Script UnlockScriptUnlock™
    HomeHow It WorksPet OwnersPricingAboutContact
    Sign InSign Up

    Notice of Privacy Practices

    This notice describes how your health information may be used and shared, and how you can access it. Please read it carefully.

    Effective Date: April 2026  |  Version 1.0

    Quick Summary (Plain Language)

    When you use Script Unlock to find better prices on your prescriptions, we handle some of your health information. Here's what you need to know:

    • → We protect your data with bank-level encryption and strict access controls.
    • → Pharmacies only see what they need — they see your medication category to make a bid, but not your name or personal details until you choose them.
    • → We never sell your health information. Ever.
    • → You have rights — you can see your data, get a copy, ask for corrections, and request restrictions.
    • → This notice is required by law (HIPAA) and explains everything in detail below.

    1. Who We Are

    Script Unlock is a prescription marketplace that helps you compare prices from licensed pharmacies. Under federal health privacy law (HIPAA), we act as a Business Associate — meaning we handle health information on behalf of the pharmacies that serve you, and we're legally required to protect it.

    This Notice of Privacy Practices ("Notice") applies to all health information we create, receive, maintain, or transmit through our platform, including our website, mobile app, and any communications with our support team.

    2. Your Health Information — What We Collect

    When you use Script Unlock, we may collect and handle the following types of health information (called "Protected Health Information" or "PHI"):

    Prescription details

    Medication name, dosage, quantity, and prescribing doctor

    Prescription images

    Photos you upload of your prescriptions

    Contact information

    Name, email, phone number, and delivery address

    Payment information

    Billing details (card numbers are never stored — processed securely by Stripe)

    Order history

    Which medications you ordered, from which pharmacy, and delivery status

    Health-related identifiers

    Information that links you to your health data, such as your account ID

    3. How We Use and Share Your Health Information

    HIPAA allows us to use and share your health information in the following ways without your written permission:

    For Treatment

    We share your prescription information with the pharmacy you select so they can fill and deliver your medication. Before you choose a pharmacy, we share only the medication category — not your name, doctor, or prescription image — so pharmacies can offer prices.

    For Payment

    We use your information to process payments between you and the pharmacy. This includes sharing order details with our payment processor (Stripe) and the fulfilling pharmacy. Your credit card number is never stored on our servers.

    For Healthcare Operations

    We use health information to operate our platform, including quality assurance, customer support, verifying pharmacy licenses, investigating complaints, and improving our services. When possible, we use de-identified or aggregated data.

    As Required by Law

    We may disclose your information when required by federal, state, or local law, including responses to court orders, subpoenas, or government investigations. We will notify you when legally permitted to do so.

    To Prevent Serious Harm

    We may share information to prevent or lessen a serious and imminent threat to your health or safety, or the health or safety of others.

    Public Health & Safety

    We may share information for public health activities, such as preventing disease, reporting adverse reactions to medications, or notifying someone exposed to a communicable disease — as permitted or required by law.

    Health Oversight

    We may share information with government agencies for activities authorized by law, such as audits, investigations, inspections, and licensure actions.

    4. Uses That Require Your Written Permission

    We will never use or share your health information for the following purposes without your explicit, written authorization:

    Requires Authorization

    Marketing or advertising (we will never sell your information to marketers)

    Requires Authorization

    Selling your health information to anyone, for any reason

    Requires Authorization

    Sharing psychotherapy notes (we do not collect these)

    Requires Authorization

    Using your information for purposes not described in this Notice

    Requires Authorization

    Sharing with your employer for employment decisions

    Requires Authorization

    Research purposes, unless the data is fully de-identified

    If you give us written authorization, you may revoke it at any time by submitting a request through your account settings or contacting our Privacy Officer. Revoking authorization won't affect information we already shared based on your earlier permission.

    5. Your Rights

    Federal law gives you important rights over your health information. You can exercise these rights at any time:

    Right to See and Get a Copy

    You can ask to see or get a copy of your health information. We will provide it within 30 days, in the electronic format you request (if we can reasonably produce it). We may charge a reasonable fee for copies.

    How

    Log into your account and visit Settings → My Data, or submit a request at /data-rights.

    Right to Request Corrections

    If you believe your health information is incorrect or incomplete, you can ask us to correct it. We will respond within 60 days. If we deny your request, we will explain why in writing and you may file a statement of disagreement.

    How

    Contact our Privacy Officer with the specific information you want corrected.

    Right to Request Restrictions

    You can ask us to limit how we use or share your health information for treatment, payment, or operations. We are not required to agree to your request, but if we do, we will honor it — except in emergencies.

    How

    Submit a restriction request through /data-rights or contact our Privacy Officer.

    Right to Request Confidential Communications

    You can ask us to contact you in a specific way or at a specific location. For example, you can ask us to send information only to your email and not by text message. We will accommodate reasonable requests.

    How

    Update your communication preferences in Account Settings.

    Right to an Accounting of Disclosures

    You can request a list of times we shared your health information outside of treatment, payment, and operations for the past six years. We will provide one free accounting per year.

    How

    Submit a request at /data-rights or contact our Privacy Officer.

    Right to a Paper Copy of This Notice

    You can ask for a paper copy of this Notice at any time, even if you agreed to receive it electronically.

    How

    Contact our Privacy Officer and we will mail a copy to your address on file.

    Right to Be Notified of a Breach

    If a breach of your unsecured health information occurs, we will notify you without unreasonable delay and no later than 60 days after discovery, as required by HIPAA.

    How

    Notifications are sent automatically via the contact method on your account.

    6. How We Protect Your Information

    We take the security of your health information seriously. Here's how we keep it safe:

    Encryption

    All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Your information is unreadable even if intercepted.

    Access Controls

    Staff and pharmacies can only see the minimum information needed for their specific role. We enforce this at the database level.

    Audit Logging

    Every access to your health information is recorded — who viewed it, when, and why. These logs are tamper-proof.

    Automatic Session Timeout

    Your session locks automatically after a period of inactivity to prevent unauthorized access on shared devices.

    Anomaly Detection

    Our systems monitor for unusual access patterns and automatically flag or block suspicious activity.

    Regular Security Testing

    We conduct regular penetration testing and security audits to identify and fix vulnerabilities before they can be exploited.

    7. Our Duties

    We are required by law to:

    • Maintain the privacy and security of your protected health information.
    • Provide you with this Notice of our legal duties and privacy practices.
    • Follow the terms of the Notice currently in effect.
    • Notify you if a breach of your unsecured health information occurs.
    • Not use or share your information other than as described in this Notice without your written authorization.

    8. Changes to This Notice

    We may change this Notice at any time. Changes will apply to all information we already have about you, as well as any information we receive in the future. The updated Notice will be:

    • → Posted on our website with a new effective date
    • → Available in your account dashboard
    • → Sent to you by email if the changes are material

    9. Complaints

    If you believe your privacy rights have been violated, you have the right to file a complaint. You will not be penalized or retaliated against for filing a complaint.

    Complain to Us

    Contact our Privacy Officer using the information below. We will investigate and respond within 30 days.

    Complain to the U.S. Department of Health & Human Services

    You can also file a complaint with the Secretary of HHS if you believe we have violated your rights.

    Office for Civil Rights, U.S. Department of Health and Human Services

    200 Independence Avenue, S.W., Washington, D.C. 20201

    Toll-free: 1-877-696-6775

    Website: www.hhs.gov/ocr/privacy/hipaa/complaints/

    10. Contact Our Privacy Officer

    If you have questions about this Notice, want to exercise any of your rights, or need to file a complaint, please contact:

    Script Unlock Privacy Officer

    privacy@scriptunlock.com

    Available via Contact Page

    Submit a formal request at /data-rights

    11. Special Situations

    Minors

    If you are under 18 and use our platform with parental consent, your parent or guardian may exercise privacy rights on your behalf. State laws may provide additional protections for minor health records, and we comply with all applicable state requirements.

    Deceased Individuals

    We will protect the health information of deceased individuals for 50 years following death, as required by HIPAA. Personal representatives of the deceased may exercise privacy rights on behalf of the estate.

    Personal Representatives

    If someone has legal authority to make healthcare decisions for you (such as a power of attorney for healthcare), we will treat that person as if they were you for purposes of this Notice — unless we reasonably believe doing so would endanger you.

    Pet Prescriptions

    Veterinary prescriptions are not subject to HIPAA. However, we apply the same strong security and privacy protections to all information on our platform, including pet medication data, as a matter of best practice.

    12. Additional State & International Rights

    Depending on where you live, you may have additional privacy rights beyond HIPAA:

    California (CCPA/CMIA)

    Right to know, delete, and opt-out of sale. We never sell health data. Additional protections under CMIA for medical information.

    New York

    Extended record retention. Additional protections for HIV-related information and mental health records.

    Texas (THPA)

    Stricter consent requirements. Electronic health records covered by additional Texas state rules.

    Illinois

    Biometric Information Privacy Act (BIPA) protections. Extended retention periods for health records.

    EU/EEA (GDPR)

    Right to data portability, right to erasure, data protection officer access. See our EU Compliance page.

    All Other States

    We comply with the most protective standard. If your state law provides greater protection than HIPAA, we follow your state law.

    Acknowledgment of Receipt

    By creating an account on Script Unlock, you acknowledge that you have been provided with this Notice of Privacy Practices and had the opportunity to review it. A copy is always available at this page and in your account settings.

    Privacy Policy•HIPAA Compliance•Exercise Your Rights•Terms & Conditions
    HIPAA Compliant
    256-bit Encryption
    State-Licensed Pharmacies
    View EU Compliance →
    Script UnlockScriptUnlock™

    Unlock savings on prescriptions for you and your pets. Connect with verified pharmacies and get the best prices.

    support@scriptunlock.com

    For Patients & Pet Owners

    • How It Works
    • Upload Prescription
    • Patient & Pet FAQ
    • Resource Hub
    • Support

    Pet Owners

    • Pet Medications
    • Pet Rx Savings
    • Vet Compounding
    • Vet vs Pharmacy
    • Horse Meds

    For Pharmacies

    • Benefits
    • Join As Pharmacy
    • Pricing Plans
    • Pharmacy FAQ
    • Pharmacy Hub

    Resources

    • TrumpRx Drug Pricing
    • GLP-1 Medications
    • Cash Pay Guide
    • Medication Prices
    • Pharmacies by City

    Legal

    • Terms of Service
    • Privacy Policy
    • Compliance Center
    • EU Compliance
    • Your Privacy Rights
    • Security
    • Licensing Info
    • Pharmacy Verification
    • Press

    Popular Medications

    • Ozempic Pricing
    • Wegovy Cost
    • Mounjaro Prices
    • Metformin

    Cost Guides

    • TrumpRx Policies
    • Semaglutide Cost
    • Tirzepatide Cost
    • No Insurance

    By Condition

    • Type 2 Diabetes
    • Obesity
    • Blood Pressure
    • Depression

    Major Cities

    • New York
    • Los Angeles
    • Houston
    • Miami

    Drug Classes

    • GLP-1 Agonists
    • Statins
    • SSRIs
    • ACE Inhibitors

    Trust & Safety

    • Data Privacy
    • Upload Security
    • HIPAA Info

    Script Unlock is a prescription price comparison marketplace, not a healthcare provider. We do not diagnose conditions, recommend treatments, prescribe medications, or provide medical advice. All healthcare decisions should be made in consultation with your doctor or pharmacist. Pharmacy services are provided by independently licensed pharmacies. Script Unlock is NOT insurance.

    © 2026 Script Unlock LLC. All rights reserved.

    Privacy Policy•Terms of Service•Sitemap•Contact