Your Health Data, Always Protected
We built Script Unlock with your privacy as the foundation—not an afterthought. Here's exactly how we protect your prescription data.
How We Protect Your Data
Technical security measures explained in plain language.
Encryption
TLS 1.3 encryption for all data transfers between your browser and our servers
AES-256 encryption for all stored prescription images and health data
Messages between patients and pharmacies are encrypted in transit via TLS 1.3 and encrypted at rest via AES-256 in our database. Server-side access is restricted to authorised platform operations only.
Access Controls
Pharmacies only see prescriptions they bid on. Staff access is role-limited.
Optional 2FA for patient accounts. Required for pharmacy staff.
Automatic logout after inactivity. Single-session enforcement.
Audit & Monitoring
Every access to prescription data is logged with timestamp and IP
Real-time monitoring for suspicious access patterns
Third-party security audits conducted annually
Infrastructure
Our infrastructure providers maintain SOC 2 Type II certification
Data replicated across multiple secure data centers
Enterprise-grade protection against denial of service attacks
Data Retention
Prescription images auto-delete 90 days after order completion
Order records retained per pharmacy regulations (without images)
Request full deletion of your data at any time via settings
Privacy & Consent
Understand exactly how your data is collected, used, and protected.
Script Privacy™ — We Collect Only What's Necessary
Script Unlock follows a "data minimization" approach. This means we only collect and store the information needed to help you find the best price on your prescription—nothing more.
- •Medication name, dosage, and quantity from your prescription
- •Prescriber name (for pharmacy verification)
- •Your delivery address (only if you choose delivery)
- •Communication preferences
- •Your diagnosis or medical history
- •Insurance information (unless you provide it)
- •Social Security Number
- •Information from other health providers
What pharmacies see during bidding
When pharmacies bid on your prescription, they see only: medication name, dosage, quantity, and general location (city/state—not your address). This is the minimum information needed to provide an accurate price. Your name, address, and full prescription details are shared only after you accept a bid.
No ad pixels, no cross-site tracking, no selling health data. Your visits here stay here.
Your Consent & Control
You decide what happens with your prescription. Here's how consent works on Script Unlock:
When you upload
You consent to Script Unlock securely storing your prescription and sharing limited details (medication, dosage, quantity) with licensed pharmacies to receive bids.
When you accept a bid
You consent to sharing your full prescription with that specific pharmacy so they can fill your order.
You can revoke anytime
Before accepting a bid, you can withdraw your prescription at any time. After accepting, you can cancel within the pharmacy's cancellation window. You can always delete your account and all associated data.
We never share your data with marketers, advertisers, or anyone outside of facilitating your prescription orders. Read our Privacy Policy →
How Long We Keep Your Data
We believe in keeping data only as long as it's useful to you or legally required. Here's our straightforward retention policy:
Prescription Images
Auto-delete 90 days after your order is delivered. We keep them briefly in case you need to reference them or there's an issue with your order.
Messages & Communications
Conversations with pharmacies are kept for 1 year for customer service purposes, then deleted.
Order Records
Basic transaction data (medication name, pharmacy, date, amount) is kept for 7 years per pharmacy regulations. This does not include prescription images.
On Request
You can request deletion of your data at any time. We'll remove everything except what we're legally required to keep.
Deleting Your Account & Data
You're in control of your data. Here's exactly what happens when you delete your account:
Deleted immediately
- • Your profile and personal information
- • All prescription images
- • Saved pharmacies and preferences
- • Notification settings
Deleted within 30 days
- • All messages and communications
- • Bid history and comparisons
- • Account activity logs
Retained for legal compliance
- • Completed order transaction records (7 years, per pharmacy regulations)
- • Payment records (7 years, per financial regulations)
These records contain only basic transaction data—no prescription images or messages.
How to delete your account
Go to Settings → Privacy → Delete My Account. You'll receive an email confirmation, and deletion will begin immediately. If you change your mind within 7 days, you can contact support to cancel the deletion.
What HIPAA Means for You
HIPAA is a federal law that protects your health information. Here's what it means when you use Script Unlock:
Still have questions?
Our privacy team is happy to explain anything about how we protect your information.
Read our full HIPAA Compliance page →Our Role Under HIPAA
Business Associate
Script Unlock operates as a Business Associate under HIPAA. We have signed Business Associate Agreements (BAAs) with all pharmacy partners. This means we're legally bound to protect your health information and can only use it to facilitate your prescription orders.
What this means for you: Your prescription data is protected by federal law. We cannot share it for marketing, sell it, or use it for anything other than helping you get the best price on your medication.
Trusted Vendors
We only work with vendors who meet strict security and compliance standards.
Our Security Culture
Security isn't just a feature—it's how we operate. Every team member shares responsibility for protecting your data.
Shared Responsibility
Every team member, from engineering to customer support, is trained on data protection and privacy best practices.
Least Privilege Access
Staff access only the data they need for their specific role. Production data access requires approval and is logged.
Vendor Due Diligence
Before integrating any third-party service, we evaluate their security practices, certifications, and data handling policies.
Continuous Improvement
Regular security training, annual penetration testing, and ongoing investment in security infrastructure.
If Something Goes Wrong
Breach Notification
In the unlikely event of a data breach affecting your information, we will notify you within 60 days as required by HIPAA's Breach Notification Rule. You'll receive:
- Description of what information was affected
- Steps you should take to protect yourself
- What we're doing to prevent future incidents
- Contact information for questions
Questions About Security?
Our security team is happy to answer questions about how we protect your data.
Security Team
security@scriptunlock.com