Data Processing Agreement

1. Purpose

This Data Processing Agreement (“DPA”) forms part of the agreement between AutoRx Solutions Inc. (“AutoRx”, “Processor”) and the customer (“Controller”) using the AutoRx platform to automate prescription-related workflows.

2. Roles

• Controller determines the purposes and means of processing personal information and personal health information submitted through integrations and the AutoRx dashboard.
• Processor processes such data only on documented instructions from the Controller and as described in the applicable service agreement and this DPA.

3. Processing activities

Processing may include ingestion, parsing, validation, logging, storage, and transmission of data required to deliver automated Kroll entry, prescriber verification, operator review queues, and webhook notifications.

4. Subprocessors

AutoRx uses subprocessors as listed in the Subprocessors page. The Controller authorizes use of existing subprocessors and will be notified of material changes as described in your agreement.

5. Security

AutoRx implements administrative, technical, and physical measures appropriate to the sensitivity of health information, including encryption in transit, access controls, and audit logging. Further detail is available in the Trust Center and Security pages.

6. Data location

Services for Canadian customers are operated with Canadian data residency commitments as described in your order form and trust materials.

7. Contact

For DPA questions, contact your AutoRx account team or use the form on Contact.