PRIVACY AND REGULATORY FOCUS

Centering compliance
and responsibility

PharmaForceIQ is deeply committed to compliance, privacy, and corporate responsibility. In addition to national legal requirements, we set high internal standards and regularly conduct audits internally and through outside auditors to ensure compliance with a stringent set of healthcare, advertising, data security, and other industry standards.

ISO 27001

Audited systems are in place to ensure data confidentiality and integrity.

NAI

We invest in strong privacy practices based on industry standards set by the NAI.

SOC2

We regularly audit our security, processing, confidentiality, and privacy controls.

Data you can trust.
Compliance you can count on.

At PharmaForceIQ, data integrity isn’t just a compliance checkbox—it’s the foundation of everything we build. Transparency and integrity are two of our core company values, and that commitment to acting with integrity and providing full visibility extends across all our work and interactions.

In life sciences, where accuracy and accountability directly impact human health, we go beyond the standard. Our platform is designed to protect every data point with precision, which is foundational to build strong, trusting relationships with our clients. We do not use client data within our platform–we use first-party data through our integration partners. Ensuring the privacy and security of sensitive health information is our highest priority.

We and our vendor partners are fully compliant with relevant state and national industry regulations (HIPAA, CCPA, etc.) and standard frameworks including those set by NAI, the Digital Advertising Alliance, the American Institute of CPAs, and others.

Your Trust, Our Commitment

Have security questions?
Need documentation for procurement or compliance review?

Security FAQs

Is PharmaForceIQ HIPAA compliant?

Yes. PharmaForceIQ is fully HIPAA compliant, and all relevant systems are configured to support HIPAA-mandated security and privacy controls. We never store any patient Personally Identifiable Information (PIl) or protected health information (PHI) in the platform, and we only work with accredited data partners that maintain strict HIPAA and HITECH compliance.

What security certifications do you have?

We have secured SOC 2 Type II and ISO 27001 certifications, and we follow industry best practices in security monitoring, access control, and incident response. Additional certifications may be in progress—please contact us for documentation or timelines.

Is my data sold or shared with third parties?

No, user data is never resold or shared with subprocessors. Users may be given the opportunity to share their first-party data with a campaign sponsor and would complete a clear opt-in in order to do so.

How do you comply with NAI, DAA, and other advertising privacy frameworks?

We never store PII alongside De-Identified Information (DIl) except with first party opt-in consent and as publicly stated in our privacy policy. User data is not collected by the platform except as a result of ad serving and media buying activity. In addition, we include AdChoices icons and opt-out mechanisms on all banner creatives served through the platform. We also maintain opt-in consent whenever storing PII on an individual.

Are you compliant with the California Consumer Privacy Act?

CCPA provides California residents with specific rights related to their data, and we implement strict auditing processes to safeguard data and comply with national and state-level regulations including CCPA. We maintain a full Individual Rights Manager application to support any Data Subject Access Request and process opt-outs or data deletions.

Centering compliance and responsibility