Privacy Policy

Last updated: March 2026

Peptide Protocol Portal LLC ("Company," "we," "us," or "our") is committed to protecting the privacy of licensed healthcare professionals who use our platform. This Privacy Policy explains how we collect, use, share, and protect information when you access or use the Peptide Protocol Portal (the "Platform").

Important: The Platform is a clinical reference and practice operations tool for licensed providers. It is not a patient records system. We do not collect, store, or process patient protected health information (PHI) as defined under HIPAA.

1. Information We Collect

We collect information you provide directly to us when you register for an account, use the Platform, or contact us for support. This includes:

• Identity information: Full legal name, professional credentials;
• Contact information: Email address, phone number;
• Professional information: National Provider Identifier (NPI) number, clinic or practice name, state of licensure;
• Account credentials: Encrypted password hash;
• Usage data: Pages visited, features used, queries submitted to Peppy AI, orders placed, session timestamps, and IP address.

We do not collect financial payment card data directly. Payment processing is handled by a PCI-compliant third-party payment processor.

2. How We Use Information

We use the information we collect for the following purposes:

• Account management: Creating, maintaining, and securing your account; authenticating your identity on login;
• NPI verification: Verifying your provider credentials against the NPPES database to gate access to clinical tools and wholesale ordering;
• Order processing: Routing wholesale orders to licensed fulfillment partners using your verified NPI;
• Platform improvement: Analyzing usage patterns to improve features, fix bugs, and develop new content;
• Communications: Sending transactional emails (account confirmation, order updates, security alerts) and, where you have opted in, product updates;
• Legal compliance: Meeting our obligations under applicable law and protecting the rights of the Company and its users.

3. Information Sharing

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We share information only in the following limited circumstances:

• NPPES (NPI verification): We query the National Plan and Provider Enumeration System to verify your NPI. Your NPI is transmitted to this federal database lookup service for verification purposes;
• Fulfillment partners: When you place wholesale orders, your name, NPI, clinic name, and shipping information are shared with licensed fulfillment partners solely to process and ship your order;
• Service providers: We use infrastructure and technology service providers (hosting, database, email delivery) who process data on our behalf under data processing agreements;
• Legal requirements: We may disclose information when required to do so by law, court order, or governmental authority, or to protect the safety and rights of the Company or others.

4. Data Security

We implement industry-standard technical and organizational security measures to protect your information. All data transmitted between your browser and the Platform is encrypted using TLS (Transport Layer Security). Data stored in our databases is encrypted at rest. Passwords are hashed using a one-way cryptographic algorithm and are never stored in plaintext.

Access to production data is restricted to authorized personnel on a need-to-know basis. We conduct periodic security reviews of our infrastructure and practices. Despite these measures, no security system is impenetrable. In the event of a data breach that affects your personal information, we will notify you in accordance with applicable law.

5. Cookies

The Platform uses session cookies to maintain your authenticated session. Session cookies are temporary and are deleted when you close your browser or log out. We do not use persistent tracking cookies, third-party advertising cookies, or cross-site tracking technologies.

You may configure your browser to refuse cookies, but doing so may prevent you from logging in or using certain Platform features.

6. Data Retention

We retain your account information for as long as your account is active or as necessary to provide you with the Platform services. If you request account deletion, we will delete or anonymize your personal information within 30 days, subject to our obligations to retain records for legal, regulatory, or fraud prevention purposes.

Order records may be retained for a longer period as required by applicable law or for legitimate business purposes such as dispute resolution.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you;
• Correction: Request that we correct inaccurate or incomplete personal information;
• Deletion: Request that we delete your personal information, subject to applicable legal retention requirements;
• Data portability: Request a machine-readable export of the personal information you have provided to us;
• Opt-out: Opt out of non-transactional communications at any time via account settings or by emailing us.

To exercise any of these rights, please contact us using the information below. We will respond to verifiable requests within 30 days.

8. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or need to report a privacy concern, please contact us at: