ScriptRun

Privacy Policy

Effective April 15, 2026

This Privacy Policy explains how MonkeyWolf Digital LLC("ScriptRun," "we," "us") collects, uses, stores, and protects personal information in connection with the ScriptRun pharmacy prescription delivery platform (the "Service"). ScriptRun is a business-to-business platform operated for licensed pharmacies. Patients do not interact directly with ScriptRun; they interact with their pharmacy, which uses our Service to manage deliveries.

1. Information We Collect

From pharmacies (our customers): business name, address, license details, administrator names, email addresses, phone numbers, and payment information.

From patients (through their pharmacy): first name, last name, phone number, delivery address, optional email address, prescription metadata (order identifier, pickup instructions, proof-of-delivery photos and signatures). We do not display medication names or clinical details to drivers.

Automatically: driver GPS location (only while the driver app is active and an active route is assigned), IP address, browser type, device identifiers, usage logs.

2. How We Use Information

  • To dispatch, route, and deliver prescriptions to patients.
  • To send SMS and email notifications to patients about their own deliveries (see Section 4).
  • To provide tracking, proof of delivery, and analytics to the pharmacy.
  • To process subscription billing and prevent fraud.
  • To comply with applicable law, including HIPAA.

3. HIPAA and Protected Health Information

ScriptRun acts as a HIPAA Business Associate to participating pharmacies. We have executed or will execute Business Associate Agreements (BAAs) with our pharmacy customers and with each of our subprocessors that may handle PHI, including Supabase, Twilio, Resend, Anthropic, and Vercel. PHI is encrypted in transit (TLS 1.2+) and at rest. Drivers never see medication names.

4. SMS Messaging

ScriptRun sends SMS messages to patients on behalf of participating pharmacies using Twilio. Messages are strictly transactional and relate only to the patient's own active prescription deliveries (dispatch notifications, tracking links, delivery confirmations, and failed-delivery notices). Message and data rates may apply. Message frequency is approximately 2–4 messages per delivery.

Patients consent to receive SMS at the pharmacy counter, either verbally (logged by the pharmacist) or through a written intake form. The pharmacy records consent in its patient management system. Patients may opt out at any time by replying STOP to any message. Reply HELP for assistance or email support@scriptrun.app.

Mobile information and opt-in data are not shared with third parties or affiliates for marketing or promotional purposes. We do not sell phone numbers or patient data.

5. Email

We send transactional email (delivery confirmations, account notifications, password resets, team invitations) via Resend. We do not send marketing email to patients.

6. Data Sharing

We share information only with:

  • The pharmacy that collected the patient's data (our customer).
  • Subprocessors acting on our behalf under contract (Supabase — database; Twilio — SMS; Resend — email; Anthropic — label recognition; Vercel — hosting; Stripe — billing; Mapbox — maps; OSRM — routing).
  • Law enforcement or regulators when required by valid legal process.
  • Successors in the event of a merger or acquisition, subject to this Policy.

We do not sell personal information.

7. Data Retention

Delivery records are retained for the duration of the pharmacy's account plus 7 years to meet pharmacy recordkeeping obligations, or longer if required by law. Driver GPS points are retained for 90 days, then aggregated. Patients may request deletion of their data by contacting their pharmacy, which can delete records through the ScriptRun dashboard.

8. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or export your personal information. Patients should direct such requests to their pharmacy. Pharmacies and other direct customers may contact us at support@scriptrun.app.

9. Security

We use industry-standard safeguards including TLS encryption, role-based access control, row-level security in our database, and audit logging. No system is perfectly secure; we will notify affected customers and regulators of any breach as required by law.

10. Children

The Service is not directed to children under 13. We do not knowingly collect information from children under 13 directly; pharmacies may create records on behalf of pediatric patients with appropriate parental/guardian consent.

11. Changes

We may update this Policy. Material changes will be emailed to account administrators and posted here with a revised effective date.

12. Contact

MonkeyWolf Digital LLC
8052 NW 114 Pl, Miami, FL 33178
Email: support@scriptrun.app