Privacy Policy

Last Updated: 17 October 2025 Effective Date: 17 October 2025

1. Introduction

Scripter ("we", "us", "our", "Company") is committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information when you use our veterinary prescription management platform ("Service", "Platform", "Application") available at app.scripter.au and our free prescription generator tool available at scripter.au/free-prescription-generator.

By using Scripter, you consent to the collection and use of your information as described in this Privacy Policy. If you do not agree with this Privacy Policy, you must not use the Service.

1.1 About Scripter

Scripter is an Australian-based veterinary prescription management platform designed exclusively for registered veterinarians in Australia. Our Service enables veterinarians to create, manage, and export legally compliant prescriptions while maintaining secure patient and client records.

We offer two ways to use Scripter:

Full Application (app.scripter.au): A comprehensive prescription management platform requiring account creation, professional verification, and ongoing access to stored prescription records.
Free Prescription Generator (scripter.au/free-prescription-generator): A simplified tool allowing veterinarians to create single prescriptions instantly without creating an account. This tool does NOT store your data on our servers.

1.2 Our Commitment to Privacy

We are committed to:

Transparency about what data we collect and why
Limiting collection to only necessary information
Protecting your data with industry-standard security measures
Respecting your rights under Australian privacy law
Never selling your personal information to third parties

1.3 Free Prescription Generator - Important Privacy Information

The Free Prescription Generator does NOT store your data:

When you use our free prescription generator tool at scripter.au/free-prescription-generator:

All data is processed locally in your browser only
We do NOT save, store, or transmit any prescription, patient, client, or veterinarian information to our servers
Your data exists only temporarily in your browser's memory while you create the prescription
Once you close the page or clear your browser, all data is permanently deleted
We cannot recover or access any prescriptions created with the free tool

What we DO collect from the free tool:

Anonymous usage analytics (page views, session duration) via Google Analytics and Vercel Analytics
Basic technical information (browser type, device type, general location at country/city level)
No personally identifiable information is collected or stored

Important: If you need to retain prescription records for legal compliance, you are responsible for:

Downloading and saving the generated PDF
Storing the prescription in your own record-keeping system
Meeting veterinary record retention requirements (minimum 2 years in most Australian states)

For full prescription management with secure cloud storage, automatic record retention, and practice management features, please create an account at app.scripter.au.

2. Information We Collect

Note: This section applies to the full Scripter application (app.scripter.au) where data is stored on our servers. The free prescription generator (scripter.au/free-prescription-generator) does NOT store any of this information - see Section 1.3 above.

We collect different types of information to provide and improve our Service.

2.1 Personal Information You Provide (Full Application Only)

Account Registration Information:

Email address (used for authentication and communication)
Password (stored in hashed form only, never in plaintext)
Mobile phone number (optional, synced from authentication system)

Professional Profile Information:

Professional title (Dr., Prof., etc.)
First name, middle name, last name
Professional qualifications (e.g., BVSc, MVSc)
Post-nominal letters (e.g., MRCVS, MVSc, PhD)
Professional role (veterinarian, admin)
Veterinary registration number
Registration state/territory (NSW, VIC, QLD, SA, WA, TAS, NT, ACT)

Clinic/Organization Information:

Clinic name
Clinic physical address (street address, suburb, state, postcode)
Clinic phone number
Clinic email address

Profile Picture (Optional):

Avatar image uploaded to private cloud storage
File metadata (filename, file size, upload timestamp)

Verification Documents:

Veterinary registration certificate
Government-issued identification (driver's license, passport)
Other professional credentials you choose to upload
File metadata (filename, file size, file type, upload timestamp, document type)

2.2 Patient and Client Information

When you create prescriptions, we store:

Patient/Animal Information:

Patient first name and last name
Species (required)
Breed
Age (years and months) or date of birth
Sex (male, female, unknown)
Reproductive status (entire, neutered, spayed, unknown)
Weight in kilograms
Microchip number

Client/Owner Information:

Client title, first name, last name
Client phone number
Client email address
Client postal address (address lines, suburb, state, postcode)

Clinical Information:

Diagnosis
Clinical notes
Prescription metadata (prescription number, date created, status)

Medication Information:

Drug name, strength, form
Quantity prescribed
Number of repeats and repeat intervals
Directions for use
Veterinary notes

2.3 Automatically Collected Information

Usage Information:

Dates and times you access the Service
Actions performed within the application (prescription created, profile updated, etc.)
Page views and navigation patterns

Authentication Information:

Session data (stored in HTTP-only cookies)
Login timestamps
IP addresses (for security purposes)

Device and Browser Information:

Browser type and version
Operating system
Device type
Screen resolution (for responsive design)

2.4 Cookies and Similar Technologies

We use cookies for essential functionality only:

Authentication Cookies (Required):

Purpose: Maintain your logged-in session
Type: HTTP-only cookies (not accessible via JavaScript)
Duration: Session-based with automatic refresh
Managed by: Supabase SSR authentication library
Cannot be disabled without losing access to the Service

Theme Preference (Optional):

Storage method: Browser localStorage (not cookies)
Purpose: Remember your light/dark mode preference
Key name: scripter-theme
Can be cleared via browser settings

Analytics Cookies (May be used):

Google Analytics: May be used to collect anonymized usage data and analytics
Vercel Analytics: May be used to collect web vitals and performance metrics
Purpose: Understand how users interact with the Service to improve user experience
Data collected: Page views, session duration, device type, general location (country/city level)
Can be disabled through browser settings or privacy tools

What We Don't Use:

No advertising cookies
No social media cookies
No behavioral profiling for advertising purposes

2.5 Information We Do NOT Collect

Credit card or payment information (service is currently free)
Social Security numbers or Tax File Numbers
Financial information
Sensitive health information about you (only about your patients)
Browsing history outside our Service
Location data via GPS
Biometric information

3. How We Use Your Information

We collect and use your personal information only for specific, legitimate purposes.

3.1 Primary Purposes

To Provide the Service:

Create and maintain your user account
Authenticate your identity and manage sessions
Enable prescription creation, management, and export
Store and retrieve prescription data
Generate PDF documents of prescriptions
Provide search and filtering functionality

Professional Verification:

Verify your veterinary registration and professional credentials
Review uploaded verification documents
Confirm your identity and authorization to prescribe
Maintain verification status and history
Notify administrators when verification documents are submitted

Communication:

Send transactional emails related to your account (email verification, password reset)
Notify you of important service updates or security alerts
Respond to your support inquiries
Send administrative notifications (verification status updates)
Communicate changes to our Terms of Service or Privacy Policy

Legal and Regulatory Compliance:

Comply with Australian veterinary record retention requirements (minimum 2 years)
Respond to legal requests and court orders
Enforce our Terms of Service
Protect against fraud and security threats
Maintain audit trails for regulatory purposes

3.2 Secondary Purposes

Service Improvement:

Analyze aggregated, anonymized usage patterns to improve features
Identify and fix technical issues
Optimize user interface and user experience
Plan new features and functionality

Security and Safety:

Detect and prevent fraud, abuse, or unauthorized access
Monitor for security vulnerabilities
Protect the rights, property, and safety of Scripter, our users, and the public
Investigate suspected violations of our Terms of Service

3.3 How We Do NOT Use Your Information

We will never:

Sell your personal information to third parties
Use your data for targeted advertising
Share patient/client data with pharmaceutical companies
Use your clinical data for commercial purposes without explicit consent
Send marketing or promotional emails (service is currently free with no marketing)
Track your activity across other websites

We respect your privacy and limit information sharing to only what is necessary.

4.1 Third-Party Service Providers

We share certain information with trusted service providers who help us operate the Service:

Supabase (Database and Authentication):

Information shared: All user data, prescriptions, profiles, verification documents
Purpose: Database hosting, user authentication, file storage
Location: Primary database in Sydney, Australia; backup replicas may be stored in Sydney or other Oceania data centers
Privacy Policy: https://supabase.com/privacy
Security: Industry-standard encryption, Row Level Security (RLS) policies

Vercel (Hosting and Infrastructure):

Information shared: Application access logs, session data
Purpose: Web hosting, application delivery, performance monitoring
Location: Global CDN with servers in multiple regions
Privacy Policy: https://vercel.com/legal/privacy-policy
Security: HTTPS/TLS encryption, DDoS protection

Resend (Email Delivery):

Information shared: Email addresses, user names, verification status (for admin notifications only)
Purpose: Transactional email delivery (verification notifications to admins)
Emails sent: Administrator notifications when users submit verification documents
Privacy Policy: https://resend.com/legal/privacy-policy
Security: Encrypted transmission, domain authentication

Cloudflare (DNS and CDN):

Information shared: IP addresses, DNS queries, HTTP requests
Purpose: Domain name system, content delivery, DDoS protection
Privacy Policy: https://www.cloudflare.com/privacypolicy/
Security: Enterprise-grade DDoS protection, encrypted connections

Cloudinary (CDN and Media Delivery):

Information shared: Media files, access patterns
Purpose: Content delivery network for media assets
Privacy Policy: https://cloudinary.com/privacy
Security: Secure media delivery, encrypted connections

Google Analytics (Analytics - May be used):

Information shared: Anonymized usage data, page views, session information, device type, general location
Purpose: Website analytics and usage insights to improve user experience
Privacy Policy: https://policies.google.com/privacy
Security: Data anonymization, IP masking
Note: May not be currently active but infrastructure is in place

Vercel Analytics (Performance Monitoring - May be used):

Information shared: Web vitals, page load times, performance metrics
Purpose: Monitor website performance and user experience metrics
Privacy Policy: https://vercel.com/legal/privacy-policy
Security: Anonymized performance data
Note: May not be currently active but infrastructure is in place

4.2 Legal and Regulatory Disclosures

We may disclose your information when required by law or to protect rights:

Legal Obligations:

In response to subpoenas, court orders, or legal processes
To comply with applicable laws and regulations
To cooperate with law enforcement or regulatory authorities
To respond to veterinary board investigations or inquiries

Protection of Rights:

To enforce our Terms of Service
To investigate or prevent fraud, security breaches, or illegal activity
To protect the rights, property, or safety of Scripter, our users, or the public
To defend against legal claims

4.3 Business Transfers

If Scripter is involved in a merger, acquisition, sale of assets, or bankruptcy:

Your information may be transferred to the successor entity
You will be notified via email and/or prominent notice on the Service
The successor will be bound by this Privacy Policy unless you consent to a new policy

4.4 Aggregated and Anonymized Data

We may share aggregated, de-identified, or anonymized data that cannot reasonably identify you:

Usage statistics (e.g., "1000 prescriptions created this month")
Demographic information (e.g., "70% of users are in NSW")
Feature usage patterns for service improvement

This anonymized data is not subject to this Privacy Policy.

We may share your information for other purposes with your explicit consent, such as:

Integrations with third-party veterinary software (if implemented in future)
Research studies or surveys (opt-in only)
Professional references or credential verification (with your request)

We never share:

Patient or client data with anyone except you (the treating veterinarian)
Prescription data with pharmaceutical companies or pharmacies (unless future integrations with explicit consent)
Your personal information for marketing or advertising purposes
Your data with data brokers or analytics companies

5. Data Security

We implement industry-standard security measures to protect your information.

5.1 Technical Security Measures

Encryption:

All data transmitted over HTTPS/TLS encryption (SSL certificates)
Database encryption at rest via Supabase (AES-256 encryption)
Password hashing using bcrypt (passwords never stored in plaintext)
Secure cookie-based session management (HTTP-only cookies)

Access Controls:

Row Level Security (RLS) policies on all database tables
Users can only access their own data
Administrators require explicit role assignment in database
Signed URLs with time-based expiry for private file access (avatars, verification documents)

Authentication Security:

Minimum password requirements (8 characters, uppercase, lowercase, number, special character)
Email verification required for account creation
Password reset via secure email OTP
Session timeout and automatic refresh
Protection against brute force attacks

Infrastructure Security:

Hosting on secure, enterprise-grade platforms (Vercel, Supabase)
Regular automated backups for disaster recovery
DDoS protection via Cloudflare
Private storage buckets for sensitive documents
Middleware-based authentication on all protected routes

5.2 Organizational Security Measures

Access Limitation:

Only authorized personnel can access production systems
Admin access limited to essential functions (verification review)
No customer support team access to production database (support via email only)
Principle of least privilege for all system access

Security Monitoring:

Monitoring for unauthorized access attempts
Logging of administrative actions
Regular review of access logs
Incident response procedures for security breaches

5.3 Your Role in Security

You are responsible for:

Choosing a strong, unique password
Keeping your credentials confidential
Not sharing your account with others
Logging out on shared computers
Notifying us immediately of suspected unauthorized access (info@scripter.au)

5.4 Limitations and Risks

While we implement strong security measures:

No system is 100% secure
Internet transmission carries inherent risks
We cannot guarantee absolute security
You use the Service at your own risk
We are not liable for unauthorized access beyond our reasonable control

5.5 Data Breach Notification

In the event of a data breach that is likely to result in serious harm:

We will notify affected users via email within a reasonable timeframe
We will notify the Office of the Australian Information Commissioner (OAIC) if required by law
We will provide information about the breach, affected data, and remedial steps
We will take immediate action to contain and remediate the breach

6. Data Retention

We retain your information for as long as necessary to provide the Service and comply with legal obligations.

6.1 Active Account Data

While Your Account is Active:

Profile information: Retained indefinitely until you request deletion
Prescription data: Retained indefinitely to comply with veterinary record retention laws
Verification documents: Retained while verification status is active
Session data: Retained for session duration only
Activity logs: Retained for security and troubleshooting purposes

6.2 Prescription Data Retention

Legal Requirements:

Veterinary prescriptions must be retained for at least 2 years from the date of creation (NSW Health and other state requirements)
Some states/territories may require longer retention periods
You are responsible for knowing your state's specific requirements

Our Practice:

We retain all prescription data indefinitely unless you request deletion
Even after account deletion, prescription data is retained for minimum legal period (2 years)
After the legal retention period expires, prescription data can be permanently deleted upon request

6.3 Account Deletion and Data Removal

When You Request Account Deletion:

Immediate Actions:
- Your account access is revoked
- Profile is marked for deletion
Data Retained for Legal Compliance:
- Prescription data: Minimum 2 years from date of each prescription
- Verification documents: Until verification obligations are satisfied
- Transaction logs: As required by law
Data Anonymized or Deleted:
- Personal profile information (name, email, phone): Anonymized after verification requirements met
- Avatar images: Deleted within 30 days
- Optional profile fields: Deleted within 30 days
Permanent Deletion:
- After all legal retention periods expire, all associated data is permanently deleted
- Deletion is irreversible and cannot be recovered

You can request account deletion from your Account page under the Security tab, or by contacting info@scripter.au.

6.4 Inactive Account Data

Accounts inactive for more than 24 months may be suspended
We will notify you via email before suspension
Data is retained during suspension period
You may reactivate your account at any time

6.5 Backup and Disaster Recovery

Backups are maintained for disaster recovery purposes
Deleted data may persist in backups for up to 90 days
Backups are subject to the same security measures as production data
Backup data is not accessible for normal operations

7. Your Privacy Rights

Under Australian privacy law, you have certain rights regarding your personal information.

7.1 Right to Access

You have the right to:

Access all personal information we hold about you
View your profile, prescriptions, and verification documents through the application
Request a copy of your data in a readable format

How to Exercise: Log into your account to view data, or email info@scripter.au to request a formal data access report.

7.2 Right to Correction

You have the right to:

Correct inaccurate or outdated information
Update your profile, clinic details, and professional information
Request correction of data you cannot edit yourself

How to Exercise: Update information via your Account page, or email info@scripter.au for assistance.

7.3 Right to Deletion (Right to be Forgotten)

You have the right to:

Request deletion of your account and personal information
Subject to legal record retention requirements (prescriptions must be kept for minimum 2 years)

How to Exercise: Email info@scripter.au with your deletion request. We will verify your identity and process the request in accordance with legal obligations.

Limitations:

Prescription data is retained for legally required minimum period
Data needed for legal compliance or dispute resolution may be retained
Anonymized data used for analytics is not subject to deletion

7.4 Right to Data Portability

You have the right to:

Export individual prescriptions as PDF documents (currently available)
Request prescription data in a structured format (future feature)

Current Limitations:

Bulk data export to CSV/JSON is not currently available
Only PDF export of individual prescriptions is supported

How to Exercise: Use the export button on individual prescriptions, or email info@scripter.au to request bulk export assistance.

7.5 Right to Restrict Processing

You have the right to:

Request restriction of processing in certain circumstances
Object to processing for specific purposes

How to Exercise: Email info@scripter.au to discuss your specific concerns.

7.6 Right to Complain

You have the right to:

Lodge a complaint with us about privacy concerns
Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

How to Complain:

Internal Complaint: Email info@scripter.au with your concerns. We will respond within 30 days.
External Complaint: Contact the OAIC:
- Website: https://www.oaic.gov.au
- Phone: 1300 363 992
- Email: enquiries@oaic.gov.au

7.7 Right to Opt-Out of Communications

You have the right to:

Opt out of non-essential emails (currently we only send transactional emails)
Unsubscribe from future marketing communications (if implemented)

Limitation: You cannot opt out of essential service communications (security alerts, verification status, critical updates) while maintaining an active account.

7.8 Exercising Your Rights

To exercise any privacy rights:

Email: info@scripter.au
Subject Line: Include "Privacy Rights Request"
Include: Your name, email address, and specific request
Verification: We may request additional information to verify your identity
Response Time: We will respond within 30 days

8. International Data Transfers

8.1 Australian Data Storage

Scripter is based in Australia and stores data primarily in Sydney, Australia.

Primary Database: Our primary Supabase database is located in Sydney, Australia.

Backup Storage: Backup replicas may be stored in Sydney or other Oceania data centers for redundancy and disaster recovery purposes.

8.2 Third-Party Service Providers

Some service providers may store or process data outside Australia:

Vercel: Global CDN with servers in multiple countries
Resend: Email infrastructure (location to be confirmed)
Cloudflare: Global CDN and DNS

8.3 Data Protection Standards

When data is transferred internationally:

We ensure service providers comply with data protection standards comparable to Australian Privacy Principles
Contractual agreements require appropriate security measures
Data is encrypted in transit and at rest

By using Scripter, you consent to the transfer of your information to third-party service providers who may operate infrastructure outside Australia, subject to appropriate safeguards.

9. Children's Privacy

9.1 Age Restriction

Scripter is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.

9.2 Parental Notice

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at info@scripter.au, and we will delete such information.

9.3 Professional Requirement

To use Scripter, you must be a licensed veterinarian, which requires professional qualifications that are only obtainable by adults.

10. Updates to This Privacy Policy

10.1 Right to Modify

We reserve the right to update this Privacy Policy at any time to reflect:

Changes in our practices
Changes in applicable law
New features or services
Feedback from users or regulators

10.2 Notification of Changes

When we make material changes:

We will update the "Last Updated" date at the top of this document
We will notify you via email to your registered email address
We will post a notice on the Service dashboard
For significant changes affecting your rights, we will provide at least 30 days' notice

10.3 Acceptance of Changes

Your continued use of the Service after the effective date of the updated Privacy Policy constitutes your acceptance of the changes.

If you do not agree to the updated Privacy Policy, you must discontinue use of the Service and may request account deletion.

10.4 Version History

We maintain a version history of this Privacy Policy. You may request previous versions by contacting info@scripter.au.

11. Contact Information

For any privacy-related questions, concerns, or requests:

Contact Us:

Email: info@scripter.au
Response Time: Within 30 days of receiving your inquiry

12. Additional Information for Healthcare Professionals

12.1 Professional Obligations

As a veterinarian, you have independent obligations under:

State/territory veterinary practice acts
Australian Veterinary Association (AVA) codes of conduct
Privacy Act 1988 (Cth) regarding patient/client information

Your Responsibilities:

You remain the data controller for patient and client information
We act as a data processor on your behalf
You are responsible for obtaining necessary consents from clients
You must comply with veterinary privacy and confidentiality requirements

Before entering client information into Scripter:

Ensure you have appropriate consent to collect and store client data
Inform clients that their information will be stored electronically
Comply with applicable privacy laws regarding health information
Maintain your own privacy practices in accordance with professional standards

12.3 Data Processor Role

Scripter acts as a data processor for patient and client information:

We store data securely on your behalf
We do not use patient/client data for our own purposes
We do not share patient/client data with third parties (except infrastructure providers)
You retain all ownership and control of clinical data

13. Specific Privacy Disclosures

13.1 Analytics and Tracking

We want to be transparent about our analytics practices:

We may use Google Analytics and Vercel Analytics to understand how users interact with the Service
Analytics data is anonymized and used solely for improving user experience and performance
We do not track your browsing behavior outside our Service
We do not build user profiles for advertising or marketing purposes
We do not sell analytics data to third parties
You can disable analytics tracking through browser settings or privacy tools

13.2 No Marketing or Advertising

We do not send marketing emails (service is currently free)
We do not share your data with advertisers
We do not display third-party advertisements
We do not sell or rent your information to anyone

13.3 Email Communications

The only emails you will receive:

Account verification (one-time during signup)
Password reset requests (when you request)
Verification status updates (when admin reviews your documents)
Critical security alerts (if necessary)
Important service updates or legal changes (rare)

You will NOT receive:

Marketing or promotional emails
Newsletters (unless we add this as opt-in feature)
Third-party advertisements
Surveys (unless opt-in feature added)

14. Governing Law

This Privacy Policy is governed by the laws of New South Wales, Australia, and the Commonwealth Privacy Act 1988 (Cth).

Any disputes arising from this Privacy Policy will be subject to the exclusive jurisdiction of the courts of New South Wales, Australia.

Acknowledgment

BY USING SCRIPTER, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO THIS PRIVACY POLICY.

Privacy Policy

On this page