How RxManager protects what you put in it.

Foundation runs on plan-context you enter yourself: PBM, broker or advisor, funding model, renewal timing, headcount band, and the open questions you are tracking. For an Audit or Optimize engagement, you may also provide your PBM contract and a claims extract through a secure channel so a reviewer can read them against the public record.

RxManager is built around plan-level and contract-level information, not patient records. Please do not upload protected health information (PHI) such as member names, member IDs, dates of birth, or diagnoses. Claims extracts should be provided at the plan/aggregate level or de-identified. If your workflow needs a Business Associate Agreement (BAA), contact us before sending anything and we will tell you honestly whether we can accommodate it yet.

Data is encrypted in transit (TLS) and at rest with our cloud infrastructure providers. Uploaded documents are stored only to support your review and are not made public.

Inside your organization, only the people you invite to your workspace can see your plan context and review work. Inside our company, access is limited to the staff who need it to support your engagement or operate the service. We do not share your plan data with PBMs, brokers, benefits advisors, or other partners, and we do not sell your information.

We do not use your plan context, contracts, or claims data to train AI models. Where the product uses AI to help organize or explain information, your data is used only to produce your own results, not to improve a shared model.

Audit and Optimize reviews are performed by an independent pharmacy-benefit professional. The findings are theirs to stand behind; RxManager organizes the inputs and the record, and final decisions always remain with you.

You can update your plan context at any time. If you want a copy of your account information, or want your documents or account deleted, contact us and we will act on the request and confirm when it is done.

To be straight with you: RxManager is early access and is not SOC 2 certified today. Formal certification is on our roadmap. We would rather tell you exactly where we stand than imply a posture we have not earned. If your procurement process requires specific attestations, reach out and we will share our current status and timeline.