Skip to main content
GetPepWell

Privacy Policy

Last updated: 2026-03-01

[LEGAL REVIEW REQUIRED]

GetPepWell, Inc. ("GetPepWell," "we," "us," or "our") is committed to protecting your privacy and safeguarding your personal and health information. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our telehealth platform, website, and related services (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

Information We Collect

Personal Information

We may collect the following personal information when you register for or use our Services:

  • Full name, date of birth, and gender
  • Email address, phone number, and mailing address
  • Government-issued identification (when required for identity verification)
  • Payment and billing information (processed securely through Stripe)
  • Account credentials and authentication data (managed through Clerk)

Health Information

To provide telehealth services and facilitate peptide therapy, we collect health-related information, including:

  • Medical history and current health conditions
  • Medications you are currently taking or have recently taken
  • Allergies and adverse reactions
  • Medical intake questionnaire responses
  • Consultation notes and physician assessments
  • Prescription records and treatment plans
  • Laboratory results (when applicable)

Usage Data

We automatically collect certain information about your use of the Services, including:

  • Pages visited, features used, and actions taken within the platform
  • Session duration and frequency of visits
  • Referring URLs and search terms
  • Error logs and performance data

Device Information

We may collect information about the device you use to access our Services:

  • Device type, operating system, and browser type
  • IP address and approximate geographic location
  • Unique device identifiers
  • Screen resolution and language preferences

How We Use Your Information

Treatment and Care

  • Facilitating telehealth consultations between you and licensed physicians
  • Processing prescriptions and coordinating with compounding pharmacies
  • Managing your treatment plan and monitoring progress
  • Sending medication reminders and follow-up communications

Communication

  • Responding to your inquiries and support requests
  • Sending appointment confirmations, shipping notifications, and service updates
  • Providing educational content related to your treatment
  • Delivering important notices about changes to our Services or policies

Billing and Payments

  • Processing subscription payments and one-time charges
  • Managing refunds and billing disputes
  • Generating invoices and payment receipts
  • Preventing fraudulent transactions

Service Improvement

  • Analyzing usage patterns to improve our platform and user experience
  • Conducting research and analytics (using de-identified data only)
  • Developing new features and services
  • Ensuring the security and integrity of our platform

HIPAA and Protected Health Information

GetPepWell is committed to complying with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations. We treat your health-related information as Protected Health Information (PHI) and apply the following safeguards:

  • We apply the minimum necessary standard, accessing only the PHI required to accomplish the intended purpose
  • We maintain Business Associate Agreements (BAAs) with all third-party service providers that handle PHI on our behalf
  • We implement administrative, physical, and technical safeguards to protect PHI from unauthorized access, use, or disclosure
  • We maintain HIPAA-compliant audit logs with tamper detection to track all access to and modifications of PHI
  • We provide you with a separate Notice of Privacy Practices that describes your rights regarding your PHI in detail

For a comprehensive description of how we handle your PHI, please review our Notice of Privacy Practices.

Information Sharing and Disclosure

We do not sell your personal or health information. We may share your information in the following circumstances:

Healthcare Providers

We share relevant health information with licensed physicians on our platform to facilitate your consultations, diagnoses, and treatment plans.

Compounding Pharmacies

We share prescription and shipping information with our pharmacy partners to fulfill your medication orders. All pharmacy partners are bound by BAAs and HIPAA requirements.

Payment Processors

We share billing information with Stripe, our payment processor, to process your subscription payments and transactions. Stripe maintains PCI DSS Level 1 compliance.

Legal Requirements

We may disclose your information when required by law, including:

  • In response to a court order, subpoena, or other legal process
  • To comply with applicable federal, state, or local laws and regulations
  • To cooperate with law enforcement or government agencies
  • To protect the rights, safety, or property of GetPepWell, our users, or the public

Data Security

We implement comprehensive security measures to protect your information, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256) for all sensitive information
  • Role-based access controls and row-level security (RLS) to limit data access to authorized personnel only
  • HIPAA-compliant audit trails with chain-hash tamper detection for all PHI access events
  • Automatic session timeout (idle timeout) to prevent unauthorized access to unattended sessions
  • Regular security assessments and vulnerability testing
  • Employee training on data privacy and security best practices
  • Incident response procedures and breach notification protocols

Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal information:

  • Right to Access: You may request a copy of the personal information we hold about you.
  • Right to Correction: You may request that we correct inaccurate or incomplete personal information.
  • Right to Deletion: You may request that we delete your personal information, subject to legal and regulatory retention requirements.
  • Right to Data Portability: You may request a copy of your data in a structured, machine-readable format.
  • Right to Opt-Out: You may opt out of non-essential communications and marketing messages at any time.

To exercise any of these rights, please contact us at privacy@getpepwell.com. We will respond to your request within 30 days.

Cookies and Tracking Technologies

We use the following cookies and tracking technologies:

  • Essential Cookies: Required for authentication, security, and core platform functionality. These cannot be disabled.
  • Preference Cookies: Store your settings such as theme preference and language selection.
  • Analytics Cookies: Help us understand how visitors interact with our platform so we can improve the user experience.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of our Services.

Third-Party Services

Our platform integrates with the following third-party services:

  • Clerk: Provides authentication, user management, and single sign-on capabilities. View Clerk's Privacy Policy.
  • Stripe: Processes payments and manages subscription billing securely. View Stripe's Privacy Policy.
  • Supabase: Provides database hosting and file storage with row-level security.
  • Vercel: Hosts our web application and provides content delivery network services.

Each third-party service operates under its own privacy policy. We encourage you to review their policies to understand how they handle your information.

Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@getpepwell.com, and we will promptly delete such information.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on our website and updating the "Last Updated" date at the top of this page. For significant changes, we may also notify you via email or through an in-platform notification.

Your continued use of our Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: