Doctor-prescribed peptides at the lowest prices. Start your free assessment →
[pepti]
RecoveryWeight LossAnti-AgingIntimacyCognitiveSkin & HairImmunePricingFree ToolsBlogAccountGet started →
Contact SupportAbout Us

Privacy Policy

Last updated: April 10, 2026

[pepti] (“we,” “us,” or “our”) takes your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our website, mobile applications, and services (collectively, the “Services”).

1. Information We Collect

Information You Provide

  • Account information: name, email, phone number, date of birth, mailing address, password
  • Health information: medical history, current medications, allergies, symptoms, treatment goals, biometric measurements (height, weight)
  • Payment information: credit card or other payment details (processed by our payment processor; we do not store full card numbers)
  • Communications: messages with our AI assistant, customer support, or healthcare providers
  • Identity verification: government-issued ID, photos for identity verification when required

Information Collected Automatically

  • Device and browser type, operating system, IP address, referring URL
  • Pages visited, time spent, links clicked
  • Cookies, web beacons, and similar tracking technologies

2. How We Use Your Information

  • To provide, operate, and improve the Services
  • To facilitate medical consultations with independent healthcare providers
  • To process payments and fulfill prescription orders
  • To communicate with you about your account, orders, and treatments
  • To send marketing communications (with your consent, where required)
  • To detect and prevent fraud, abuse, and security incidents
  • To comply with legal obligations

3. HIPAA & Protected Health Information

Some of the information you provide constitutes Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA). When acting as a Business Associate of healthcare providers, we handle PHI in accordance with HIPAA. See our HIPAA Notice of Privacy Practices for details.

4. How We Share Information

We share your information only as described below:

  • Healthcare providers and pharmacies: with the licensed providers and compounding pharmacies who provide your treatment
  • Service providers: with vendors who help us operate the Services (e.g., payment processors, hosting providers, shipping carriers, customer support tools), under written contracts that limit their use of your information
  • Legal compliance: when required by law, subpoena, court order, or other legal process
  • Business transfers: in connection with a merger, acquisition, or sale of assets
  • With your consent: for any other purpose disclosed at the time you provide your information

We do not sell your personal information. We do not share your health information with advertisers or use it to target ads.

5. Cookies and Tracking

We use cookies and similar technologies to remember your preferences, understand how you use the Services, and improve your experience. You can manage cookie preferences through your browser settings or our cookie banner. See our Cookie Notice for details.

6. Data Security

We use industry-standard administrative, technical, and physical safeguards to protect your information, including encryption in transit and at rest, access controls, regular security audits, and employee training. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

Mobile device security. When you access the Services from a mobile device or web browser, there is a risk that some of your information — including Protected Health Information — may be stored unencrypted on your device (for example, in your browser cache or app storage). We take reasonable safeguards to minimize this risk but cannot guarantee they will be effective. You are responsible for securing your own device, including using a passcode, keeping your operating system updated, and avoiding the use of jailbroken or rooted devices to access the Services.

Payment processing. All payment card information is encrypted in transit and processed by our third-party payment processor. [pepti] does not collect or store your full credit card details. We only retain a token reference and the last 4 digits for billing identification purposes.

7. Data Retention

We retain your information for as long as necessary to provide the Services and to comply with our legal obligations, including state and federal medical record retention requirements (typically 7 years from the date of last service, or longer in some states).

8. Your Rights

All Users

  • Access, correct, or update your personal information through your account dashboard
  • Request deletion of your account (subject to legal retention requirements for medical records)
  • Opt out of marketing communications

California Residents (CCPA / CPRA)

California residents have additional rights to know what personal information we collect, request deletion, opt out of sale (we do not sell), correct inaccurate information, and limit use of sensitive personal information. To exercise these rights, email privacy@hellopepti.com.

HIPAA carve-out. Medical information governed by HIPAA — including any Protected Health Information collected in connection with healthcare services provided through our independent physician partners — is excluded from the scope of CCPA/CPRA. That medical information is governed by HIPAA and our Notice of Privacy Practices, not by CCPA. This is consistent with the CCPA exemption for HIPAA-covered information.

EU/UK Residents (GDPR)

If you are located in the European Economic Area or United Kingdom, you have rights to access, rectify, erase, restrict, or port your personal data, and to object to processing. Our legal bases for processing include consent, contract performance, legal obligation, and legitimate interests.

9. Children's Privacy

Our Services are not intended for individuals under 18. We do not knowingly collect information from children under 18. If we learn we have collected such information, we will delete it.

10. Third-Party Links

The Services may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy and updating the “Last updated” date.

12. Contact Us

For privacy questions or to exercise your rights, contact our Compliance and Privacy Officer:

  • Email: privacy@hellopepti.com
  • Phone: 1-800-PEPTI-HQ (replace with real number at launch)
  • Mail: [pepti] Inc., Attn: Privacy Officer, [Address at launch]