Privacy Policy — PeptideVIP

DRAFT — FOR ATTORNEY REVIEW. This document is a working draft and has not been reviewed by legal counsel. It is not yet effective or enforceable. Do not publish without attorney sign-off.

PeptideVIP LLC ("PeptideVIP," "we," "us," or "our") operates the website peptidesfromarealdoctor.com and provides physician-led telehealth peptide therapy services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

PeptideVIP is committed to protecting your privacy in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended, and applicable state privacy laws. Please read this policy carefully. If you disagree with its terms, please discontinue use of our services.

1. Information We Collect

Personal Information

We may collect the following categories of personal information when you interact with our website or services:

Full name, email address, phone number, and mailing address
Date of birth and gender
State of residence (which determines how your care is provided)
Account credentials for the patient portal

Health Information (Protected Health Information / PHI)

When you complete a health assessment or receive care through PeptideVIP, we collect health information that is protected under HIPAA, including:

Medical history, current medications, and known allergies
Health goals and lifestyle information you provide during intake
Lab results and clinical notes generated during your care
Diagnosis and treatment information, including prescriptions issued
Communications with your prescribing provider

Payment Information

Payment for services and medications is processed by a third-party payment processor. We do not store full credit card numbers or bank account details on our systems. We may retain transaction records (amounts, dates, service descriptions) for billing and accounting purposes.

Usage and Technical Data

When you visit our website, we automatically collect certain technical information, including:

IP address, browser type, and operating system
Pages visited, referring URLs, and time spent on pages
Device identifiers and general geographic location (country/region)
Cookie and similar tracking data (see Section 6 — Cookies and Tracking)

2. How We Use Your Information

We use the information we collect for the following purposes:

Treatment and Clinical Care

Your health information is used to facilitate your telehealth consultation, support your prescribing provider in developing a personalized peptide therapy protocol, and monitor your treatment progress.

Payment and Billing

We use your payment and contact information to process transactions, fulfill medication orders, and maintain billing records as required by applicable law.

Healthcare Operations

We use information for internal operations including quality improvement, provider credentialing, compliance monitoring, and training — all consistent with permitted uses under HIPAA.

Communications

We may use your contact information to send appointment reminders, order confirmations, shipping notifications, and health-related communications related to your care. We do not send unsolicited marketing emails without your consent.

Legal Compliance

We may use your information as necessary to comply with applicable laws, regulations, legal process, or governmental requests, and to enforce our Terms of Service.

3. How We Share Your Information

We never sell, rent, or share your personal or health information for marketing or advertising purposes. Period.

We may share your information in the following limited circumstances:

With Your Consent

We will share your information for purposes beyond those described in this policy only with your explicit written authorization, which you may revoke at any time.

Treatment Providers

Your health information is shared with the licensed physician or provider responsible for your care. In states where PeptideVIP's physician is directly licensed, care is provided by that physician. In other states, care may be provided by a licensed provider within a clinical network under a business associate arrangement, consistent with HIPAA requirements.

503a Compounding Pharmacies

To fulfill your prescription, we transmit the necessary clinical information (name, prescription details, shipping address) to a licensed 503a compounding pharmacy. These pharmacies operate under their own privacy obligations and are subject to applicable federal and state pharmacy regulations.

Payment Processors

We share payment-related information with our merchant payment processor to complete transactions. Our payment processor is bound by applicable data security standards.

Business Associates

We may share your PHI with third-party vendors who perform services on our behalf (such as our HIPAA-compliant electronic medical records platform) pursuant to a written Business Associate Agreement (BAA) that requires those parties to protect your information in accordance with HIPAA.

Legal Requirements

We may disclose your information when required by law, court order, subpoena, or governmental authority, or when we believe disclosure is necessary to protect the safety of any individual, prevent fraud, or defend our legal rights.

Business Transfers

In the event of a merger, acquisition, or sale of substantially all of our assets, your information may be transferred to the successor entity, subject to the same privacy protections described in this policy.

4. Your HIPAA Rights

As a patient receiving healthcare services, you have specific rights with respect to your Protected Health Information (PHI) under HIPAA. To exercise any of the rights below, please contact us at hello@peptidevip.com.

Right of Access. You have the right to inspect and receive a copy of your PHI maintained in our records, with limited exceptions. We will respond to written requests within 30 days.
Right to Amend. If you believe your PHI is inaccurate or incomplete, you may request an amendment. We may deny the request in limited circumstances but will document any disagreement.
Right to an Accounting of Disclosures. You have the right to request a list of instances in which we have disclosed your PHI for purposes other than treatment, payment, or healthcare operations.
Right to Request Restrictions. You may request restrictions on how we use or disclose your PHI. We are not required to agree to your request in all cases, but we will consider each request individually.
Right to Confidential Communications. You may request that we communicate your PHI by a specific means or to a specific location (for example, contact you only by email rather than phone). We will accommodate reasonable requests.
Right to File a Complaint. If you believe your privacy rights have been violated, you have the right to file a complaint with us or directly with the U.S. Department of Health and Human Services Office for Civil Rights. We will not retaliate against you for filing a complaint.

5. Data Security

We implement administrative, technical, and physical safeguards designed to protect your information from unauthorized access, disclosure, alteration, or destruction, consistent with our obligations under HIPAA.

HIPAA-Compliant Platform: Patient records and clinical communications are managed through PracticeBetter, a HIPAA-compliant electronic medical records (EMR) platform. A Business Associate Agreement (BAA) is in place between PeptideVIP and PracticeBetter.
Encryption: Data transmitted between your browser and our systems is encrypted using Transport Layer Security (TLS). PHI stored within our clinical platform is encrypted at rest.
Access Controls: Access to PHI is limited to authorized personnel who require it for treatment, payment, or operations purposes.
Minimum Necessary Standard: We apply the HIPAA minimum necessary standard, limiting use and disclosure of PHI to the minimum information required to accomplish the intended purpose.

No data security system is completely impenetrable. While we work diligently to protect your information, we cannot guarantee absolute security of data transmitted over the internet.

6. Cookies and Tracking

Our website uses a limited number of cookies and similar tracking technologies. We do not use advertising cookies or participate in cross-site behavioral tracking.

Essential Cookies: Required for basic website functionality (session management, security).
Analytics Cookies: We may use analytics tools (such as Google Analytics) to understand how visitors interact with our website in aggregate. This data is anonymized and not linked to individual identities or health information.

You may disable cookies through your browser settings. Disabling essential cookies may affect website functionality. Our website does not currently respond to "Do Not Track" signals.

7. Third-Party Services

We work with the following categories of third-party service providers, each bound by their own privacy terms and, where applicable, a Business Associate Agreement:

PracticeBetter: Our electronic medical records and patient portal platform. Patient intake forms, clinical notes, provider communications, and consent documents are stored within PracticeBetter. A BAA is in place.
503a Compounding Pharmacies: Licensed pharmacy partners who compound and ship your prescribed medications. Prescription information is transmitted to fulfill your order.
Payment Processor: A standard merchant payment processor handles credit card transactions. We do not retain full payment card numbers.
Website Analytics: Aggregated, anonymized website usage data only. No PHI is transmitted to analytics providers.

We do not sell, license, or transfer your personal or health information to any third party for their independent marketing or commercial purposes.

8. Children's Privacy

Our services are intended exclusively for individuals who are 18 years of age or older. We do not knowingly collect personal information from anyone under the age of 18. If we become aware that we have collected information from a minor, we will take steps to delete that information promptly. If you believe a minor has submitted information to us, please contact us at hello@peptidevip.com.

9. Changes to This Policy

We reserve the right to update this Privacy Policy at any time. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you via the email address associated with your account or through a notice on our website. Your continued use of our services following notification of changes constitutes your acceptance of the revised policy.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your PHI, please contact us:

PeptideVIP LLC
Email: hello@peptidevip.com
Website: peptidesfromarealdoctor.com

For HIPAA-related complaints, you may also contact the U.S. Department of Health and Human Services Office for Civil Rights at hhs.gov/hipaa/filing-a-complaint.