Security Framework
Security through design, not just policy. Here's how we protect you.
Our Security Philosophy
We believe security shouldn't require you to "be careful." Script Unlock is designed so that unsafe behavior is structurally impossible, not just discouraged.
This means: encryption is automatic, access is restricted by default, sensitive data expires automatically, and every action creates an audit trail. You don't have to trust that we'll keep our promises—the system architecture enforces them.
Security Pillars
Security by Design
Unsafe behavior is structurally impossible, not just discouraged. Every system defaults to secure—no user action required.
Encryption Everywhere
Your prescription is encrypted when you upload it (TLS 1.3) and when it's stored (AES-256). Only authorized parties can access it.
Minimal Access
Pharmacies see only what they need to fill your prescription. Your complete health history stays private.
Automatic Deletion
Prescription images are automatically deleted 30 days after your order completes. You can delete sooner anytime.
Complete Audit Trail
Every access, every action, every change is logged. If something goes wrong, we can trace exactly what happened.
Continuous Monitoring
Automated systems watch for unusual patterns 24/7. Suspicious activity triggers immediate review.
Isolated Storage
Prescription data is stored separately from account information. Even our admin tools can't access your prescription images.
Verified Pharmacies
Every pharmacy is verified before joining. Licenses, credentials, and business information are checked and rechecked.
What This Means For You
Your Prescription Data
- ✓Encrypted when you upload it
- ✓Stored separately from your account
- ✓Accessible only to pharmacies you authorize
- ✓Automatically deleted after order completion
- ✓Never visible to our support or admin teams
Your Transactions
- ✓Payments processed through PCI-compliant systems
- ✓Money held in escrow until you receive medication
- ✓All transactions logged for your protection
- ✓Automatic refunds for unfulfilled orders
- ✓No payment details stored on our servers
Your Privacy
- ✓We don't sell your data—ever
- ✓Pharmacies see only what they need
- ✓No PHI in logs or analytics
- ✓You can delete your data anytime
- ✓HIPAA-compliant practices throughout
Your Control
- ✓You choose which bids to accept
- ✓Cancel anytime before pharmacy starts
- ✓Request complete data deletion
- ✓Export your data on request
- ✓Leave anytime—no lock-in
Technical Standards
Encryption
- • TLS 1.3 for all data in transit
- • AES-256 for data at rest
- • Separate encryption keys for PHI
Access Control
- • Role-based access control (RBAC)
- • Row-level security on all tables
- • Time-bound admin access
Monitoring
- • 24/7 automated security monitoring
- • Anomaly detection and alerting
- • Comprehensive audit logging
Compliance
- • HIPAA-compliant practices
- • PCI-compliant payment processing
- • Regular security assessments
What We Won't Claim
We believe in honest communication about security. You'll never hear us claim to be "unhackable," "100% secure," or protected by "military-grade" anything.
Instead, we tell you exactly what we do: defense-in-depth, industry-standard encryption, continuous monitoring, and clear incident response procedures. No system is perfect, but ours is designed to minimize risk and respond quickly when issues arise.
Questions about our security practices? Contact security@scriptunlock.com