This Privacy Policy explains how Routly ("Routly", "we", "us") collects, uses and protects information when a pharmacy ("you", "your pharmacy") uses our staff dashboard and driver app, and when visitors use this website.
Routly is a product of PharmGrowth. For data protection purposes, the data controller for your pharmacy's account information is PharmGrowth, trading as Routly. You can contact us at support@pharmgrowth.co.
When your pharmacy signs up to Routly, we collect your business details (pharmacy name, contact details, billing information) as the data controller — we decide how and why this information is used, mainly to operate your account and bill you correctly.
When your staff add patient details, delivery addresses, delivery instructions, or controlled drug signatures into Routly, your pharmacy remains the data controller for that patient information. Routly acts only as a data processor, storing and processing it strictly on your instructions and for the purpose of helping you manage deliveries. Your pharmacy is responsible for having a lawful basis to hold and process this information under UK GDPR, and for handling any patient requests relating to their own data (we'll help where we can — see Section 7).
We do not sell your data, your patients' data, or your drivers' data to anyone, and we do not use it for advertising.
We use a small number of trusted infrastructure providers to run Routly, each acting as a sub-processor under contract:
We do not share patient or delivery data with any other third party, except where required by law.
Your pharmacy's account data and all patient and delivery data are stored on UK-region infrastructure: our database (Supabase) and backend application servers (Railway) are both configured to the UK region, so this information does not leave the UK in the ordinary course of providing the service.
Two of our providers are global services that don't offer UK-only processing in the same way: Stripe (for payment processing — billing data only, never patient data) and Google Maps Platform (for geocoding and live mapping — used transiently to plot addresses and routes, not stored as part of a patient's record). Where these providers process data outside the UK, we rely on providers who maintain appropriate safeguards, such as the UK International Data Transfer Addendum or equivalent Standard Contractual Clauses.
Under UK GDPR, you have the right to access, correct, delete, restrict, or export the information we hold about you, and to object to certain processing. If your pharmacy needs to action a request from one of your own patients, please raise it through your account first — most patient data can be edited, exported or deleted directly within the dashboard. For anything we need to assist with, email support@pharmgrowth.co and we'll respond within 30 days.
We retain your account and delivery data for as long as your subscription is active, plus a reasonable period afterwards for accounting and legal purposes. See our Cancellation Policy for what happens to your data after you cancel.
We use industry-standard measures to protect your data, including encrypted connections (HTTPS) across the platform, row-level security on our database so pharmacies can only ever see their own data, and role-based access for staff and drivers.
This website and the Routly platform use only essential cookies needed to keep you signed in. See our Cookie Policy for details.
We may update this policy from time to time. We'll update the "Last updated" date above when we do, and notify you directly if a change materially affects how we handle your data.
Questions about this policy or your data? Email support@pharmgrowth.co.