Privacy Policy

Last updated: April 2026

1. Overview

pepta (“we,” “us,” “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services. Please also review our HIPAA Notice of Privacy Practices for information specifically about your protected health information (PHI).

2. Information We Collect

Personal Information: Name, email address, date of birth, gender, phone number, shipping address, and payment information.

Health Information: Medical history, current medications, allergies, health goals, and quiz responses submitted through our intake forms. This information is treated as Protected Health Information (PHI) under HIPAA.

Usage Data: IP address, browser type, device information, pages visited, time spent on pages, and referral sources.

Communication Data: Chat conversations with our AI support assistant and emails exchanged with our team.

3. How We Use Your Information

We use your information to:

  • Facilitate telehealth consultations with licensed physicians
  • Process prescriptions and coordinate with compounding pharmacies
  • Process payments and manage subscriptions
  • Ship medications to your address
  • Communicate about your protocol, shipments, and account
  • Provide customer support
  • Improve our services and user experience
  • Comply with legal obligations

4. How We Share Your Information

We share your information only as necessary:

  • Healthcare Providers: Licensed physicians who review your intake and prescribe protocols
  • Pharmacies: Licensed 503A compounding pharmacies that prepare and ship your medications
  • Payment Processors: Stripe processes all payments; we do not store your full card details
  • Service Providers: Email (Resend), hosting (Vercel), database (Supabase) — all bound by data processing agreements
  • Legal Requirements: When required by law, court order, or to protect safety

We do not sell your personal information to third parties. We do not share your health information for marketing purposes.

5. Cookies and Analytics

We use cookies and similar technologies to analyze website traffic and optimize your experience. This includes Google Analytics (GA4), Meta Pixel, and TikTok Pixel for conversion tracking. These tools collect anonymized usage data. You can opt out by adjusting your browser settings or using browser extensions that block tracking.

6. AI-Generated Content Disclosure

Our website includes an AI-powered chat assistant that uses Anthropic's Claude API. Chat conversations are logged to improve service quality. The AI assistant does not provide medical advice, diagnosis, or treatment. Certain content on this website may be generated or enhanced using artificial intelligence technologies.

7. Data Security

We implement industry-standard security measures including encryption in transit (TLS) and at rest, access controls, and regular security reviews. However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

8. Data Retention

We retain your personal and health information for as long as your account is active and for a minimum of 7 years after your last interaction, as required by medical record retention laws. You may request deletion of non-medical personal data by contacting privacy@pepta.com.

9. Your Rights

You have the right to:

  • Access and receive a copy of your personal data
  • Correct inaccurate information
  • Request deletion of non-medical personal data
  • Opt out of marketing communications
  • Withdraw consent for telehealth services

10. California Residents (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what personal information is collected, the right to delete personal information, the right to opt out of the sale of personal information (we do not sell your data), and the right to non-discrimination for exercising your rights. To exercise these rights, contact privacy@pepta.com.

11. Children's Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect information from minors. If we learn we have collected information from a minor, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or by posting a notice on our website. Continued use after changes constitutes acceptance.

13. Contact

For privacy-related questions or requests, contact us at privacy@pepta.com or support@pepta.com.