Privacy Policy

1. Introduction and Scope

ScriptBlend, Inc. ("ScriptBlend," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website at scriptblend.com (the "Site"), use our mobile applications (the "Apps"), or use any of our services (collectively, the "Services").

This Privacy Policy applies to all users of our Services, including healthcare providers ("Providers"), patients ("Patients"), and other visitors to our Site. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Last Updated" date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Privacy Policy by your continued use of the Services after the date such revised Privacy Policy is posted.

2. Information We Collect

2.1 Personal Information You Provide

We collect personal information that you voluntarily provide to us when you register for an account, express an interest in obtaining information about us or our Services, participate in activities on the Services, or otherwise contact us. The personal information we collect may include:

• Identity Information: Name, date of birth, gender, professional credentials, National Provider Identifier (NPI), state medical license numbers, and government-issued identification documents.
• Contact Information: Email address, mailing address, telephone number, and fax number.
• Account Credentials: Username, password, and security questions and answers.
• Professional Information: Practice name, practice address, specialty, DEA registration number (where applicable), and professional affiliations.
• Payment Information: Credit card numbers, bank account information, billing address, and transaction history. Note that payment processing is handled by our third-party payment processors, and we do not store complete payment card information on our servers.
• Health Information: For Patients, we may collect medical history, current medications, medication allergies, health conditions, prescription information, and other health-related data necessary to facilitate compounded medication services.
• Communication Data: Records of your correspondence with us, including emails, chat messages, phone calls, and support tickets.

2.2 Information Automatically Collected

When you access our Services, we automatically collect certain information about your device and your use of the Services. This information may include:

• Device Information: Device type, operating system, unique device identifiers, browser type and version, screen resolution, and device settings.
• Log Information: Access times, pages viewed, IP address, referring URL, and the page you visited before navigating to our Services.
• Location Information: General location information based on your IP address, and with your consent, more precise location information from your mobile device.
• Usage Information: Information about how you use our Services, including features accessed, time spent on pages, click patterns, and search queries.
• Cookies and Similar Technologies: We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing activities. See Section 8 for more information about our use of cookies.

2.3 Information from Third Parties

We may receive information about you from third parties, including:

• Verification Services: Information from identity verification services, professional licensing databases, and background check providers to verify Provider credentials.
• Healthcare Partners: Information from pharmacies, laboratories, and other healthcare entities involved in fulfilling prescriptions or providing care.
• Analytics Providers: Aggregated or de-identified information from analytics services about how users interact with our Services.
• Marketing Partners: Information from advertising networks and marketing partners about your interests and preferences.

3. How We Use Your Information

We use the information we collect for various purposes, including:

3.1 Providing and Improving Our Services

• To create and manage your account and provide access to our Services.
• To process and fulfill prescription orders and facilitate communication between Providers, Patients, and pharmacies.
• To verify Provider credentials and maintain compliance with applicable laws and regulations.
• To process payments and prevent fraudulent transactions.
• To provide customer support and respond to your inquiries.
• To analyze usage patterns and improve the functionality, content, and user experience of our Services.
• To develop new products, services, features, and functionality.
• To train and improve our artificial intelligence and machine learning models to better assist with prescription suggestions and healthcare workflows.

3.2 Communications

• To send you transactional communications, such as order confirmations, prescription updates, and account notifications.
• To send you marketing communications about our products, services, and promotions (with your consent where required by law).
• To send you important notices about changes to our terms, conditions, and policies.
• To facilitate communications between Providers and Patients regarding prescriptions and treatment.

3.3 Legal and Safety Purposes

• To comply with applicable laws, regulations, and legal processes.
• To enforce our Terms of Service and other agreements.
• To protect our rights, property, and safety, and the rights, property, and safety of our users and third parties.
• To detect, prevent, and address fraud, security breaches, and other harmful or illegal activities.
• To respond to requests from law enforcement agencies and government authorities.

3.4 Research and Analytics

• To conduct research and analysis to better understand our users and improve our Services.
• To generate aggregated, de-identified, or anonymized data for statistical analysis, research publications, and business purposes.
• To measure the effectiveness of advertising and marketing campaigns.

4. Disclosure of Your Information

We may share your information in the following circumstances:

4.1 Service Providers

We may share your information with third-party service providers who perform services on our behalf, including:

• Payment processors and financial institutions for transaction processing.
• Cloud hosting and data storage providers.
• Email and communication service providers.
• Analytics and data analysis providers.
• Customer support and help desk providers.
• Identity verification and fraud prevention services.
• Marketing and advertising partners.

These service providers are contractually obligated to use your information only as necessary to provide services to us and are required to maintain the confidentiality and security of your information.

4.2 Healthcare Partners

To facilitate the provision of compounded medications, we share information with:

• 503B outsourcing facilities and compounding pharmacies that prepare and dispense medications.
• Shipping and logistics providers for medication delivery.
• Healthcare providers involved in your care.
• Laboratories for testing and quality assurance purposes.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency). This includes:

• Complying with subpoenas, court orders, or other legal processes.
• Responding to requests from regulatory agencies, including state pharmacy boards and the FDA.
• Cooperating with law enforcement investigations.
• Protecting against legal liability.

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Services of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

4.5 With Your Consent

We may disclose your information for any other purpose with your consent or at your direction.

4.6 Aggregated or De-identified Information

We may share aggregated or de-identified information that cannot reasonably be used to identify you with third parties for research, marketing, analytics, and other purposes.

5. Protected Health Information and HIPAA Compliance

As a healthcare technology platform facilitating the prescription and fulfillment of compounded medications, we handle Protected Health Information ("PHI") as defined under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and its implementing regulations.

5.1 Our Role

Depending on the nature of our relationship with you and the services we provide, we may act as a Business Associate or Covered Entity under HIPAA. Where we act as a Business Associate, we enter into Business Associate Agreements with Covered Entities as required by HIPAA.

5.2 Use and Disclosure of PHI

We use and disclose PHI only as permitted or required by HIPAA and applicable state laws. This includes uses and disclosures for:

• Treatment: To facilitate the provision of healthcare services, including the prescribing, compounding, and dispensing of medications.
• Payment: To obtain payment for healthcare services provided.
• Healthcare Operations: To support our business activities and improve the quality of care.
• As Required by Law: To comply with federal, state, or local laws that require disclosure.
• Public Health Activities: To report disease, injury, vital events, and conduct public health surveillance.
• Health Oversight Activities: To respond to audits, investigations, and inspections by health oversight agencies.

5.3 Patient Rights Under HIPAA

If you are a Patient, you have certain rights under HIPAA regarding your PHI, including:

• Right to Access: You may request access to your PHI that we maintain.
• Right to Amendment: You may request that we amend your PHI if you believe it is incorrect or incomplete.
• Right to an Accounting of Disclosures: You may request a list of certain disclosures of your PHI that we have made.
• Right to Request Restrictions: You may request restrictions on how we use or disclose your PHI.
• Right to Request Confidential Communications: You may request that we communicate with you about your PHI in a certain way or at a certain location.
• Right to a Paper Copy: You may request a paper copy of our Notice of Privacy Practices.

To exercise any of these rights, please contact us using the information provided in Section 14 below.

5.4 Security of PHI

We implement administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of PHI as required by the HIPAA Security Rule. These safeguards include encryption, access controls, audit logging, workforce training, and regular security assessments.

6. Data Security

We take the security of your information seriously and implement appropriate technical and organizational measures to protect your personal information against unauthorized or unlawful processing and against accidental loss, destruction, or damage. These measures include:

• Encryption: We use industry-standard encryption (TLS/SSL) to protect data in transit and at rest.
• Access Controls: We implement role-based access controls and require strong authentication for access to sensitive systems and data.
• Infrastructure Security: Our Services are hosted on secure cloud infrastructure with multiple layers of physical and logical security.
• Monitoring and Logging: We maintain comprehensive logs of system activity and employ continuous monitoring for security threats.
• Incident Response: We maintain incident response procedures to promptly address any security incidents and notify affected individuals as required by law.
• Vendor Management: We carefully evaluate the security practices of our service providers and require appropriate security commitments in our contracts.
• Employee Training: Our employees receive regular training on data privacy and security practices.
• Regular Assessments: We conduct regular security assessments, vulnerability scans, and penetration testing.

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your information. In the event of a data breach affecting your personal information, we will notify you in accordance with applicable law.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. The retention period may vary depending on the type of information and the context of our relationship with you.

• Account Information: We retain account information for as long as your account is active and for a reasonable period thereafter in case you decide to reactivate your account or as needed to provide you with Services.
• Transaction Records: We retain records of transactions for at least seven (7) years to comply with tax, accounting, and regulatory requirements.
• Medical Records: We retain medical records, including prescription information, in accordance with applicable state and federal laws, which may require retention for periods ranging from six (6) to twenty-five (25) years depending on the jurisdiction and type of record.
• Communications: We retain communications records for a reasonable period to provide customer support and for legal purposes.
• Usage Data: We retain usage data for analytics purposes for a period of up to three (3) years, after which it may be aggregated or anonymized.

When we no longer need to retain your information, we will securely delete or anonymize it in accordance with our data retention policies and applicable law.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information about your interactions with our Services. This section explains what these technologies are and how we use them.

8.1 What Are Cookies?

Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work more efficiently, provide information to website owners, and enable certain functionality. Cookies can be "session" cookies (which expire when you close your browser) or "persistent" cookies (which remain on your device for a set period or until you delete them).

8.2 Types of Cookies We Use

• Essential Cookies: These cookies are necessary for the Services to function properly. They enable core functionality such as security, network management, and account access. You cannot opt out of these cookies.
• Performance and Analytics Cookies: These cookies help us understand how visitors interact with our Services by collecting and reporting information anonymously. We use this information to improve our Services.
• Functionality Cookies: These cookies allow the Services to remember choices you make (such as your username, language, or region) and provide enhanced, personalized features.
• Targeting and Advertising Cookies: These cookies may be set through our Services by our advertising partners to build a profile of your interests and show you relevant advertisements on other sites.

8.3 Managing Cookies

Most web browsers allow you to control cookies through their settings preferences. However, if you limit the ability of websites to set cookies, you may worsen your overall user experience and some features of our Services may not function properly.

8.4 Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want to have your online activity tracked. We currently do not respond to DNT signals, as there is no common industry standard for compliance.

9. Your Rights and Choices

Depending on your location and applicable law, you may have certain rights regarding your personal information:

9.1 Access and Portability

You may request access to the personal information we hold about you and request a copy of your information in a commonly used, machine-readable format.

9.2 Correction

You may request that we correct inaccurate or incomplete personal information we hold about you.

9.3 Deletion

You may request that we delete your personal information, subject to certain exceptions provided by law (such as compliance with legal obligations or completion of transactions).

9.4 Restriction of Processing

You may request that we restrict the processing of your personal information in certain circumstances.

9.5 Objection to Processing

You may object to our processing of your personal information based on our legitimate interests.

9.6 Withdrawal of Consent

Where we rely on your consent to process your personal information, you may withdraw your consent at any time.

9.7 Marketing Communications

You may opt out of receiving marketing communications from us by clicking the "unsubscribe" link in any marketing email or by contacting us. Please note that you may continue to receive transactional and account-related communications.

9.8 Account Deletion

You may request deletion of your account by contacting us. Please note that we may retain certain information as required by law or for legitimate business purposes.

To exercise any of these rights, please contact us using the information provided in Section 14. We will respond to your request within the timeframe required by applicable law. We may need to verify your identity before processing your request.

10. State-Specific Privacy Rights

10.1 California Residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

• Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected, the sources of collection, the purposes for collection, and the categories of third parties with whom we share your information.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You have the right to request correction of inaccurate personal information.
• Right to Opt Out of Sale/Sharing: You have the right to opt out of the sale of your personal information or the sharing of your personal information for cross-context behavioral advertising. We do not sell personal information in the traditional sense, but some of our data sharing practices may constitute "sharing" under the CPRA.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of sensitive personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To submit a request, please contact us using the information in Section 14. You may also designate an authorized agent to make a request on your behalf.

10.2 Virginia, Colorado, Connecticut, and Other State Residents

If you are a resident of Virginia, Colorado, Connecticut, Utah, or another state with comprehensive privacy legislation, you may have similar rights to access, correct, delete, and port your personal information, as well as the right to opt out of targeted advertising, profiling, and the sale of personal information. Please contact us to exercise these rights.

10.3 Nevada Residents

Nevada residents may opt out of the sale of certain "covered information" collected by websites. We do not currently sell covered information as defined under Nevada law, but you may submit a request to opt out by contacting us.

11. International Data Transfers

Our Services are primarily operated in the United States. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where our servers are located and our central database is operated.

The data protection laws of the United States may differ from those in your country. By using our Services, you consent to the transfer of your information to the United States and the use and disclosure of your information as described in this Privacy Policy.

If you are a resident of the European Economic Area (EEA), United Kingdom, or Switzerland, we will take appropriate measures to ensure that your personal information receives an adequate level of protection when transferred outside of these regions, such as the use of Standard Contractual Clauses approved by the European Commission.

12. Children's Privacy

Our Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 without parental consent. If we become aware that we have collected personal information from a child under 13 without verification of parental consent, we will take steps to delete that information.

For Patients who are minors, we may collect personal information with the consent of a parent or legal guardian in connection with healthcare services provided through our platform. Healthcare providers are responsible for obtaining appropriate consent for minor patients in accordance with applicable law.

13. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services that are not operated or controlled by us. This Privacy Policy does not apply to those third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access through our Services.

We may also integrate third-party services into our platform, such as analytics tools, payment processors, and communication platforms. While we select our partners carefully, their use of your information is governed by their own privacy policies.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

If you are a California resident and wish to exercise your privacy rights, you may also call our toll-free number or submit a request through our website.

If you have concerns about how we have handled your personal information, you have the right to lodge a complaint with the appropriate supervisory authority in your jurisdiction.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes to this Privacy Policy, we will notify you by:

• Posting the updated Privacy Policy on our website with a new "Last Updated" date.
• Sending you an email notification if you have an account with us.
• Displaying a prominent notice on our Services.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our Services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

16. Governing Law and Dispute Resolution

This Privacy Policy and any disputes arising out of or related to it or your use of our Services shall be governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of law principles.

Any disputes relating to this Privacy Policy or your privacy rights shall be resolved in accordance with the dispute resolution provisions set forth in our Terms of Service, which may include binding arbitration.

17. Severability

If any provision of this Privacy Policy is held to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect. The invalid, illegal, or unenforceable provision shall be modified to the minimum extent necessary to make it valid, legal, and enforceable while preserving its intent.

18. Entire Agreement

This Privacy Policy, together with our Terms of Service and any other agreements you enter into with us, constitutes the entire agreement between you and ScriptBlend regarding the subject matter hereof and supersedes all prior or contemporaneous communications, representations, or agreements, whether oral or written.