Third-party data processors that help us deliver Pharmacy HQ.
This is the authoritative list. Where the Terms of Service or Privacy Policy reference sub-processors generally, they defer to this page. We update this page whenever a sub-processor is added, removed, or changes its role.
Pharmacy HQ is operated by Pharmacy HQ Pty Ltd (ACN 698 203 164 · ABN 86 698 203 164), with registered office C/- Perrier Ryan Business Advisors, Level 1, 30 Lisburn Street, East Brisbane QLD 4169 (hello@pharmacyhq.com.au). To deliver the service we rely on the third-party data processors listed below. Each provides a specific infrastructure or processing capability that Pharmacy HQ itself does not run in-house.
These process data for every Pharmacy HQ pharmacy.
| Provider | Role | Purpose / data handled |
|---|---|---|
| Google Cloud (Firebase) United States · global presence |
Hosting, authentication, database, file storage, Cloud Functions, scheduled jobs | All operational data (tasks, patients, deliveries, orders, staff records, audit logs). Live data sits in the Realtime Database; file uploads (slips, certificates, photos) sit in Firebase Storage. Auth handles staff sign-in + MFA. |
| Stripe, Inc. United States · global presence |
Subscription billing + payment processing | Customer billing email, payment method, subscription state, invoice history. Stripe is the source of truth for which tier each pharmacy is on; we mirror only the non-sensitive subscription state into Pharmacy HQ. |
| Resend United States (with Tokyo region) |
Transactional email delivery | Welcome emails, password resets, trial expiry warnings, invitation emails, claim-nag reminders. Domain pharmacyhq.com.au is verified in Resend. |
| Cloudflare, Inc. United States · global edge |
DNS, Email Routing, Workers | DNS hosting for pharmacyhq.com.au. Email Routing receives inbound automated reports (fridge temperature logs from Clever Logger, dead-stock wholesaler emails). The Worker parses these and forwards to our Cloud Functions for ingestion. |
| Anthropic PBC United States |
AI assistant (Claude API) | Powers the in-app AI surfaces (Help Chat, Policy Chat, Workflow Chat) + the Pre-Check Webster pack image-analysis. Prompts and contextual data are sent on each request; Anthropic does not store or use these for model training under their commercial terms. Pharmacy owners can disable in Pharmacy Settings → AI Chat. |
| Twilio Inc. United States · global |
SMS sending + receiving | Outbound SMS to patients (delivery / collection notifications, holiday-hours cohort SMS, sick-call notifications), inbound SMS replies (auto-handled STOP, manual replies). Each SMS includes the recipient phone number + message body in the Twilio request. |
These process data only when a pharmacy explicitly enables the relevant integration. If your pharmacy hasn't enabled the integration, none of your data flows to that provider.
| Provider | Trigger | Purpose / data handled |
|---|---|---|
| Pharmacy Programs Administrator (PPA) Per-claim Australia |
8CPA claim submission | When you submit a MedsCheck, NIPVIP, CVCP, DAA, or Staged Supply claim via Pharmacy HQ, patient identifiers (name, DOB, Medicare/DVA), vaccine batch/lot data, and the service particulars are sent to PPA under your existing Service Provider Agreement. Pharmacy HQ is a technical conduit; the data relationship is between you and PPA. |
| Xero When connected New Zealand |
Payroll integration | When you connect Xero via OAuth (Pharmacy Settings → Integrations → Xero), approved timesheet data + staff identity fields are pushed to Xero on demand. Pharmacy HQ does not pull data from Xero. Disconnect at any time in Pharmacy Settings. |
| Google Maps Platform When enabled United States · global |
Geocoding + route optimisation | When you enable Deliveries route optimisation (Pharmacy Settings → Integrations → Google Maps), delivery addresses are geocoded via Google's Geocoding API + routed via the Directions API. Address strings are sent; no patient names. Per-pharmacy opt-in + monthly call budget. |
| Google My Business API When connected United States · global |
Trading-hours sync | If you connect your Google Business Profile (Pharmacy Settings → Integrations → GMB), Pharmacy HQ pushes public-holiday hours updates to GMB on your behalf. Read-write OAuth scope. |
Under the Australian Privacy Act, we are required to disclose where personal information crosses national borders. The tables above identify the primary jurisdiction of each sub-processor. Where a US-based sub-processor has Australian or regional infrastructure (Google Cloud, Cloudflare, Twilio), processing may occur in those regions; data still crosses into US-controlled infrastructure for replication, billing, or support purposes.
We do not transfer personal information to any sub-processor whose primary jurisdiction is the United Kingdom, the European Union, or jurisdictions without an adequate-protection finding under Australian privacy law, except to the extent the US-based providers above maintain edge infrastructure in those regions for performance reasons.
Material changes to this list (adding a new always-on sub-processor, or expanding the data category a current sub-processor handles) are announced via the in-app "What's new" view and reflected here. The "Last updated" date at the top of this page changes on each edit.
Banner-group customers and pharmacies with a signed Data Processing Agreement may request 30 days' advance notice on material changes; the standard subscriber tier does not include this commitment.
Terms of Service · Privacy Policy
This is the canonical sub-processor list. Where Terms or Privacy reference sub-processors generally, they defer to this page.