PharmaLineAI
Book pilot

Legal

Privacy policy

This policy explains the data PharmaLineAI may process when providing AI call handling, service booking and pharmacy workflow software.

Last updated: 14 June 2026

This policy is a working template for transparency and pilot planning. It is not legal advice and should be reviewed by a qualified professional before live patient data is processed.

Who we are

PharmaLineAI provides AI-assisted call handling and workflow tools for community pharmacies. In this policy, "we" means PharmaLineAI; "you" means the pharmacy organisation or user of the service.

Information we process

  • Account details such as user name, email address, authentication events and passkey or connected-account metadata.
  • Pharmacy organisation details such as name, address, ODS code, opening notes, transfer number and service settings.
  • Patient records entered by the pharmacy, including name, date of birth, contact details, postcode, NHS number where used, notes and related prescription or booking records.
  • Call data such as caller number, call intent, outcome, transcript or summary, identity-verification result, duration and handoff information.
  • Audit records for significant access and changes, including patient-data reads, booking mutations and agent actions.

How we use information

  • To provide the service, including answering routine calls, verifying identity, reading back allowed prescription status and creating bookings.
  • To send account, authentication, booking-confirmation or service messages by email or SMS where configured.
  • To secure the service, prevent misuse, troubleshoot issues and maintain an audit trail.
  • To improve product reliability and understand which workflows reduce avoidable pharmacy call pressure.

Patient data and pharmacy responsibility

The pharmacy remains responsible for the patient records it enters and for having a lawful basis to use the service. PharmaLineAI is designed so patient-specific detail is not exposed on a call until the configured identity check has passed.

Processors and hosting

Live pilots should use UK/EU-region hosting and documented processors for database hosting, email/SMS, telephony, speech processing and any AI model provider. The exact processor list must be confirmed before production use.

Retention and audit

Retention periods for call recordings, transcripts, patient records and audit logs should be configured and agreed before live pilot use. Some audit entries may be retained to evidence access even if a patient record is later deleted, subject to legal review and pharmacy policy.

Your rights

Depending on the role and legal basis, individuals may have rights to access, correction, deletion, restriction or objection. Requests should be routed through the relevant pharmacy organisation and handled according to their data-protection process.

Contact

Questions about this policy can be sent to info@connextar.com.