Script AI

Privacy Policy

Last Updated: 19 February 2026

Introduction

Welcome to our Privacy Policy. We respect your privacy and take it very seriously. We are Script AI, and this policy explains how we collect, use, protect, and manage your personal data when you interact with our website, platform, products, and services.

This Privacy Policy is designed to help you understand:

  • what personal data we collect and why,
  • how your personal data is used and shared,
  • how we protect your information, and
  • what rights you have in relation to your personal data and how to exercise them.

Please read this policy carefully to understand our practices regarding your personal data.

Audience

This Privacy Policy applies to you if you:

  • visit our website,
  • create an account or use our application and platform,
  • purchase or inquire about our products or services,
  • communicate with us (including through live chat, email, or messaging services), or
  • apply for a job or role with Script AI.

It applies to customers, users, prospective customers, and other individuals who interact with us in any of the ways described above.

What type of personal data do we collect and how do we use it?

The personal data we may collect about you includes the following categories of information. The specific information we collect depends on how you interact with us, the services you use, and the information you choose to provide.

1. Account Information: When you register for our service or product, we may collect details such as your full name, email address, employment type, job title, organisation name, and contact information. This information is used to create and manage your account and provide access to our services.

2. Profile Information: When you create or update your profile, we collect the information you choose to provide, such as your username, preferences, and any additional details you submit. This helps us personalise your experience and manage your account.

3. Log-In to the Platform: We may offer Single Sign-On (SSO) options such as Google. When you use SSO, certain information may be shared with us based on your SSO provider's privacy settings, such as your name, email address, and profile picture, for authentication purposes.

4. Third-Party Service Information: If you choose to integrate our platform with third-party services, this may involve the sharing of certain personal data in accordance with your privacy settings and the third party's policies. This allows us to provide enhanced functionality and connected services.

5. Customer Communications (Live Chat, Messaging Apps, and Similar Services)
When you contact us through any chat or messaging service (such as live chat, WhatsApp, or similar platforms), we may collect and process personal data including your name, email address, phone number, and the content of your messages. This information is used solely to respond to your inquiries, provide customer support, and improve our services.

6. Newsletter: We may collect your email address for newsletter registrations, with an option to opt out.

7. Interactions: We may collect additional personal data when you interact with our website, participate in surveys, contests, events, or submit job applications. This may include information such as your contact details, feedback, responses, and employment-related information.

8. Usage Information: We may collect information about how you use our website and platform, including log data, device information, IP address, browser type, and approximate location (where permitted by law). This helps us maintain platform performance, security, and improve user experience.

9. Financial Information: Where relevant, we may collect payment-related information such as billing details, transaction history, and purchase records. We do not store full payment card details unless required and permitted by law.

10. Health-Related Information: As our services support clinical documentation, we collect and process health and patient information provided by clinicians when they access or use our website, platform, and services. This includes processing audio recordings of clinical conversations, generating transcripts, and creating clinical notes to support the delivery of healthcare services by clinicians using Script AI. We may also process health information about patients where a clinician has treated a patient in connection with the use of our platform. This information may be provided directly by clinicians or made available to us through their use of the platform or connected systems. The types of health information processed may include medical history, clinical notes, symptoms, test results, disease status, and prescribed medications (amongst others). We only use this information where necessary to provide our services and in accordance with applicable data protection and health information laws, with appropriate safeguards in place.

11. Information Used for Business Improvement: We may de-identify and aggregate general personal data to understand how our website, platform, and services are used. This helps us improve functionality, performance, and user experience.

12. De-identified Health and Patient Information: We may de-identify health and patient information used on the platform and use it to improve our services, support platform functionality, and enhance clinical documentation tools. De-identification is performed using appropriate methods so that individuals cannot reasonably be identified, in compliance with applicable de-identification standards including HIPAA Safe Harbor or Expert Determination methods (45 CFR 164.514) and GDPR anonymisation requirements (Recital 26). We implement technical and organisational safeguards to prevent re-identification, and we do not attempt to re-identify any anonymised data or permit third parties to do so. De-identified data is used solely by Script AI for the purposes described above and is not sold, licensed, or otherwise made available to third parties for their own purposes.

13. Information Collected by Cookies: We may collect information through cookies, such as your browser type, operating system, websites visited, and usage patterns. In some cases, cookies may be linked to your account. Further details are provided in our Cookies section.

14. Providing Information: If you choose not to provide certain personal data, some features of our website, platform, or services may not function properly, and we may be unable to provide specific support or services to you.

Use of your personal data

We use the personal data we collect to operate, maintain, and improve our website, platform, and services, and to support clinicians in delivering healthcare services.

We design our systems with privacy and data protection in mind. This includes applying appropriate technical and organisational measures such as access controls, encryption, and regular security monitoring to protect personal and health information. Where appropriate, we de-identify data to reduce the risk of individuals being identified.

If we intend to use your personal data for a purpose that is materially different from what is described in this Privacy Policy, we will notify you and provide you with relevant information about that new use, in accordance with applicable laws.

We may use your personal data for the following purposes:

1. Providing Requested Services: To enable you to access and use our website, platform, and services, manage your account, authenticate users, and provide requested features and functionality.

2. Healthcare and Clinical Documentation Support: To support clinicians in creating accurate clinical documentation and to facilitate the delivery of healthcare services to patients. This includes processing audio recordings of clinical conversations, generating transcripts, and producing clinical notes such as consultation summaries, symptoms, medical history, and other relevant clinical records, where necessary for the use of our services.

3. Improvement and Development of Services: To design, develop, test, improve, and manage our platform, services, and business operations. This includes analytics, research, performance monitoring, and user experience improvements.

4. De-identified Data for Platform Functions and Improvement: We may de-identify and/or aggregate personal data, including health and patient information, to support platform functionality, improve our services, and develop new features. De-identification is performed using appropriate methods so that individuals cannot reasonably be identified, in compliance with applicable standards (see Section 12 above for further details). De-identified data is used solely by Script AI and is not sold, licensed, or otherwise made available to third parties for their own purposes.

5. Customer Support and Communications: To respond to enquiries, provide technical support, send service-related messages, updates, reminders, security alerts, and other administrative communications.

6. Important Service Communications: To contact you when we need to inform you about important changes to our website, platform, services, terms, or this Privacy Policy.

7. Marketing and Promotional Communications: To send you marketing messages and information about our services, where permitted by law. You can opt out of marketing communications at any time.

8. Maintaining a Safe and Secure Environment: To detect, prevent, and respond to fraud, misuse, security incidents, and other harmful or unlawful activity.

9. Legal and Regulatory Compliance: To comply with legal obligations, respond to lawful requests from regulators, government authorities, or law enforcement, and to protect our legal rights and the rights, safety, and property of others.

10. Employment and Recruitment
To assess and manage job applications, recruitment processes, and employment-related matters.

11. Other De-identified or Aggregated Uses
We may also use de-identified or aggregated information for additional purposes such as improving the accuracy, performance, and reliability of our services, provided individuals cannot reasonably be identified.

Unless permitted or required by law, we do not use health or patient information for purposes outside the delivery of our services without appropriate legal basis and safeguards.

When can we use your personal data?

We may process your personal data to fulfil our obligations to you. We will only process your personal data:

  • with your explicit consent;
  • where it is necessary to carry out actions for the conclusion or performance of a contract with you;
  • where it is necessary for us to comply with a legal obligation; or
  • where we can show legitimate grounds for processing your personal data.

How do we share personal data?

We share personal data in accordance with our privacy policy and legal obligations, with the following entities:

1. Corporate Affiliates: personal data may be shared with our corporate parent, subsidiaries, and affiliates.

2. Service Providers: Third-party companies and individuals providing services on our behalf, such as customer support, hosting, analytics, etc., may access personal data as directed by us.

3. Professional Advisors: personal data may be disclosed to professional advisors like lawyers, bankers, auditors, etc., as necessary for the services they provide to us.

4. Compliance, Fraud Prevention, and Safety: personal data may be shared for compliance, fraud prevention, and safety purposes, including legal obligations and security threats.

5. Business Changes: During mergers, acquisitions, bankruptcies, or similar business changes, personal data may be shared or transferred subject to appropriate confidentiality arrangements.

Where do we transfer personal data?

We take data protection and privacy seriously and aim to process and store personal data in the region where it is collected, including for users located in Australia, the United Kingdom, the United States, the European Union, Singapore and Canada, where feasible.

Some features of our platform rely on third-party service providers whose systems may be located in other jurisdictions. Where personal data is transferred across borders, we ensure that appropriate legal, technical, and contractual safeguards are in place to protect your information in accordance with applicable data protection and health information laws.

Sensitive and identifiable health and patient information is subject to additional protections and is only transferred internationally where necessary and where suitable safeguards are in place to maintain confidentiality, security, and lawful processing.

Marketing

You are always in control of your personal data. If you choose to stop receiving our marketing communications, you can unsubscribe at any time using the link provided in our messages.

Even if you opt out of marketing, you will still receive essential service-related emails, such as account notifications or password reset messages.

Marketing communications may include email or other digital messages about our services. We do not use health or patient information for marketing purposes, and we do not allow third parties to use your personal data to market to you.

Links to other websites

This website or platform may provide links to other websites. This privacy policy does not cover the personal data practices exercised by other providers of products or services, advertisers or other websites, companies or individuals, which are not owned or controlled by us. We suggest that when linking to another website, you always read that website's privacy policy before volunteering any personal data.

Data Security

Security is critical to our objectives, and we take the security of personal and health information seriously. We use appropriate technical and organisational measures to protect personal data from loss, misuse, and unauthorised access or disclosure. These measures take into account the sensitivity of the data we process and the current state of technology.

Our safeguards include access controls, encryption, secure data storage, staff training, monitoring, and de-identification where appropriate.

We require any partners and service providers who process personal or health information on our behalf to apply appropriate security and confidentiality measures in line with applicable data protection and healthcare laws.

If you access a third-party website through a link on our platform, you will be subject to that site's own privacy practices. We are not responsible for how external websites collect, use, or protect your information.

Data Retention

We retain personal data only for as long as necessary to provide our services and to meet applicable legal, regulatory, contractual, and healthcare obligations.

As Script AI is designed to support clinical documentation rather than act as a long-term medical record system, health and patient information is generally retained only for the period needed to deliver our services to clinicians, unless longer retention is required by law or agreed with our customers.

We may also retain certain information where necessary to conduct audits, resolve disputes, enforce our agreements, or meet other lawful business needs.

When personal data is no longer required, we securely delete or anonymise it. If immediate deletion is not possible (for example, where data is stored in backup systems), the data is securely stored, restricted from further use, and removed as soon as it is reasonably possible.

Children's Data

The website and platform are not intended for children under the age of 18. We do not, knowingly, or intentionally, collect personal data about children who are under 18 years of age.

If you are under the age of 18 you may not use the website and platform, unless parental or guardian consent is provided.

If you believe that we may have any personal data from or about a person under the age of 18, please contact privacy@scriptai.co

Cookies

We will ask for your explicit consent to allow any cookies which identify you, your location or profile you before we place them on your device. We may use "cookies" or other technologies or files (collectively, "cookies") to identify how visitors make use of our website and platform. This aggregated tracking of personal data may be used to help us improve and enhance the website and platform experience for all of our users. In addition, cookies are used for adjusting the website and platform to your personal preferences. Cookies contain personal data such as the pages you visited, the length of time you stayed on the website or platform, the location from which you accessed the website or platform and more.

If you would prefer not to have cookies stored on your computer, you may reject non-necessary cookies through our website banner, modify your browser settings to reject most cookies, or manually remove cookies that have been placed on your computer. However, by rejecting the cookies, you may be unable to fully access the offerings on our website or platform. To find out more about cookies, visit www.allaboutcookies.org.

Your Rights

If you believe your rights regarding your personal data have been violated, you have the option to lodge a complaint with the relevant supervisory authority.

You have the right at any time to request access or to modify your personal data. To exercise your data protection rights as listed below, please contact us at privacy@scriptai.co. Note, that we may ask that you verify your identity first.

Your Rights Include:

  • Being informed about the personal data we process about you;
  • Accessing the personal data we process about you;
  • Rectifying or updating the personal data you have provided;
  • Requesting the deletion of your personal data;
  • Opting out or objecting to certain uses of your personal data;
  • Withdrawing consent at any time;
  • Exercising the right to data portability; and
  • Ask us to review any automated decisions made about your personal data.

For customers of our customers, please contact your system administrator to exercise your rights. We will do our best to assist our customer to fulfill your request.

Questions regarding our Privacy Policy

If you would like to contact us to discuss any queries or concerns about this privacy policy or our data protection practices contact us at privacy@scriptai.co.

Our Data Protection Officer's contact details are:

Email: privacy@scriptai.co.

What about changes to our Privacy Policy?

We will occasionally update this privacy policy. When we do, we will post a prominent notice in this section of this privacy policy notifying users when it is updated. For material changes (i.e., substantially new practices you wouldn't expect from us or that we didn't previously tell you about), we may decide to give you notice via email.