Privacy Policy

CRAVE Compliance LLC ("CRAVE," "we," "us," or "our") operates the website at cravecompliance.com and the CRAVE Compliance platform (collectively, the "Service"). This Privacy Policy explains what personal information we collect, how we use it, and your rights regarding that information.

By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

1. Information We Collect

Information You Provide Directly

We collect information you give us when you:

• Create an account or request a demo — name, email address, phone number, job title, and pharmacy or organization name.
• Subscribe to the platform — billing name, billing address, and payment card details (processed by our third-party payment processor; we do not store full card numbers).
• Use the platform — compliance workflow data, attestation records, policy documents, training records, and other quality management content you upload or create within the Service.
• Contact us — messages, support requests, and any information you include in correspondence.

Information Collected Automatically

When you visit our website or use the platform, we automatically collect certain technical information, including:

• IP address and approximate geographic location (city/state level)
• Browser type, operating system, and device identifiers
• Pages visited, time spent, links clicked, and referral URLs
• Cookie identifiers and similar tracking data (see Section 4)

Information from Third Parties

We may receive limited information from third-party services you connect to your account, or from analytics and enrichment providers, consistent with their privacy policies.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Create and manage your account and subscription
• Process payments and send billing communications
• Send product updates, security notices, and support responses
• Send promotional communications about CRAVE (you may opt out at any time)
• Analyze usage trends to improve platform performance and user experience
• Detect, investigate, and prevent fraudulent or unauthorized activity
• Comply with applicable laws and legal obligations

We do not sell your personal information or use it to train artificial intelligence models without your explicit consent.

3. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

Service Providers

We share information with trusted vendors who help us operate the Service — including payment processors, cloud hosting providers, email delivery services, and analytics tools. These providers are contractually required to use your information only as necessary to provide services to us and to protect it appropriately.

Business Transfers

If CRAVE Compliance LLC is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your personal information is transferred and becomes subject to a different privacy policy.

Legal Requirements

We may disclose your information if required to do so by law, subpoena, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of CRAVE, our users, or the public.

With Your Consent

We may share your information for any other purpose with your prior consent.

4. Cookies and Tracking Technologies

We use cookies and similar technologies (such as pixel tags and web beacons) to operate and improve the Service. These include:

• Essential cookies — required for the platform to function (e.g., session authentication).
• Analytics cookies — help us understand how visitors use the site (e.g., Google Analytics). These cookies collect aggregate, anonymized data.
• Preference cookies — remember your settings and choices.

Most browsers allow you to refuse cookies or delete them after they are set. Doing so may affect some features of the Service. You may also opt out of Google Analytics data collection at tools.google.com/dlpage/gaoptout.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you close your account, we will delete or anonymize your personal information within 90 days, except where we are required to retain it for legal, regulatory, or legitimate business purposes (such as resolving disputes or complying with our legal obligations).

Compliance records and platform content you have created may be retained for a longer period if required by applicable pharmacy regulations or if you request extended retention.

6. Security

We implement commercially reasonable administrative, technical, and physical safeguards to protect your information against unauthorized access, disclosure, alteration, and destruction. These include encryption in transit (TLS), encryption at rest, access controls, and regular security reviews.

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security. If you believe your account has been compromised, please contact us immediately at privacy@cravecompliance.com.

7. HIPAA and Protected Health Information

CRAVE Compliance is a quality management system designed for compounding pharmacy operations. The platform is built to support compliance workflows and documentation — it is not designed or intended to store individually identifiable protected health information (PHI) as defined by the Health Insurance Portability and Accountability Act (HIPAA).

Customers are responsible for ensuring they do not upload PHI to the platform unless a signed Business Associate Agreement (BAA) is in place with CRAVE Compliance LLC. If your use of the Service requires a BAA, please contact us at legal@cravecompliance.com before uploading any PHI.

8. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know — You may request that we disclose the categories and specific pieces of personal information we have collected about you.
• Right to Delete — You may request that we delete personal information we have collected from you, subject to certain exceptions.
• Right to Correct — You may request that we correct inaccurate personal information we hold about you.
• Right to Opt Out of Sale/Sharing — We do not sell or share your personal information for cross-context behavioral advertising.
• Right to Non-Discrimination — We will not discriminate against you for exercising any of your CCPA rights.

To submit a request, email privacy@cravecompliance.com with the subject line "California Privacy Request." We will respond within 45 days of receiving a verifiable request.

9. Children's Privacy

The Service is intended for use by adults working in regulated pharmacy environments and is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us at privacy@cravecompliance.com and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes your acceptance of the updated policy.

We encourage you to review this policy periodically to stay informed about how we protect your information.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:

CRAVE Compliance LLC
Email: privacy@cravecompliance.com
Website: cravecompliance.com