pepton

Privacy Policy

Last updated: April 30, 2026

Introduction

Pepton Health LLC ("Pepton," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit peptonhealth.com (the "Site"), use our mobile applications, or access any of our services (collectively, the "Services").

By using our Services, you consent to the data practices described in this policy. If you do not agree with the practices described here, please do not use our Services.

1. Information We Collect

Information You Provide to Us

  • Account information: name, email address, phone number, date of birth, shipping address, and login credentials.
  • Health information: medical history, current medications, allergies, health intake questionnaire responses, photographs (if submitted), and prescription data. This constitutes Protected Health Information (PHI) under HIPAA.
  • Payment information: credit/debit card numbers, billing address, and transaction history. Full card numbers are processed by our PCI-compliant payment processor and are not stored on our servers.
  • Communications: messages you send to our support team, healthcare providers, or through our platform.
  • Identity verification: government-issued ID or other documentation when required for regulatory compliance.

Information Collected Automatically

  • Device and browser information: IP address, browser type and version, operating system, device type, and unique device identifiers.
  • Usage data: pages visited, time spent on pages, click patterns, referral URLs, and navigation paths.
  • Location data: approximate geographic location based on IP address.
  • Cookies and tracking technologies: we use cookies, web beacons, pixels, and similar technologies to collect information about your browsing activity. See Section 8 below for more details.

Information from Third Parties

  • Healthcare providers: clinical notes, prescription decisions, and treatment recommendations from physicians on our platform.
  • Pharmacy partners: prescription fulfillment status, shipping information, and dispensing records.
  • Analytics and advertising partners: aggregated or de-identified data about ad interactions and website referrals.

2. How We Use Your Information

We use the information we collect to:

  • Facilitate telehealth consultations between you and licensed healthcare providers
  • Process and fulfill prescription orders through our pharmacy network
  • Process payments, subscriptions, and refunds
  • Send transactional communications (order confirmations, shipping updates, appointment reminders)
  • Send promotional communications (with your consent; you may opt out at any time)
  • Provide customer support and respond to inquiries
  • Improve, personalize, and optimize our Services
  • Detect, prevent, and address fraud, security issues, and technical problems
  • Comply with legal obligations, including healthcare regulations
  • Conduct research and analytics to improve health outcomes (using de-identified data only)

3. How We Share Your Information

We may share your information with the following categories of recipients:

  • Healthcare providers: licensed physicians and nurse practitioners who conduct your consultations and make prescribing decisions.
  • Pharmacy partners: state-licensed US compounding pharmacies that prepare and ship your medications.
  • Clinical infrastructure partner (Rimo Health): our telehealth platform partner that processes intake forms, facilitates provider consultations, and coordinates pharmacy fulfillment under HIPAA-compliant protocols.
  • Payment processors: to process transactions securely. We use PCI-compliant processors and do not store full payment card data.
  • Service providers: companies that help us operate our business, including email delivery, customer support tools, cloud hosting, and data analytics, all under contractual obligations to protect your data.
  • Advertising and analytics partners: we share hashed or aggregated identifiers with partners like Google and Meta for advertising measurement. We do not share identifiable health information with advertising partners.
  • Legal and regulatory authorities: when required by law, subpoena, court order, or government regulation, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business transfers: in connection with a merger, acquisition, bankruptcy, or sale of all or a portion of our assets.

We do not sell your personal information.

4. Protected Health Information (PHI)

Certain information you provide through the Services constitutes Protected Health Information under the Health Insurance Portability and Accountability Act (HIPAA). Our use and disclosure of PHI is governed by our HIPAA Notice of Privacy Practices, which provides additional detail about how your health information is handled.

We maintain administrative, technical, and physical safeguards designed to protect PHI in accordance with HIPAA requirements. Our clinical partner, Rimo Health, maintains a HIPAA-compliant infrastructure for processing and storing health information.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with Services. We also retain information as necessary to comply with legal obligations (including medical record retention requirements), resolve disputes, and enforce our agreements.

Medical records are retained in accordance with applicable state and federal laws, which generally require retention for a minimum of 6 to 10 years depending on the state.

6. Your Rights and Choices

All Users

  • Access: you may request a copy of the personal information we hold about you.
  • Correction: you may request correction of inaccurate personal information.
  • Deletion: you may request deletion of your personal information, subject to legal retention requirements.
  • Opt-out of marketing: you may unsubscribe from promotional emails at any time using the link in any marketing email or by contacting us.
  • Opt-out of text messages: reply STOP to any text message to opt out.

State-Specific Rights

Residents of California, Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, and other states with comprehensive privacy laws may have additional rights, including:

  • Right to know what personal information is collected and how it is used
  • Right to delete personal information
  • Right to opt out of the sale or sharing of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising privacy rights
  • Right to correct inaccurate personal information
  • Right to data portability

To exercise any of these rights, contact us at privacy@peptonhealth.com. We will respond within the timeframe required by applicable law.

7. Security

We implement reasonable administrative, technical, and physical safeguards designed to protect your information from unauthorized access, use, alteration, and destruction. These measures include encryption of data in transit and at rest, access controls, regular security assessments, and employee training.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Cookies and Tracking Technologies

We use the following types of cookies and tracking technologies:

  • Essential cookies: required for the Services to function properly (authentication, security, load balancing).
  • Analytics cookies: help us understand how visitors use our Site (e.g., Google Analytics). These collect aggregated, anonymized data.
  • Advertising cookies: used to deliver relevant advertisements and measure ad campaign effectiveness (e.g., Meta Pixel, Google Ads). These may track your activity across websites.
  • Functional cookies: remember your preferences and settings to enhance your experience.

You can manage cookie preferences through your browser settings. Disabling certain cookies may limit your ability to use some features of the Services.

9. Do Not Track

Some browsers transmit "Do Not Track" signals. We currently do not respond to Do Not Track signals, as there is no industry-standard protocol for compliance. We will update this policy if a standard is established.

10. Third-Party Links

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

11. Children's Privacy

The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

12. International Users

The Services are intended for use by residents of the United States only. If you access the Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a prominent notice on the Services prior to the changes taking effect. Your continued use of the Services after the effective date constitutes your acceptance of the updated policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Pepton Health LLC
1802 Rockland Dr
Austin, TX 78748
Email: privacy@peptonhealth.com