β Back to TrackWellPrivacy Policy
Effective April 23, 2026
TrackWell (βwe,β βus,β βourβ) is a controlled substance recordkeeping platform operated by TruePulse Systems. This Privacy Policy explains what information we collect from the clinics that use TrackWell, how we store and protect it, and who can access it. By using TrackWell you agree to the practices described here.
What We Collect
Clinic & staff information
- Clinic name, DEA registration number, address, phone number, and configured timezone
- Staff accounts: name, email address, hashed password, role (Admin / Provider / Staff / Viewer), last login timestamp
- DEA-licensed provider records: full name, DEA number, and optional NPI number
- Supplier and drug catalog entries maintained by the clinic
Controlled substance records
- Every shipment received (drug, supplier, lot number, expiration date, quantity, invoice metadata)
- Every vial tracked through its lifecycle (received β opened β depleted / exhausted / transferred / voided), including staff initials and timestamps
- Injection, dispense, waste, and destruction events with dose, provider snapshot, and staff / witness initials
- Daily opening and closing counts, reconciliations, biennial inventory counts
- Inter-clinic vial transfers with seller / buyer provider details
- Uploaded invoice PDFs, DEA Form 41 PDFs, and photo or video evidence attached to waste or destruction events
- Correction notes and an append-only audit log of every system action
Limited patient identifiers
To satisfy DEA recordkeeping requirements under 21 CFR Part 1304, injection and dispense records include the patient's chart number (as entered by clinic staff) and optional date of birth. TrackWell does not collect full patient names, addresses, diagnoses, insurance information, or any broader medical history. The chart number is a clinic-chosen identifier β TrackWell treats it as opaque data.
TrackWell is not an Electronic Medical Record (EMR) system. It is a controlled-substance recordkeeping system. We collect the minimum patient identifiers needed to document dose, date, and the provider responsible β nothing more.
How We Store & Protect Data
- All application data is stored in a PostgreSQL database hosted on Neon, a HIPAA-eligible Postgres platform. Data is encrypted at rest and in transit (TLS 1.2+).
- Uploaded files (invoices, Form 41 PDFs, evidence photos and videos) are stored in Vercel Blob with access-scoped URLs.
- Application hosting is Vercel, which provides HIPAA-eligible infrastructure when configured under a Business Associate Agreement.
- Passwords are hashed with bcrypt. Session cookies are signed, HttpOnly, and SameSite-protected.
- Each clinic is an isolated tenant β application queries enforce clinic-level boundaries so one clinic cannot read another clinic's data.
- Automated error monitoring is provided by Sentry, configured to scrub request bodies and cookies.
Who Can Access Your Data
Access is limited to authorized staff of the clinic that owns the data. Within a clinic, TrackWell enforces role-based permissions:
- Admin β full access, can manage users, lock reconciliations, view audit trail.
- Provider β can record injections, dispenses, and waste; cannot change settings.
- Staff β can record events and receive shipments; cannot change settings.
- Viewer β read-only access.
TruePulse Systems personnel do not routinely view clinic data. Engineers may access production systems to investigate a support ticket, diagnose an outage, or respond to a security event β always with the minimum access necessary and never to use the data for any other purpose.
We Never Sell or Share Your Data
TrackWell does not sell, rent, trade, or license clinic or patient data to any third party. We do not use your data to train machine-learning models. We do not share data with advertisers or analytics brokers. We only disclose data:
- When required by valid legal process (subpoena, court order, DEA request);
- To the infrastructure providers listed above (Neon, Vercel, Sentry), who act as data subprocessors bound by contract;
- When a clinic explicitly exports its own data (CSV, PDF, or ZIP archive) through the product.
Breach Notification
If we become aware of an unauthorized access, disclosure, or loss of data affecting your clinic, we will notify the clinic's primary administrator and any other contact you have designated within 60 days of discovery. Notice will include, to the extent known, the nature of the breach, the data affected, the steps we have taken in response, and our recommended steps for your clinic.
Data Retention & Deletion
- While your clinic is an active subscriber, we retain all records indefinitely so you meet DEA retention requirements (a minimum of 2 years).
- Before cancellation takes effect, you can export the full archive of your records from Settings β Data Export. We encourage you to download this archive as a local backup.
- If you cancel your subscription, we retain your data for 60 days in case of reactivation. After that, all clinic, staff, and event records are permanently deleted from our databases, and uploaded files are purged from storage.
- You may request immediate deletion at any time by emailing the address below.
- Append-only audit logs required for ongoing DEA investigations may be retained beyond deletion to the extent required by law.
Changes to This Policy
We may update this Privacy Policy as TrackWell evolves or as legal requirements change. The βEffectiveβ date at the top of this page reflects the most recent version. Material changes will be announced in-app and via email to the clinic administrator at least 30 days before taking effect.
Contact
Questions about this policy, requests for data export or deletion, and breach or security concerns should be directed to:
Laci Clement β TruePulse Systems
Email: laci@truepulseai.com
Web: trackwellrx.com