ScripterDOCS
Legal

Privacy Policy

How we handle your data and protect your privacy

Last Updated: 6 May 2026 Effective Date: 6 May 2026

1. Introduction

Scripter ("we", "us", "our", "Company") is committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information when you use our veterinary prescription management platform ("Service", "Platform", "Application") available at app.scripter.au and our free prescription generator tool available at scripter.au/free-prescription-generator.

By using Scripter, you consent to the collection and use of your information as described in this Privacy Policy. If you do not agree with this Privacy Policy, you must not use the Service.

1.1 About Scripter

Scripter is an Australian-based veterinary prescription management platform designed exclusively for registered veterinarians in Australia. Our Service enables veterinarians to create, manage, and export legally compliant prescriptions while maintaining secure patient and client records.

We offer two ways to use Scripter:

  1. Full Application (app.scripter.au): A comprehensive prescription management platform requiring account creation, professional verification, and ongoing access to stored prescription records.

  2. Free Prescription Generator (scripter.au/free-prescription-generator): A simplified tool allowing veterinarians to create single prescriptions instantly without creating an account. This tool does NOT store your data on our servers.

1.2 Our Commitment to Privacy

We are committed to:

  • Transparency about what data we collect and why
  • Limiting collection to only necessary information
  • Protecting your data with industry-standard security measures
  • Respecting your rights under Australian privacy law
  • Never selling your personal information to third parties

1.3 Free Prescription Generator - Important Privacy Information

The Free Prescription Generator does NOT store your data:

When you use our free prescription generator tool at scripter.au/free-prescription-generator:

  • All data is processed locally in your browser only
  • We do NOT save, store, or transmit any prescription, patient, client, or veterinarian information to our servers
  • Your data exists only temporarily in your browser's memory while you create the prescription
  • Once you close the page or clear your browser, all data is permanently deleted
  • We cannot recover or access any prescriptions created with the free tool

What we DO collect from the free tool:

  • Anonymous usage analytics (page views, session duration) via PostHog and Vercel Analytics
  • Basic technical information (browser type, device type, general location at country/city level)
  • No personally identifiable information is collected or stored from the free tool

Important: If you need to retain prescription records for legal compliance, you are responsible for:

  • Downloading and saving the generated PDF
  • Storing the prescription in your own record-keeping system
  • Meeting veterinary record retention requirements (minimum 2 years in most Australian states)

For full prescription management with secure cloud storage, automatic record retention, and practice management features, please create an account at app.scripter.au.

2. Information We Collect

Note: This section applies to the full Scripter application (app.scripter.au) where data is stored on our servers. The free prescription generator (scripter.au/free-prescription-generator) does NOT store any of this information - see Section 1.3 above.

We collect different types of information to provide and improve our Service.

2.1 Information You Provide

When you sign up and use the full application, we collect:

  • Account and profile data: email address, hashed password, name, professional title, qualifications, registration number and state, optional avatar
  • Clinic data: name, address, phone, email
  • Verification documents: veterinary registration certificate, government-issued ID, and other credentials you upload
  • Prescription content: patient details (name, species, breed, age, weight, microchip), client/owner contact details, diagnosis and clinical notes, medication details

2.2 Information We Collect Automatically

  • Usage and authentication logs: pages visited, actions taken, login times, IP address, and session cookies
  • Device information: browser, operating system, and device type

2.3 Cookies and Similar Technologies

We use cookies for essential functionality only:

Authentication Cookies (Required):

  • Purpose: Maintain your logged-in session
  • Type: HTTP-only cookies (not accessible via JavaScript)
  • Duration: Session-based with automatic refresh
  • Managed by: Supabase SSR authentication library
  • Cannot be disabled without losing access to the Service

Theme Preference (Optional):

  • Storage method: Browser localStorage (not cookies)
  • Purpose: Remember your light/dark mode preference
  • Key name: scripter-theme
  • Can be cleared via browser settings

Analytics Cookies (Active):

  • PostHog: Used to collect usage analytics and user feedback. For authenticated users, analytics are linked to your identity (user ID, email, name). For the free tool, analytics are anonymous.
  • Vercel Analytics: May be used to collect web vitals and performance metrics
  • Purpose: Understand how users interact with the Service to improve user experience
  • Data collected: Page views, navigation patterns, feature usage, device type, general location (country/city level), and for authenticated users, linked to your PostHog person profile
  • PostHog sets persistent cookies (ph_*) to maintain session state and user identity across visits
  • Can be disabled through browser settings or privacy tools, though this may affect some functionality

What We Don't Use:

  • No advertising cookies
  • No social media cookies
  • No behavioral profiling for advertising purposes

2.4 Information We Do NOT Collect

  • Credit card or payment information (service is currently free)
  • Social Security numbers or Tax File Numbers
  • Financial information
  • Sensitive health information about you (only about your patients)
  • Browsing history outside our Service
  • Location data via GPS
  • Biometric information

3. How We Use Your Information

We collect and use your personal information only for specific, legitimate purposes.

3.1 What We Use It For

We use your information to:

  • Operate the Service (create accounts, authenticate, store and export prescriptions)
  • Verify your veterinary credentials
  • Send transactional emails (account verification, password reset, verification status, security and service alerts)
  • Comply with legal and regulatory obligations, and maintain audit trails
  • Improve the Service through aggregated usage analysis and bug fixing
  • Detect and prevent fraud, abuse, or unauthorised access

3.2 What We Don't Do

We do not sell your personal information, share patient or client data with pharmaceutical companies, run targeted advertising, or send marketing emails.

4. How We Share Your Information

We respect your privacy and limit information sharing to only what is necessary.

4.1 Third-Party Service Providers

We share information with the following providers to operate the Service. Data in transit and at rest is encrypted with each provider, and access is limited to what is necessary.

ProviderPurposeData sharedRegion
SupabaseDatabase, authentication, file storageAll user data, prescriptions, verification documentsSydney, Australia
VercelWeb hosting and deliveryAccess logs, session dataGlobal CDN
ResendTransactional emailEmail addresses, names, verification statusUnited States
CloudflareDNS, CDN, DDoS protectionIP addresses, DNS queries, HTTP requestsGlobal
CloudinaryMedia CDNMedia files, access patternsGlobal
PostHogProduct analytics and in-app feedbackPage views, feature usage; for authenticated users: user ID, email, name, feedback contentUnited States

PostHog details and the analytics opt-out are described in Section 13.1.

We may disclose your information when required by law or to protect rights:

Legal Obligations:

  • In response to subpoenas, court orders, or legal processes
  • To comply with applicable laws and regulations
  • To cooperate with law enforcement or regulatory authorities
  • To respond to veterinary board investigations or inquiries

Protection of Rights:

  • To enforce our Terms of Service
  • To investigate or prevent fraud, security breaches, or illegal activity
  • To protect the rights, property, or safety of Scripter, our users, or the public
  • To defend against legal claims

4.3 Business Transfers

If Scripter is involved in a merger, acquisition, sale of assets, or bankruptcy:

  • Your information may be transferred to the successor entity
  • You will be notified via email and/or prominent notice on the Service
  • The successor will be bound by this Privacy Policy unless you consent to a new policy

4.4 Aggregated and Anonymized Data

We may share aggregated, de-identified, or anonymized data that cannot reasonably identify you:

  • Usage statistics (e.g., "1000 prescriptions created this month")
  • Demographic information (e.g., "70% of users are in NSW")
  • Feature usage patterns for service improvement

This anonymized data is not subject to this Privacy Policy.

We may share your information for other purposes with your explicit consent, such as:

  • Integrations with third-party veterinary software (if implemented in future)
  • Research studies or surveys (opt-in only)
  • Professional references or credential verification (with your request)

4.6 What We Do NOT Share

We never share:

  • Patient or client data with anyone except you (the treating veterinarian)
  • Prescription data with pharmaceutical companies or pharmacies (unless future integrations with explicit consent)
  • Your personal information for marketing or advertising purposes
  • Your data with data brokers or analytics companies

5. Data Security

We implement industry-standard security measures to protect your information.

5.1 Technical Security Measures

Encryption:

  • All data transmitted over HTTPS/TLS encryption (SSL certificates)
  • Database encryption at rest via Supabase (AES-256 encryption)
  • Password hashing using bcrypt (passwords never stored in plaintext)
  • Secure cookie-based session management (HTTP-only cookies)

Access Controls:

  • Row Level Security (RLS) policies on all database tables
  • Users can only access their own data
  • Administrators require explicit role assignment in database
  • Signed URLs with time-based expiry for private file access (avatars, verification documents)

Authentication Security:

  • Minimum password requirements (8 characters, uppercase, lowercase, number, special character)
  • Email verification required for account creation
  • Password reset via secure email OTP
  • Session timeout and automatic refresh
  • Protection against brute force attacks

Infrastructure Security:

  • Hosting on secure, enterprise-grade platforms (Vercel, Supabase)
  • Regular automated backups for disaster recovery
  • DDoS protection via Cloudflare
  • Private storage buckets for sensitive documents
  • Middleware-based authentication on all protected routes

5.2 Organizational Security Measures

Access Limitation:

  • Only authorized personnel can access production systems
  • Admin access limited to essential functions (verification review)
  • No customer support team access to production database (support via email only)
  • Principle of least privilege for all system access

Security Monitoring:

  • Monitoring for unauthorized access attempts
  • Logging of administrative actions
  • Regular review of access logs
  • Incident response procedures for security breaches

5.3 Your Role in Security

You are responsible for:

  • Choosing a strong, unique password
  • Keeping your credentials confidential
  • Not sharing your account with others
  • Logging out on shared computers
  • Notifying us immediately of suspected unauthorized access (info@scripter.au)

5.4 Limitations and Risks

While we implement strong security measures:

  • No system is 100% secure
  • Internet transmission carries inherent risks
  • We cannot guarantee absolute security
  • You use the Service at your own risk
  • We are not liable for unauthorized access beyond our reasonable control

5.5 Data Breach Notification

In the event of a data breach that is likely to result in serious harm:

  • We will notify affected users via email within a reasonable timeframe
  • We will notify the Office of the Australian Information Commissioner (OAIC) if required by law
  • We will provide information about the breach, affected data, and remedial steps
  • We will take immediate action to contain and remediate the breach

6. Data Retention

We retain your information for as long as necessary to provide the Service and comply with legal obligations.

6.1 Active Account Data

While Your Account is Active:

  • Profile information: Retained indefinitely until you request deletion
  • Prescription data: Retained indefinitely to comply with veterinary record retention laws
  • Verification documents: Retained while verification status is active
  • Session data: Retained for session duration only
  • Activity logs: Retained for security and troubleshooting purposes

6.2 Prescription Data Retention

Prescription records are retained for 7 years, in line with the longest record-keeping period required by Australian state veterinary boards. After that period, prescriber personal information is removed from the record, while the prescription itself remains available for audit and compliance purposes.

You are responsible for knowing the specific record-keeping requirements that apply in your state or territory.

6.3 Account Deletion

You can delete your account from the Security tab on your Account page, or by emailing info@scripter.au.

  • Self-initiated deletion has a 30-day grace period before it takes effect. Logging back in during this period cancels the deletion.
  • Once deletion takes effect, personal profile information (name, contact details, avatar, verification documents) is removed.
  • Prescription records are retained for the period described in Section 6.2, with prescriber details anonymized once that period ends.

6.4 Inactive Accounts

Accounts that go unused for an extended period may be closed on your behalf, with personal data removed over time. Logging in keeps your account active.

6.5 Backup and Disaster Recovery

  • Backups are maintained for disaster recovery purposes
  • Deleted data may persist in backups for up to 90 days
  • Backups are subject to the same security measures as production data
  • Backup data is not accessible for normal operations

7. Your Privacy Rights

Under Australian privacy law, you have certain rights regarding your personal information.

7.1 Right to Access

You have the right to:

  • Access all personal information we hold about you
  • View your profile, prescriptions, and verification documents through the application
  • Request a copy of your data in a readable format

How to Exercise: Log into your account to view data, or email info@scripter.au to request a formal data access report.

7.2 Right to Correction

You have the right to:

  • Correct inaccurate or outdated information
  • Update your profile, clinic details, and professional information
  • Request correction of data you cannot edit yourself

How to Exercise: Update information via your Account page, or email info@scripter.au for assistance.

7.3 Right to Deletion (Right to be Forgotten)

You have the right to:

  • Request deletion of your account and personal information
  • Subject to legal record retention requirements (prescriptions must be kept for minimum 2 years)

How to Exercise: Email info@scripter.au with your deletion request. We will verify your identity and process the request in accordance with legal obligations.

Limitations:

  • Prescription data is retained for legally required minimum period
  • Data needed for legal compliance or dispute resolution may be retained
  • Anonymized data used for analytics is not subject to deletion

7.4 Right to Data Portability

You have the right to:

  • Export individual prescriptions as PDF documents (currently available)
  • Request prescription data in a structured format (future feature)

Current Limitations:

  • Bulk data export to CSV/JSON is not currently available
  • Only PDF export of individual prescriptions is supported

How to Exercise: Use the export button on individual prescriptions, or email info@scripter.au to request bulk export assistance.

7.5 Right to Restrict Processing

You have the right to:

  • Request restriction of processing in certain circumstances
  • Object to processing for specific purposes

How to Exercise: Email info@scripter.au to discuss your specific concerns.

7.6 Right to Complain

You have the right to:

  • Lodge a complaint with us about privacy concerns
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

How to Complain:

  1. Internal Complaint: Email info@scripter.au with your concerns. We will respond within 30 days.
  2. External Complaint: Contact the OAIC:

7.7 Right to Opt-Out of Communications

You have the right to:

  • Opt out of non-essential emails (currently we only send transactional emails)
  • Unsubscribe from future marketing communications (if implemented)

Limitation: You cannot opt out of essential service communications (security alerts, verification status, critical updates) while maintaining an active account.

7.8 Exercising Your Rights

To exercise any privacy rights:

  • Email: info@scripter.au
  • Subject Line: Include "Privacy Rights Request"
  • Include: Your name, email address, and specific request
  • Verification: We may request additional information to verify your identity
  • Response Time: We will respond within 30 days

8. International Data Transfers

8.1 Australian Data Storage

Scripter is based in Australia and stores data primarily in Sydney, Australia.

Primary Database: Our primary Supabase database is located in Sydney, Australia.

Backup Storage: Backup replicas may be stored in Sydney or other Oceania data centers for redundancy and disaster recovery purposes.

8.2 Third-Party Service Providers

Some service providers store or process data outside Australia:

  • PostHog: Analytics and feedback data — servers located in the United States (us.i.posthog.com). For authenticated users, this includes personal information (user ID, email, name) and usage events. See PostHog's privacy policy: https://posthog.com/privacy
  • Vercel: Global CDN with servers in multiple countries
  • Resend: Email infrastructure (United States)
  • Cloudflare: Global CDN and DNS

8.3 Data Protection Standards

When data is transferred internationally:

  • We ensure service providers comply with data protection standards comparable to Australian Privacy Principles
  • Contractual agreements require appropriate security measures
  • Data is encrypted in transit and at rest

By using Scripter, you consent to the transfer of your information to third-party service providers who may operate infrastructure outside Australia, subject to appropriate safeguards.

9. Children's Privacy

9.1 Age Restriction

Scripter is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.

9.2 Parental Notice

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at info@scripter.au, and we will delete such information.

9.3 Professional Requirement

To use Scripter, you must be a licensed veterinarian, which requires professional qualifications that are only obtainable by adults.

10. Updates to This Privacy Policy

10.1 Right to Modify

We reserve the right to update this Privacy Policy at any time to reflect:

  • Changes in our practices
  • Changes in applicable law
  • New features or services
  • Feedback from users or regulators

10.2 Notification of Changes

When we make material changes:

  • We will update the "Last Updated" date at the top of this document
  • We will notify you via email to your registered email address
  • We will post a notice on the Service dashboard
  • For significant changes affecting your rights, we will provide at least 30 days' notice

10.3 Acceptance of Changes

Your continued use of the Service after the effective date of the updated Privacy Policy constitutes your acceptance of the changes.

If you do not agree to the updated Privacy Policy, you must discontinue use of the Service and may request account deletion.

10.4 Version History

We maintain a version history of this Privacy Policy. You may request previous versions by contacting info@scripter.au.

11. Contact Information

For any privacy-related questions, concerns, or requests:

Contact Us:

  • Email: info@scripter.au
  • Response Time: Within 30 days of receiving your inquiry

12. Additional Information for Healthcare Professionals

12.1 Professional Obligations

As a veterinarian, you have independent obligations under:

  • State/territory veterinary practice acts
  • Australian Veterinary Association (AVA) codes of conduct
  • Privacy Act 1988 (Cth) regarding patient/client information

Your Responsibilities:

  • You remain the data controller for patient and client information
  • We act as a data processor on your behalf
  • You are responsible for obtaining necessary consents from clients
  • You must comply with veterinary privacy and confidentiality requirements

Before entering client information into Scripter:

  • Ensure you have appropriate consent to collect and store client data
  • Inform clients that their information will be stored electronically
  • Comply with applicable privacy laws regarding health information
  • Maintain your own privacy practices in accordance with professional standards

12.3 Data Processor Role

Scripter acts as a data processor for patient and client information:

  • We store data securely on your behalf
  • We do not use patient/client data for our own purposes
  • We do not share patient/client data with third parties (except infrastructure providers)
  • You retain all ownership and control of clinical data

13. Specific Privacy Disclosures

13.1 Analytics and Tracking

We want to be transparent about our analytics practices:

PostHog (active):

  • We use PostHog to understand how authenticated users interact with the Service (page views, feature usage, navigation patterns)
  • For authenticated users, PostHog analytics are linked to your identity (user ID, email address, and name). This data is stored on PostHog's servers in the United States
  • PostHog is also used to collect in-app feedback submitted via the support and feedback dialogs; the content of feedback messages is sent to PostHog linked to your user identity
  • For the free prescription generator, analytics collected via PostHog are anonymous

What PostHog does NOT capture:

  • Session recordings or video replays (disabled)
  • Autocapture (we do not record clicked-element text, form values, or generic DOM events)
  • URL query strings (only the page path is captured)
  • Prescription content, patient data, or client data

Vercel Analytics (may be used):

  • May be used to collect anonymized web performance metrics (page load times, web vitals)

General:

  • We do not track your browsing behavior outside our Service
  • We do not build user profiles for advertising or marketing purposes
  • We do not sell analytics data to third parties
  • You can opt out of PostHog analytics tracking by visiting https://posthog.com/privacy and using the opt-out mechanism, or by disabling tracking through browser privacy tools

13.2 No Marketing or Advertising

  • We do not send marketing emails (service is currently free)
  • We do not share your data with advertisers
  • We do not display third-party advertisements
  • We do not sell or rent your information to anyone

13.3 Email Communications

The only emails you will receive:

  • Account verification (one-time during signup)
  • Password reset requests (when you request)
  • Verification status updates (when admin reviews your documents)
  • Critical security alerts (if necessary)
  • Important service updates or legal changes (rare)

You will NOT receive:

  • Marketing or promotional emails
  • Newsletters (unless we add this as opt-in feature)
  • Third-party advertisements
  • Surveys (unless opt-in feature added)

14. Governing Law

This Privacy Policy is governed by the laws of New South Wales, Australia, and the Commonwealth Privacy Act 1988 (Cth).

Any disputes arising from this Privacy Policy will be subject to the exclusive jurisdiction of the courts of New South Wales, Australia.

Acknowledgment

BY USING SCRIPTER, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO THIS PRIVACY POLICY.

Legal

Privacy policy, terms of service, and legal information

Terms of Service

Terms and conditions for using Scripter

On this page

1. Introduction1.1 About Scripter1.2 Our Commitment to Privacy1.3 Free Prescription Generator - Important Privacy Information2. Information We Collect2.1 Information You Provide2.2 Information We Collect Automatically2.3 Cookies and Similar Technologies2.4 Information We Do NOT Collect3. How We Use Your Information3.1 What We Use It For3.2 What We Don't Do4. How We Share Your Information4.1 Third-Party Service Providers4.2 Legal and Regulatory Disclosures4.3 Business Transfers4.4 Aggregated and Anonymized Data4.5 With Your Consent4.6 What We Do NOT Share5. Data Security5.1 Technical Security Measures5.2 Organizational Security Measures5.3 Your Role in Security5.4 Limitations and Risks5.5 Data Breach Notification6. Data Retention6.1 Active Account Data6.2 Prescription Data Retention6.3 Account Deletion6.4 Inactive Accounts6.5 Backup and Disaster Recovery7. Your Privacy Rights7.1 Right to Access7.2 Right to Correction7.3 Right to Deletion (Right to be Forgotten)7.4 Right to Data Portability7.5 Right to Restrict Processing7.6 Right to Complain7.7 Right to Opt-Out of Communications7.8 Exercising Your Rights8. International Data Transfers8.1 Australian Data Storage8.2 Third-Party Service Providers8.3 Data Protection Standards8.4 Your Consent9. Children's Privacy9.1 Age Restriction9.2 Parental Notice9.3 Professional Requirement10. Updates to This Privacy Policy10.1 Right to Modify10.2 Notification of Changes10.3 Acceptance of Changes10.4 Version History11. Contact Information12. Additional Information for Healthcare Professionals12.1 Professional Obligations12.2 Client Consent12.3 Data Processor Role13. Specific Privacy Disclosures13.1 Analytics and Tracking13.2 No Marketing or Advertising13.3 Email Communications14. Governing LawAcknowledgment