Pepteeva Health

Legal

Privacy Policy

Effective: May 30, 2026 Last Updated: May 30, 2026

This Privacy Policy describes how Pepteeva Health, LLC ("Pepteeva Health," "we," "our," or "us") collects, uses, shares, and protects your personal information when you use our website, mobile applications, telehealth platform, and related services (collectively, the "Services").

Your privacy matters to us. Pepteeva Health is committed to transparency about how we handle your information. We do not sell your personal information or Protected Health Information (PHI). Please read this policy carefully — it applies each time you visit our website or use any of our services.

1. Scope of This Policy

This Privacy Policy applies to:

  • The Pepteeva Health website at pepteeva.com and any related subdomains.
  • Our telehealth member portal and mobile applications.
  • Communications between you and Pepteeva Health (email, chat, phone).
  • Our in-person wellness clinic located in Cincinnati, Ohio.

This policy does not apply to third-party websites, services, or applications that may be linked from our site, including our pharmacy partners or the Locumtelly platform. Each of those services has its own privacy policy that governs its data practices.

For the handling of your Protected Health Information (PHI) by your licensed healthcare provider through our platform, please also refer to our HIPAA Notice of Privacy Practices.

2. Information We Collect

We collect information in several ways — directly from you, automatically through your use of our Services, and from third parties.

A. Information You Provide Directly

  • Account & Identity Information: Full name, date of birth, sex, email address, phone number, and mailing address.
  • Health & Medical Information: Current and past medical conditions, medications, allergies, symptoms, and health goals submitted through our intake forms, assessments, and provider consultations.
  • Lab & Biometric Data: Lab test results, hormone levels, biomarker panels, and other diagnostic data collected through our lab testing services.
  • Payment & Billing Information: Credit or debit card number, billing address, and transaction history. Payment card data is processed by a PCI-DSS-compliant third-party processor and is not stored on our servers.
  • Communications: Content of messages, emails, or support requests you send to us, including information shared during telehealth consultations.
  • Survey & Assessment Responses: Answers you provide through our wellness assessment quiz and program selection tools.
  • Identity Verification: Government-issued ID or similar documents, collected to verify your identity for telehealth compliance purposes.

B. Information Collected Automatically

  • Device & Technical Information: IP address, browser type and version, operating system, device identifiers, and referring URLs.
  • Usage & Activity Data: Pages visited, features used, time spent on each page, links clicked, and session duration.
  • Location Data: General geographic location derived from your IP address. We do not collect precise GPS location without your explicit consent.
  • Cookies & Tracking Technologies: Information collected through cookies, web beacons, pixel tags, and similar technologies. See Section 6 for details.

C. Information from Third Parties

  • Pharmacy Partners: Prescription fulfillment status and medication-related data from licensed compounding pharmacies.
  • Lab Partners: Diagnostic results and biomarker data from lab testing facilities.
  • Analytics Providers: Aggregated behavioral data to understand how visitors interact with our site.
  • Advertising Partners: Attribution data indicating how you found us (e.g., through a paid ad or social media post).
  • Public Sources: Publicly available information such as open government databases used for verification or fraud prevention.

D. Sensitive Personal Information

Certain categories of information we collect are considered "sensitive personal information" under applicable state privacy laws. These include:

  • Health and Medical Data: Medical conditions, symptoms, treatments, medications, lab results, and biometric data submitted through our platform.
  • Government-Issued Identifiers: Driver's license or passport number collected for identity verification purposes.
  • Account Access Credentials: Username or account number combined with a password or security code.
  • Biometric Information: Where required for identity verification, we or our service providers may process biometric identifiers.

We use sensitive personal information only as necessary to provide our Services, as permitted by applicable law, or with your explicit consent. We do not use sensitive personal information for advertising or marketing without your authorization.

3. How We Use Your Information

We use the information we collect for the following purposes:

Delivering Our Services

  • Creating and managing your account and membership.
  • Connecting you with licensed healthcare providers for telehealth consultations.
  • Facilitating prescription orders, lab testing, and medication fulfillment.
  • Providing personalized wellness program recommendations.
  • Operating our in-person clinic services in Cincinnati.

Communication & Support

  • Sending appointment reminders, program updates, and care-related notifications.
  • Responding to your questions, feedback, and support requests.
  • Sending marketing and educational content (subject to your preferences).

Improving Our Platform

  • Analyzing usage patterns to improve our website and services.
  • Conducting research and internal analytics (using de-identified or aggregated data).
  • Testing new features and improving user experience.

Legal & Safety

  • Complying with applicable laws and regulations, including HIPAA and state telehealth requirements.
  • Preventing fraud, abuse, and unauthorized access.
  • Protecting the legal rights and safety of Pepteeva Health and our users.

De-Identification

We may de-identify your personal information (removing all identifiers that could link data back to you) and use such de-identified data for research, analytics, product development, and other lawful business purposes. De-identified data is not subject to this Privacy Policy. We will not attempt to re-identify de-identified data except as required or permitted by applicable law.

4. How We Share Your Information

We do not sell your personal information or Protected Health Information to third parties.

We may share your information in the following circumstances:

Licensed Healthcare Providers

We share your health and medical information with the licensed physicians, nurse practitioners, and other healthcare professionals who provide services through our platform. This sharing is necessary to deliver your care and is governed by HIPAA.

Pharmacy & Lab Partners

To fulfill your prescriptions and process lab orders, we share relevant information with licensed U.S. compounding pharmacies and diagnostic laboratories. These partners are bound by confidentiality obligations and HIPAA Business Associate Agreements (BAAs).

Service Providers & Vendors

We engage trusted third-party vendors who assist us with operations — including payment processing (e.g., Stripe), cloud hosting, customer support software, email delivery, and analytics. These vendors are contractually obligated to use your data only as directed by us and to maintain appropriate security. Our payment card data is processed by PCI-DSS-compliant processors; Pepteeva Health does not store full payment card numbers on its servers.

Business Transfers

If Pepteeva Health is involved in a merger, acquisition, restructuring, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control through our website or by email.

Legal Requirements

We may disclose your information if required to do so by law or in good-faith belief that such disclosure is necessary to comply with a legal obligation, respond to a court order or subpoena, protect our rights or the rights of others, or prevent harm.

With Your Consent

We may share your information with other parties when you have given us explicit consent to do so.

5. HIPAA & Protected Health Information

We are a HIPAA-covered entity. Your Protected Health Information (PHI) is handled in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations.

PHI includes any information relating to your health, healthcare treatment, or payment for healthcare that can identify you. Examples include your name combined with your diagnosis, lab results, prescription history, or provider notes.

We enter into Business Associate Agreements (BAAs) with all vendors who process PHI on our behalf. We use and disclose PHI only as permitted or required by HIPAA — primarily for treatment, payment, and healthcare operations — and we do not use PHI for marketing purposes without your explicit authorization.

Your full rights with respect to PHI — including the right to access, amend, restrict uses, and receive an accounting of disclosures — are described in our HIPAA Notice of Privacy Practices, which is incorporated by reference into this Privacy Policy.

If you believe your PHI privacy rights have been violated, you may file a complaint with us directly (see Section 16) or with the U.S. Department of Health and Human Services Office for Civil Rights at hhs.gov/ocr.

6. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to operate and improve our Services. These technologies help us remember your preferences, understand how you use our site, and serve relevant content.

Types of Cookies We Use

Category Purpose
Strictly Necessary Essential for the site to function. Cannot be disabled (e.g., session authentication, security tokens).
Functional Remember your preferences and settings (e.g., language, region, previously completed form steps).
Analytics Help us understand how visitors interact with our site (e.g., pages viewed, session duration) using tools such as Google Analytics.
Advertising Used to deliver relevant ads and measure campaign effectiveness across our advertising partners.

Third-Party Analytics & Advertising Partners

We work with third-party analytics and advertising companies that collect data through our website, including device identifiers, IP addresses, and usage data. These partners may combine data across multiple sites for their own purposes.

Partner Purpose Opt-Out
Google Analytics Site usage analytics Opt out
Google Ads / DoubleClick Interest-based advertising Manage settings
Meta (Facebook) Advertising & lookalike audiences Manage settings

Managing Cookies

You can control or disable cookies through your browser settings. Most browsers allow you to refuse, accept, or delete cookies. Note that disabling certain cookies may impact the functionality of some features of our Services.

To manage interest-based advertising preferences broadly, visit optout.aboutads.info (DAA) or optout.networkadvertising.org (NAI).

Global Privacy Control (GPC)

Some browsers and browser extensions support the Global Privacy Control (GPC) signal, which indicates your preference to opt out of the sale or sharing of your personal information. When our Services detect a valid GPC signal, we will make reasonable efforts to honor that preference as required by applicable law.

Do Not Track (DNT)

Some browsers transmit "Do Not Track" (DNT) signals. Unlike GPC, there is no common standard for DNT interpretation; our Services do not currently respond to DNT signals. Please use GPC or the opt-out links above to exercise your advertising preferences.

7. Your Privacy Rights

Regardless of where you reside, you have the following general rights with respect to your personal information:

Right to Access

Request a copy of the personal information we hold about you.

Right to Correction

Request that we correct inaccurate or incomplete information.

Right to Deletion

Request that we delete your personal information, subject to legal retention obligations.

Right to Portability

Request that we provide your data in a structured, machine-readable format.

Right to Opt Out

Opt out of marketing communications at any time (see Section 10).

Right to Restrict Processing

Request that we limit how we use your information in certain circumstances.

To exercise any of these rights, see Section 16 (Contact Us). We will respond to verifiable requests within 45 days. We may need to verify your identity before processing your request.

8. California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you additional rights regarding your personal information.

Categories of Personal Information We Collect

In the past 12 months, we have collected the following categories of personal information as defined by the CCPA:

  • Identifiers (name, email, IP address, account ID)
  • Personal records (address, phone number, date of birth)
  • Protected classification characteristics (age, sex)
  • Commercial information (purchase history, subscription details)
  • Internet or network activity (browsing history on our site, device data)
  • Geolocation data (general, IP-derived)
  • Health and medical information (classified as "sensitive personal information")
  • Inferences drawn from personal information (program recommendations)

Your California Rights

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we collect, use, and share.
  • Right to Delete: Request deletion of your personal information, subject to exceptions.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt Out of Sale or Sharing: We do not sell or share personal information for cross-context behavioral advertising. If this changes, we will provide a "Do Not Sell or Share My Personal Information" mechanism.
  • Right to Limit Sensitive Information Use: Limit our use of your sensitive personal information (including health data) to purposes necessary for providing our Services.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

Shine the Light

California Civil Code Section 1798.83 permits California residents to request information about our disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their own direct marketing purposes.

Authorized Agent

You may designate an authorized agent to make a request on your behalf. We will require verification of the agent's authority and your identity before processing such requests.

9. Other U.S. State Privacy Rights

Residents of the following states may have additional rights under their state's privacy laws. These rights are generally consistent with those described in Sections 7 and 8 and include the right to access, correct, delete, and opt out of certain processing:

State Governing Law
Colorado Colorado Privacy Act (CPA)
Connecticut Connecticut Data Privacy Act (CTDPA)
Virginia Virginia Consumer Data Protection Act (VCDPA)
Texas Texas Data Privacy and Security Act (TDPSA)
Florida Florida Digital Bill of Rights (FDBR)
Nevada Nevada Privacy of Information Collected on the Internet from Consumers (NRS 603A)

To exercise rights under any applicable state law, please contact us using the information in Section 16. We will honor all legally required requests within the timeframes mandated by applicable law.

10. Marketing Communications

With your consent (or where otherwise permitted by law), we may send you promotional emails, SMS messages, or push notifications about our services, wellness programs, and educational content.

How to Opt Out

  • Email: Click the "Unsubscribe" link at the bottom of any marketing email.
  • SMS: Reply STOP to any marketing text message.
  • In-App: Adjust notification preferences in your account settings.
  • Direct Request: Email us at privacy@pepteeva.com.

Please note that even after opting out of marketing, you will continue to receive transactional and service-related messages (e.g., appointment confirmations, prescription updates, and billing receipts).

11. Data Security

We implement a multi-layered security program to protect your information. Our safeguards include:

Encryption in Transit

TLS 1.2+ encryption for all data transmitted between your browser and our servers.

Encryption at Rest

AES-256 encryption for stored data, including PHI and payment information.

Access Controls

Role-based access controls limiting who can view sensitive data within our organization.

Audit Logging

Comprehensive logging of access to PHI and sensitive personal information.

Security Assessments

Regular vulnerability assessments, penetration testing, and third-party security audits.

Employee Training

Ongoing HIPAA and data security training for all personnel with access to personal data.

Despite these measures, no method of electronic transmission or storage is 100% secure. If you believe your account has been compromised, please contact us immediately at security@pepteeva.com.

12. Data Retention

We retain your personal information for as long as necessary to provide our Services, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods vary by category:

  • Medical Records & PHI: Retained for a minimum of 7 years from the date of last service (or longer as required by applicable state law).
  • Account Information: Retained for the duration of your membership plus up to 3 years after account closure.
  • Financial Records: Retained for a minimum of 7 years to comply with tax and accounting requirements.
  • Marketing Data: Retained until you opt out or request deletion, subject to legal minimums.
  • Usage & Analytics Data: Retained in aggregated, anonymized form indefinitely; identifiable data retained for up to 24 months.

When retention periods expire or when you validly request deletion, we securely delete or anonymize your personal information.

13. Children's Privacy

Our Services are intended for adults aged 18 and older. We do not knowingly collect, solicit, or store personal information from individuals under the age of 18. Our telehealth services require age verification as part of the enrollment process.

If you are a parent or guardian and believe that your minor child has provided us with personal information, please contact us immediately at privacy@pepteeva.com. We will promptly delete any such information from our records.

Removal of Minor's Information

If you are under 16 years of age, you (or your parent or legal guardian) may request the removal of content or information about you posted on our platform. To submit a removal request, email privacy@pepteeva.com with the subject line "Removal of Minor Information" and include:

  • The nature of your request and the content to be removed.
  • The location of the content (e.g., a URL or description).
  • Your name, address, and whether you prefer a response by email or mail.

Note: We are not required to remove content in certain circumstances, including when retention is required by law, when it is part of an electronic medical record, or when it has been anonymized.

14. Third-Party Links & Services

Our website and communications may contain links to third-party websites, platforms, and services — including our pharmacy partner portals, the Locumtelly platform, and external educational resources. These third parties operate independently and are not governed by this Privacy Policy.

When you follow a link to a third-party site, we encourage you to review that site's privacy policy. Pepteeva Health is not responsible for the privacy practices or content of any third-party services.

Third-party services we work with may include (but are not limited to): payment processors, cloud infrastructure providers, email delivery services, analytics platforms, and customer relationship management tools.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Services we offer. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page.
  • Send an email notification to registered members if the changes are significant.
  • Display a notice on our website or within your account portal.

Your continued use of our Services after any such update constitutes your acknowledgment of the revised policy. We encourage you to review this page periodically to stay informed about how we protect your information.

16. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or your personal information, please reach out through any of the following:

Privacy Officer

privacy@pepteeva.com

Phone

1-800-PEPTEEVA

Mailing Address

Pepteeva Health, LLC
Cincinnati, OH

For security incident reports, please contact security@pepteeva.com. We will acknowledge your request within 2 business days and aim to resolve it within 45 days.

This Privacy Policy is provided for informational purposes only and does not constitute legal advice. It supplements and should be read in conjunction with our Terms of Service, HIPAA Notice of Privacy Practices, and Medical Disclaimer. If there is a conflict between this Privacy Policy and our HIPAA Notice with respect to Protected Health Information, the HIPAA Notice controls.

Book a Consultation