Privacy Policy

Last updated: April 9, 2026

PeptidePrescript ("we," "us," "our") operates a telehealth platform that connects patients with licensed physicians for peptide therapy consultations. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you visit our website, join our waitlist, or use our services.

By using our website or providing your information, you agree to the collection and use of your information as described in this policy. If you do not agree, please do not use our website or services.

1. Information We Collect

Information you provide directly

Waitlist information: Email address, phone number (optional), health goals, peptide experience level, and pricing preferences when you join our waitlist.
Account information: Name, date of birth, address, and contact details when you create a patient account.
Health information: Medical history, current medications, health goals, lab results, and other health-related information you provide during intake questionnaires and consultations. This information is considered Protected Health Information (PHI) under HIPAA.
Payment information: Billing address and payment card details, processed by our third-party payment processor. We do not store full credit card numbers.
Communications: Messages you send to us or our physicians through our platform, email, or other channels.

Information collected automatically

Device and usage data: IP address, browser type, operating system, referring URLs, pages viewed, and timestamps.
Cookies and tracking: We use essential cookies for site functionality and Google Analytics (GA4) to understand aggregate site usage patterns such as pages viewed, traffic sources, and general geographic region. We do not sell your data to advertisers or use third-party advertising trackers.

2. How We Use Your Information

To operate and manage the waitlist and notify you of launch updates, peptide reclassification alerts, and appointment availability.
To provide telehealth services, including physician consultations, prescription management, and ongoing care coordination.
To transmit prescriptions to licensed compounding pharmacies for fulfillment.
To communicate with you about your care, appointments, and account.
To comply with legal and regulatory obligations, including HIPAA, state telehealth laws, and pharmacy regulations.
To improve our website, services, and patient experience.
To send you SMS messages if you opted in (see Section 5 below).

3. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

Licensed physicians: Your health information is shared with the physician(s) providing your care through our platform. These physicians are employed by or contracted through a separately owned Professional Corporation (PC) and make independent clinical decisions.
Compounding pharmacies: Prescription and necessary patient information is transmitted to licensed 503A compounding pharmacies to fulfill your prescriptions.
Laboratory providers: Order information is shared with laboratory partners (e.g., Quest Diagnostics) to process your lab work.
Service providers: We use third-party services to operate our platform, including Formspree (waitlist form processing), payment processors, email providers, and hosting infrastructure. These providers are bound by data processing agreements and, where applicable, HIPAA Business Associate Agreements (BAAs).
Legal requirements: We may disclose information when required by law, subpoena, court order, or government investigation, or to protect the rights, safety, or property of our users or the public.

4. HIPAA and Protected Health Information

Important distinction: PeptidePrescript (the MSO) is not a "covered entity" under HIPAA. The Professional Corporation (PC) through which your physician provides care is the HIPAA-covered entity. PeptidePrescript may act as a "business associate" of the PC and is bound by a Business Associate Agreement (BAA) with respect to any Protected Health Information (PHI) it handles on the PC's behalf. The PC's full HIPAA Notice of Privacy Practices will be provided to you at the time of your first consultation and is available upon request.

We implement administrative, technical, and physical safeguards to protect health information, including encrypted data transmission, access controls, audit logging, and Business Associate Agreements with all vendors who access PHI on behalf of the PC.

Your rights under HIPAA (exercised through the PC) include the right to access your health records, request corrections, request restrictions on how your information is used, and receive an accounting of disclosures. You also have the right to file a complaint with the U.S. Department of Health and Human Services if you believe your privacy rights have been violated. We will not retaliate against you for filing a complaint.

5. Tracking, Analytics, and Advertising

We do not sell your personal information. We do not use third-party advertising trackers, retargeting pixels, or tracking scripts that transmit health-related browsing data to advertising platforms. We do not share your information with Google Ads, Meta/Facebook, or any other advertising network.

We use only essential cookies required for site functionality (e.g., session management). We use Google Analytics 4 (GA4) to understand aggregate site usage patterns such as page views, traffic sources, session duration, and general geographic region. Google Analytics may set cookies on your browser. Google's use of this data is governed by Google's Privacy Policy. We do not track individual health-related browsing behavior for marketing purposes, and we do not link analytics data to personally identifiable health information.

6. Automated Decision-Making

Our platform uses AI-assisted tools for administrative functions such as intake questionnaire routing, appointment scheduling, and patient communications. These tools do not make clinical decisions, diagnoses, or prescribing determinations - all clinical decisions are made independently by licensed physicians.

Under applicable state laws (including the California Consumer Privacy Act as amended), you may have the right to opt out of automated decision-making and to request information about how automated tools process your data. To exercise these rights, contact us at the address below.

7. SMS Messaging and TCPA Compliance

If you provide your phone number and opt in to SMS messaging, you consent to receive automated text messages from PeptidePrescript regarding:

Waitlist position updates and launch notifications
FDA peptide reclassification alerts
Appointment reminders and care-related messages (once you are a patient)

Message frequency varies. Message and data rates may apply. You can opt out at any time by replying STOP to any message. Reply HELP for assistance.

Consent to receive SMS messages is not a condition of joining the waitlist, purchasing any service, or receiving care. Your phone number will not be shared with third parties for their marketing purposes.

We comply with the Telephone Consumer Protection Act (TCPA) and applicable state regulations governing automated communications.

8. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

Waitlist data: Retained until you unsubscribe or request deletion, or for up to 24 months of inactivity.
Patient health records: Retained for the minimum period required by applicable state medical record retention laws (typically 7-10 years from the last date of service, or longer for minors).
Billing records: Retained as required by applicable tax and accounting regulations.

9. Data Security

We use commercially reasonable measures to protect your information, including TLS/SSL encryption for data in transit, encryption at rest for stored data, role-based access controls, and regular security assessments. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

10. Your Rights

All users

Right to access your personal information
Right to correct inaccurate information
Right to delete your personal information (subject to legal retention requirements)
Right to opt out of SMS messages at any time
Right to request a copy of your data in a portable format

California residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

Right to know what personal information we collect, use, and disclose
Right to delete your personal information
Right to correct inaccurate personal information
Right to opt out of the sale or sharing of personal information - we do not sell or share your personal information for cross-context behavioral advertising
Right to limit the use and disclosure of sensitive personal information
Right to opt out of automated decision-making technology
Right to non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us at privacy@peptideprescript.com. We will verify your identity and respond within 45 days as required by the CCPA, or 30 days for non-CCPA requests.

Washington residents (My Health My Data Act)

If you are a Washington resident, the My Health My Data Act (MHMDA) provides additional protections for "consumer health data," which includes information we collect that identifies your health status, conditions, or treatment interests. Under MHMDA:

We will not collect, share, or sell your consumer health data without your consent.
You have the right to confirm whether we are collecting or sharing your consumer health data.
You have the right to withdraw your consent to the collection or sharing of your consumer health data.
You have the right to request deletion of your consumer health data, subject to legal retention requirements.

To exercise your rights under MHMDA, contact us at privacy@peptideprescript.com. We will respond within 30 days.

11. Data Breach Notification

In the event of a breach of unsecured personal information or PHI, we will notify affected individuals and applicable regulatory authorities as required by HIPAA, state breach notification laws, and the FTC Health Breach Notification Rule. Notifications will be provided without unreasonable delay and no later than required by applicable law.

12. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If we learn that we have collected information from a person under 18, we will delete it promptly.

13. Third-Party Links

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any site you visit.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page and, where appropriate, by email or SMS. Your continued use of our services after any changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy, your data, or your rights, contact us at:

PeptidePrescript
Email: privacy@peptideprescript.com