Privacy
What we collect
- Your sign-in email address, supplied by Cloudflare Access when you authenticate.
- The daily Vexall reports emailed to
dmr@pharma.qberi.comby your pharmacy POS — turnover, dispensary metrics, debtor aging, cash-up reconciliation, etc. - Lightweight server logs (request paths, status codes, timestamps) for diagnosing issues. No browser cookies beyond the Cloudflare Access session cookie.
Where it's stored
All data is stored in AWS eu-west-1 (Ireland). Source emails land in S3; parsed metrics go into a private RDS Postgres instance. The database is only reachable from the application Lambdas inside a private VPC — there is no public ingress.
Who can see it
Only the email addresses on the Cloudflare Access allowlist can sign in. Within the dashboard, an account administrator further controls which pharmacies each user can see. Qberi engineering staff have ops access to the underlying systems for support and diagnostics.
Retention
Trading data is retained indefinitely while the account is active, so that historical comparisons (FY, MTD, trailing averages) work. On account termination we will purge identifiable data within 90 days.
Sharing
We don't share or sell your data to third parties. Qberi uses only Cloudflare (auth + edge) and AWS (storage + compute) as sub-processors; both are bound by their own privacy commitments.
Your rights
You can ask us to export, correct or delete data we hold about you or your pharmacy group at any time. Email jacob@dupless.com and we'll action it within 14 days.
Changes
We'll update this page as the product matures. The "last updated" date at the top will reflect the most recent material change.
Pharma