Compliance Center

World-leading regulatory compliance for healthcare data protection

HIPAAGDPRCCPASOC 2PCI-DSSFTC

Our Compliance Philosophy

Script Unlock maintains a "Compliance by Design" approach where regulatory requirements are built into the architecture, not bolted on afterward. Our platform implements:

Security by Design

Unsafe behavior is structurally impossible

Privacy by Default

Minimum necessary data collection

Transparency First

Clear, honest communication about data practices

Regulatory Frameworks

Compliant

HIPAA

Health Insurance Portability and Accountability Act

Full compliance with Privacy, Security, and Breach Notification Rules

Business Associate Agreements with all partners
Administrative, Physical, and Technical safeguards
Designated Security and Privacy Officers
Annual risk assessments and workforce training

Compliant

GDPR

General Data Protection Regulation (EU/UK)

Full compliance with EU and UK data protection requirements

Data Protection Officer appointed
Lawful basis documentation for all processing
Data Protection Impact Assessments (DPIA)
Standard Contractual Clauses for international transfers

Compliant

CCPA/CPRA

California Consumer Privacy Act / Privacy Rights Act

Full compliance with California privacy regulations

"Do Not Sell or Share" link implemented
Consumer rights request processing within 45 days
Annual cybersecurity audits for high-risk processing
Employee and B2B data protections

In Progress

SOC 2 Type II

Service Organization Control 2

Trust service criteria for security, availability, and confidentiality

Annual third-party audits
Continuous monitoring controls
Documented policies and procedures
Evidence collection automation

Compliant

PCI-DSS

Payment Card Industry Data Security Standard

Payment processing through certified service providers

No direct handling of payment card data
PCI-compliant payment processor integration
Secure token-based transactions
Quarterly security scans

Compliant

State Privacy Laws

US State-Specific Privacy Regulations

Compliance with all active state privacy laws

Virginia VCDPA
Colorado CPA
Connecticut CTDPA
Utah UCPA

Data Protection Controls

Certifications & Documentation

Certifications

HIPAA Compliant

Internal Assessment

2026

SOC 2 Type II

Third-Party Auditor

In Progress

PCI-DSS

QSA Certified

2026

GDPR Compliant

DPO Certification

2026

Documentation

Terms & Conditions Privacy Policy Security Framework Pharmacy Terms Acceptable Use Policy

Compliance Inquiries

For compliance-related questions, audit requests, or to report concerns

Legal Team

legal@scriptunlock.com

Privacy Team

privacy@scriptunlock.com

DPO (EU/UK)

dpo@scriptunlock.com

Response time: Within 2 business days for compliance inquiries

Regulatory Frameworks

Compliant

HIPAA

Health Insurance Portability and Accountability Act

Full compliance with Privacy, Security, and Breach Notification Rules

Business Associate Agreements with all partners
Administrative, Physical, and Technical safeguards
Designated Security and Privacy Officers
Annual risk assessments and workforce training

Compliant

GDPR

General Data Protection Regulation (EU/UK)

Full compliance with EU and UK data protection requirements

Data Protection Officer appointed
Lawful basis documentation for all processing
Data Protection Impact Assessments (DPIA)
Standard Contractual Clauses for international transfers

Compliant

CCPA/CPRA

California Consumer Privacy Act / Privacy Rights Act

Full compliance with California privacy regulations

"Do Not Sell or Share" link implemented
Consumer rights request processing within 45 days
Annual cybersecurity audits for high-risk processing
Employee and B2B data protections

In Progress

SOC 2 Type II

Service Organization Control 2

Trust service criteria for security, availability, and confidentiality

Annual third-party audits
Continuous monitoring controls
Documented policies and procedures
Evidence collection automation

Compliant

PCI-DSS

Payment Card Industry Data Security Standard

Payment processing through certified service providers

No direct handling of payment card data
PCI-compliant payment processor integration
Secure token-based transactions
Quarterly security scans

Compliant

State Privacy Laws

US State-Specific Privacy Regulations

Compliance with all active state privacy laws

Virginia VCDPA
Colorado CPA
Connecticut CTDPA
Utah UCPA

Compliance Center

Our Compliance Philosophy

Regulatory Frameworks

HIPAA

GDPR

CCPA/CPRA

SOC 2 Type II

PCI-DSS

State Privacy Laws

Data Protection Controls

Encryption Standards

Access Controls

Audit & Monitoring

Data Retention & Deletion

Certifications & Documentation

Certifications

Documentation

Compliance Inquiries

Compliance Center

Our Compliance Philosophy

Regulatory Frameworks

HIPAA

GDPR

CCPA/CPRA

SOC 2 Type II

PCI-DSS

State Privacy Laws

Data Protection Controls

Encryption Standards

Access Controls

Audit & Monitoring

Data Retention & Deletion

Certifications & Documentation

Certifications

Documentation

Compliance Inquiries