Your prescriptions, personal information, and care history are protected end-to-end.
Medway complies with Pakistan's health data standards and global privacy best practices. We keep your orders confidential, never sell patient information, and apply strong encryption across every layer of our platform.
Data protection by design
Customer profiles, order history, and prescription records sit behind zero-trust access controls and encrypted databases.
End-to-end encryption
Personal information and payment metadata are encrypted at rest (AES-256) and in transit (TLS 1.2+) across every Medway system.
Strict confidentiality
We never share prescription details, order data, or health insights with advertisers or external parties without explicit consent.
How we secure the Medway experience
Every system—from prescription uploads to WhatsApp updates—uses layered controls to keep your health journey private and tamper-proof.
Granular access controls
Only licensed pharmacists and vetted care agents can access protected health information, and every lookup has an auditable trail.
Secure authentication
Multi-factor authentication protects staff dashboards while customers can enable one-tap OTP verification for added account safety.
Data minimisation
We collect the minimum information required to dispense orders, process payments, and deliver care, deleting redundant data on schedule.
Verified communications
Notifications and prescriptions remain in encrypted channels. We never request sensitive information over unsecured email or SMS.
What we use your information for
Order fulfilment & prescription handling
Your delivery details, medicine list, and prescription images stay within Medway’s pharmacy operations team. We will not share them with courier partners beyond what is legally required for handover verification.
Payment processing
We work with PCI-DSS compliant payment providers. Your card numbers are tokenised; Medway systems never store raw payment credentials.
Account personalisation
Preferences such as dosage reminders or saved addresses help us tailor a safer experience. You can edit or delete these anytime inside Account Settings.
Your privacy rights
Access & portability
Request a copy of your stored data, including order history and prescriptions, via medwayofficials@gmail.com. We prepare encrypted exports within 7 business days.
Correction & deletion
Update inaccurate information or ask us to remove optional data points. Statutory medical records remain as mandated by local regulations.
Incident response
In the unlikely event of a breach, affected users receive alerts within 48 hours with recommended protective steps and remediation updates.
Consent management
Control marketing preferences, caregiver access, and data-sharing consents from the privacy centre in your dashboard.
Have questions about your data?
Reach out to our Data Protection Officer anytime. We respond to privacy queries, rights requests, and compliance audits within legally mandated timelines.
Retention standards
Electronic medical records stay encrypted for seven years—or longer if required for chronic care continuity—after which they are purged via certified destruction protocols. Courier logs and analytics retain only anonymised identifiers.
We regularly test our disaster recovery plan to ensure your data remains safe even in the face of system failures or natural disruptions.