 Data breach notification
In the event of a data breach affecting your information, we will notify affected pharmacies within 72 hours of discovery, in accordance with applicable state breach notification laws.
8 Changes to this notice
We may update this Data Privacy Notice from time to time. Material changes will be communicated through the Software's update mechanism. Your continued use of the Software after changes constitutes acceptance of the updated notice.