ScriptStation — Intelligent Automation
AboutHow it worksKey MetricsTestimonials
Book a demo

ScriptStation, LLC

Privacy Policy

Effective Date: April 19, 2026  |  Version 2.0

1. Introduction and Scope

ScriptStation, LLC (“ScriptStation,” “we,” “our,” or “us”) develops proprietary workflow-automation software for licensed pharmacies. This Privacy Policy describes how we collect, use, disclose, and protect personal information that we collect through our website at https://www.scriptstation.ai (the “Site”) and through our direct interactions with prospective and existing customers.

This Privacy Policy applies only to information that ScriptStation collects directly through the Site and its sales, marketing, and support channels. It does not apply to (a) Protected Health Information (“PHI”) that ScriptStation processes on behalf of a pharmacy or other Covered Entity under a Business Associate Agreement (“BAA”); or (b) Customer Data processed under a written Bot Services Agreement (“BSA”) or other written agreement between ScriptStation and a Customer. The use, disclosure, and protection of PHI and Customer Data are governed exclusively by the applicable BAA and BSA, and not by this Privacy Policy. See Section 4 (Healthcare Data and HIPAA) for routing of patient PHI requests.

2. Definitions

“Personal information” as used in this Policy means information that identifies, relates to, or could reasonably be linked to an individual that ScriptStation collects directly through the Site (e.g., contact information you submit on a demo-request form). It does not include PHI processed by ScriptStation on behalf of a Covered Entity under a BAA or Customer Data processed under a BSA.

“PHI” (Protected Health Information) has the meaning given under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, as amended (“HIPAA”).

“Covered Entity” and “Business Associate” have the meanings given under HIPAA.

“Customer Data” has the meaning given in the BSA.

“External AI Provider” means a third-party provider of artificial intelligence, machine learning, large language model, reasoning, or similar services used to support certain features of our Bot Services.

3. Information We Collect

3.1 Information You Provide Directly

We collect personal information that you actively choose to share with us, such as when you:

  • Submit a demo request, contact form, or sales inquiry;
  • Subscribe to our newsletter or other communications;
  • Communicate with our sales, support, or implementation teams;
  • Attend a webinar, conference, or other event we host or sponsor; or
  • Apply for a position at ScriptStation.

The categories of personal information we may collect include your name, work title, work email, organization name, phone number, mailing address, the contents of any messages you send us, and any other information you choose to provide.

3.2 Information Collected Automatically

When you visit the Site, we and our analytics providers may automatically collect device, usage, and traffic data such as IP address (which we treat as personal information in jurisdictions that require it), browser type, operating system, referring/exit pages, pages viewed, dates and times of access, approximate geolocation derived from IP address, and similar telemetry.

3.3 Cookies and Similar Technologies

We and our service providers use cookies, pixels, web beacons, and similar technologies to operate the Site, remember preferences, measure performance, and conduct analytics. Most browsers allow you to manage or disable cookies through their settings; some Site features may not function as intended without them. Where required by law, we obtain consent through a cookie banner before placing non-essential cookies.

ScriptStation honors the Global Privacy Control (“GPC”) signal as a valid request to opt out of any “sale” or “share” of personal information under applicable U.S. state privacy laws.

4. Healthcare Data and HIPAA

ScriptStation acts as a Business Associate, not a Covered Entity. In our capacity as a vendor to licensed pharmacies and other healthcare-adjacent businesses, we may create, receive, maintain, or transmit PHI on behalf of those organizations. When we do so, we operate as a HIPAA Business Associate under a written Business Associate Agreement with the applicable Covered Entity.

PHI is governed by the BAA, not this Policy. Our use, disclosure, safeguarding, and breach reporting of PHI are governed exclusively by the applicable BAA and the underlying Bot Services Agreement. Nothing in this Privacy Policy expands, modifies, or supplements ScriptStation’s obligations under any BAA or BSA, and nothing in this Policy creates rights for individuals with respect to PHI beyond those provided by HIPAA and the applicable BAA.

4.1 Patient Requests Regarding PHI

If you are a patient or individual whose PHI is processed by ScriptStation on behalf of a pharmacy or other healthcare provider, please direct all access, amendment, deletion, accounting, and other HIPAA-related requests to that healthcare provider, who is the Covered Entity responsible for your PHI under HIPAA. ScriptStation cannot lawfully fulfill PHI requests directly. We will route any such requests we receive to the appropriate Covered Entity in accordance with the applicable BAA.

5. Artificial Intelligence and External AI Providers

ScriptStation’s Bot Services may use third-party artificial intelligence, machine learning, large language model, or similar providers (each, an “External AI Provider”) to support certain optional features and operational tasks.

(a) PHI restriction. ScriptStation does not intentionally submit identifiable PHI or identifiable personal information to any External AI Provider unless the applicable Customer (Covered Entity) has expressly authorized that disclosure in a separately signed written addendum that satisfies HIPAA, includes any required Business Associate or equivalent contractual protections, and limits disclosure to the minimum necessary.

(b) De-identified data. ScriptStation may use de-identified data, aggregated usage data, telemetry, error logs, and operational metrics with External AI Providers to perform optional features, improve operational performance, and develop and improve our products and services.

(c) Provider selection. ScriptStation may select, substitute, remove, or change External AI Providers or model versions in its discretion, consistent with the applicable BSA and BAA.

(d) Subprocessor list. A current list of categories of External AI Providers and other subprocessors is available on request to sales@scriptstation.ai.

6. How We Use Personal Information

We use personal information collected through the Site for the following purposes:

  • Responding to your demo requests, sales inquiries, and support questions;
  • Sending you newsletters, product announcements, and marketing communications you have requested or are otherwise lawfully permitted;
  • Operating, maintaining, securing, and improving the Site;
  • Conducting analytics, performance measurement, and product research;
  • Recruiting and processing job applications;
  • Detecting, investigating, and preventing fraud, security incidents, and misuse;
  • Complying with legal obligations and enforcing our agreements; and
  • Such other purposes as we describe at the point of collection or as you otherwise authorize.

De-identified, aggregated, telemetry, and operational data. We also create, use, and disclose aggregated, de-identified data, telemetry, error logs, performance metrics, and other operational data (collectively, “Operational Data”) to secure, support, benchmark, train, improve, and develop our products, services, and underlying models. Operational Data does not identify you or any other individual. ScriptStation’s rights to create and use Operational Data derived from Customer engagements are also addressed in the applicable BSA, and nothing in this Policy limits those rights.

7. How We Share Information

ScriptStation does not sell your personal information for monetary consideration, and we do not share your personal information with third parties for their own direct-marketing purposes. We may share personal information in the following limited circumstances:

(a) Service providers and subprocessors. We use a limited set of service providers and subprocessors that process information solely on our behalf under written contracts, including hosting and infrastructure providers, security and monitoring vendors, analytics providers, email-delivery services, customer-relationship-management platforms, billing and payment processors, support contractors, and External AI Providers. We are responsible for our service providers’ performance to the extent set forth in our contracts with them.

(b) Customer-directed disclosures. With respect to PHI and Customer Data, we share information only as directed by the applicable Customer and as permitted by the BSA and BAA.

(c) Compliance, safety, and legal process. We may disclose information when we believe in good faith that disclosure is necessary to comply with a subpoena, court order, regulatory request, or other legal process; to enforce our agreements or protect our rights; to protect the safety of any person; or to investigate, prevent, or respond to suspected fraud, security incidents, or violations of law.

(d) Corporate transactions. If ScriptStation is involved in a merger, acquisition, financing, reorganization, or sale of all or substantially all of its assets, personal information may be transferred to the successor entity, subject to commitments at least as protective as this Policy.

(e) With your consent. We may disclose personal information for any other purpose with your consent.

CCPA/CPRA “sale” and “share”. To the extent any data flow to or through analytics, advertising, or AI-related service providers could be deemed a “sale” or “share” of personal information under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”), or under similar laws of other states, you may exercise your right to opt out as described in Section 9 (Your Privacy Rights). ScriptStation honors GPC opt-out signals.

8. Data Retention

We retain personal information for as long as reasonably necessary to fulfill the purposes for which it was collected, to provide our services, to comply with legal and regulatory obligations, to resolve disputes, and to enforce our agreements. When personal information is no longer needed, we securely delete, aggregate, or de-identify it. Retention of PHI is governed by the applicable BAA and underlying agreements with our Customers.

9. Your Privacy Rights

Scope. This Section describes rights with respect to personal information that ScriptStation collects directly through the Site. If you are a patient whose PHI is processed by ScriptStation on behalf of a pharmacy or other healthcare provider, please direct your requests to that healthcare provider as described in Section 4.

9.1 Rights Under U.S. State Privacy Laws

Depending on the state in which you reside (including California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Indiana, Tennessee, Delaware, New Hampshire, New Jersey, Minnesota, Maryland, and other states with comprehensive privacy laws), you may have some or all of the following rights:

  • The right to know or access the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes for collection, and the categories of third parties to whom we disclose personal information;
  • The right to correct inaccurate personal information;
  • The right to delete personal information, subject to legal exceptions;
  • The right to obtain a portable copy of your personal information;
  • The right to opt out of the “sale” or “sharing” of personal information and of targeted advertising;
  • The right to opt out of profiling that produces legal or similarly significant effects (we do not currently engage in such profiling with respect to Site visitors);
  • The right to limit the use of sensitive personal information; and
  • The right not to be discriminated against for exercising your rights.

9.2 How to Exercise Your Rights

Submit a verifiable consumer request to sales@scriptstation.ai or by mail to the address in Section 14. We will acknowledge receipt within ten (10) business days and respond within forty-five (45) days, with one extension of up to forty-five (45) additional days where reasonably necessary, in each case as required by applicable law. We may need to verify your identity and may request additional information to do so. You may use an authorized agent to submit a request, in which case we may require written proof of authorization and verification of your identity.

9.3 Right to Appeal

If we decline to act on your request, you have the right to appeal our decision by replying to our response or by contacting us at sales@scriptstation.ai with the subject line “Privacy Appeal.” If your appeal is denied, you may contact your state attorney general or other appropriate regulator.

9.4 Marketing Opt-Outs

Every marketing email includes an unsubscribe link. You may also email sales@scriptstation.ai to opt out of marketing communications. We will continue to send transactional and relationship-based communications (such as responses to your inquiries and account or service notices) as permitted by law.

10. Security

ScriptStation maintains commercially reasonable administrative, technical, and physical safeguards designed to protect personal information in systems under its control against unauthorized access, use, disclosure, alteration, or destruction. For PHI processed on behalf of a Covered Entity, ScriptStation’s safeguards are governed by the applicable Business Associate Agreement and HIPAA Security Rule. No method of electronic transmission or storage is one hundred percent (100%) secure, and we cannot guarantee absolute security.

10.1 Security Incidents

In the event of a confirmed security incident affecting personal information in systems under our control, we will notify affected parties without unreasonable delay and as required by applicable law. Breach reporting with respect to PHI is governed by the applicable Business Associate Agreement and HIPAA Breach Notification Rule.

11. Children’s Privacy

The Site is intended for business users and is not directed to children under the age of sixteen (16). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us at sales@scriptstation.ai so we can delete it.

12. International Visitors

ScriptStation is based in the United States, and personal information we collect is processed in the United States and any other countries where we or our service providers operate. By using the Site, you understand that your information will be transferred to and processed in the United States. ScriptStation does not currently market to residents of the European Economic Area, the United Kingdom, or Switzerland. If you are located outside the United States and choose to provide information to us, you do so at your own risk and consent to the transfer.

13. Governing Law and Dispute Resolution

Governing law. This Privacy Policy and any dispute arising out of or relating to it or to the Site are governed by the laws of the State of Arizona, without regard to its conflict-of-laws rules.

Mandatory arbitration; class waiver. Except for claims for injunctive or equitable relief, any dispute arising out of or relating to this Privacy Policy or the Site shall be finally resolved by confidential binding arbitration administered by the American Arbitration Association (“AAA”) in Maricopa County, Arizona, under its Commercial Arbitration Rules (or, where applicable, its Consumer Arbitration Rules), before a single arbitrator. You and ScriptStation each waive any right to participate in a class, consolidated, or representative action. The arbitrator shall issue a reasoned written award. Judgment on the award may be entered in any court of competent jurisdiction.

Injunctive relief. Either party may seek temporary, preliminary, or permanent injunctive or other equitable relief in any state or federal court located in Maricopa County, Arizona.

30-day arbitration opt-out (consumers only). If you are an individual consumer, you may opt out of the arbitration provision in this Section 13 by sending written notice to sales@scriptstation.ai within thirty (30) days of first accepting this Policy, with the subject line “Arbitration Opt-Out” and including your full name and the email address you used to interact with the Site.

14. How to Contact Us

ScriptStation, LLC
Attn: Legal Department
2727 W Baseline Rd, Suite 1
Tempe, Arizona 85283

Email: sales@scriptstation.ai
Website: https://www.scriptstation.ai

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least thirty (30) days’ advance notice by posting the revised Policy on the Site with a new effective date and, where appropriate, by other reasonable means (such as email or in-product notice). Your continued use of the Site following the effective date of a revised Policy constitutes your acceptance of the changes, except where additional consent is required by law. If you have a separate written agreement with ScriptStation, that agreement—not this Policy—governs amendments to that relationship.

16. Change Log

Version 2.0 — April 19, 2026 — Comprehensive revision: added HIPAA / BA disclosure and PHI routing; added Artificial Intelligence and External AI Providers section; aligned safeguards language with BSA §9.3 (“commercially reasonable”); preserved BSA §9.9 operational-data rights; added comprehensive U.S. state privacy rights and GPC honoring; revised “sale/share” language; expanded subprocessor disclosure; added governing law, arbitration, and class-action waiver; added definitions and contact-routing alignment.

Version 1.0 — March 2026 — Initial Privacy Policy.