This Privacy Policy describes how Vio Platform LLC d/b/a Pepvio ("Pepvio," "we," "our," or "us") collects, uses, shares, and protects information about you when you visit pepvio.com (the "Site") or use our services (collectively, the "Services"). It applies to all visitors and users of the Services.
Health information protected by HIPAA is also governed by our Notice of Privacy Practices. California, Washington, Nevada, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and Montana residents have additional rights described in Section 11. California consumer health data is also subject to additional protections described in our California Consumer Health Data Notice.
Account information: name, email address, phone number, date of birth, password
Health intake information: medical history, current medications, supplements, allergies, contraindications screening, symptoms, severity, duration, biological sex, height, weight, peptide therapy goals, and any other information you submit through the health intake
Identity verification: photo identification you upload for verification (which is reviewed by your Provider and then deleted after their decision)
Shipping information: mailing address, delivery instructions
Payment information: processed by our payment processor (Stripe). Pepvio does not store credit card numbers, full bank account numbers, or CVV codes on its own servers
Communications: messages you send through the Pepvio chat widget, email correspondence with support, and any other communications
Marketing preferences: early access list signups, email subscription preferences
Device and browser information (operating system, browser type and version, screen resolution, language)
IP address and approximate geographic location
Pages visited, links clicked, time spent on pages, and other interaction data
Referring URLs and search terms that brought you to the Site
UTM parameters for marketing attribution
Cookies and similar tracking technologies (see Section 9)
Payment confirmation and dispute information from our payment processor
Shipment tracking information from the compounding pharmacy and shipping carriers
Authentication information from Clerk (our identity provider) when you create an account or sign in
Marketing analytics data from advertising platforms when you arrive at our site from an ad
We use your information to:
Provide the Services, including matching you with a licensed Provider, facilitating prescription review, processing payments, and arranging shipment of any prescribed medication
Verify your identity and prevent fraud
Communicate with you about your account, orders, prescriptions, and customer support
Send transactional emails (order confirmations, shipping notices, prescription updates, refill reminders)
Send marketing communications about Pepvio products and services, where permitted (you can opt out at any time)
Improve and personalize the Services and develop new features
Conduct analytics about usage patterns and Service performance
Comply with legal, regulatory, and contractual obligations
Protect the rights, property, and safety of Pepvio, our users, and third parties
Enforce our Terms of Service and other policies
Health information you provide through your health intake, communications with your Provider, and clinical records is treated as Protected Health Information (PHI) under HIPAA when held by the Medical Group or by Pepvio acting as a Business Associate. PHI is governed by separate, more protective rules described in our Notice of Privacy Practices.
Pepvio implements administrative, physical, and technical safeguards to protect PHI, including:
Encryption in transit (TLS 1.2 or higher) and at rest
Access controls and role-based permissions limiting PHI to authorized personnel
Multi-factor authentication for administrative access
Regular security audits, monitoring, and rate limiting
Business Associate Agreements with all third-party vendors that may access PHI
Secure data deletion after retention periods expire
Breach detection and notification procedures
We share your information only as described below. We do not sell your personal information for monetary consideration.
We share your health information with the licensed Provider who reviews your intake and (if appropriate) with the licensed compounding pharmacy that fills your prescription. This sharing is essential for providing the Services and is permitted under HIPAA for treatment, payment, and healthcare operations.
We share information with third-party service providers that help us operate the Services. These providers are bound by contractual obligations (including Business Associate Agreements where applicable) to use the information only for the purposes for which we share it. Our key service providers include:
Vercel — website hosting and infrastructure
Clerk — user authentication and identity management
Stripe — payment processing and subscription management
Brevo — transactional and marketing email delivery
Anthropic — AI services for the chat widget and health intake processing
Google AI — image generation and AI services
The Medical Group and affiliated Providers — clinical review and prescribing
503A/503B compounding pharmacies — medication compounding and fulfillment
Shipping carriers (USPS, UPS, FedEx) — medication delivery
We may disclose information when we believe in good faith that disclosure is required to: (a) comply with a legal obligation, court order, subpoena, or other legal process; (b) protect and defend the rights or property of Pepvio; (c) prevent or investigate possible wrongdoing; (d) protect the personal safety of users or the public; or (e) protect against legal liability.
If Pepvio is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of company assets, your information may be transferred as part of that transaction. We will notify you (by email and a prominent notice on the Site) of any change in ownership or use of your information.
We may share information for any other purpose with your explicit consent.
Pepvio does not sell your personal information for monetary consideration. Pepvio does not share your protected health information for cross-context behavioral advertising. We may use limited non-health analytics data (such as page views and traffic sources) to improve our marketing, but we do not target ads based on your health information, intake responses, or any other PHI.
You have the following rights with respect to your personal information. To exercise any of these rights, contact us at privacy@pepvio.com. We will respond within the timeframe required by applicable law (generally 45 days, with one possible 45-day extension).
Right to access: request a copy of the personal information we hold about you
Right to correct: request that we correct inaccurate or incomplete personal information
Right to delete: request that we delete your personal information, subject to legal retention requirements (for example, medical records must be retained for the period required by state law, generally 7-10 years)
Right to portability: request a copy of your personal information in a structured, machine-readable format
Right to opt out of marketing: unsubscribe from marketing emails at any time using the unsubscribe link in any marketing email or by contacting us
Right to restrict or object: in some jurisdictions, request that we restrict or stop processing your personal information for certain purposes
Right to non-discrimination: we will not discriminate against you for exercising your privacy rights
Right to withdraw consent: where we rely on your consent to process information, you may withdraw consent at any time
Right to appeal: if we deny your request, you have the right to appeal our decision
When you submit a request to exercise your privacy rights, we may need to verify your identity before fulfilling the request. We may ask for information that matches what we have on file (such as your email, date of birth, or recent order details) to confirm that you are the person whose information is being requested. This helps protect you from unauthorized access to your information.
We retain your personal information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:
Account information: retained while your account is active and for a reasonable period after closure
Medical records and PHI: retained as required by state medical record retention laws, generally 7-10 years from the last date of treatment, or longer where required for minors
Photo identification: deleted automatically after the Provider completes their review of your intake
Payment records: retained as required by tax, financial, and legal obligations (generally 7 years)
Marketing data: retained until you opt out or withdraw consent
Analytics data: retained in aggregate and anonymized form indefinitely; identifiable analytics data is deleted within 26 months
Security and audit logs: retained for the period required by applicable security standards
We implement industry-standard administrative, physical, and technical security measures to protect your information from unauthorized access, use, disclosure, alteration, or destruction. These measures include:
Encryption in transit (TLS 1.2 or higher) and at rest
Strong authentication and access controls
Regular security testing and monitoring
Rate limiting and bot protection
Security headers (HSTS, CSP, X-Frame-Options) and content security policies
Multi-factor authentication for administrative accounts
Vendor security review and Business Associate Agreements
Incident response procedures and breach notification protocols
However, no method of electronic transmission or storage is 100% secure. If you have reason to believe your interaction with us is no longer secure (for example, if you believe your account has been compromised), please contact us immediately at security@pepvio.com.
We use cookies, web beacons, pixel tags, and similar tracking technologies on the Site for the following purposes:
Strictly necessary: required for the Site to function (authentication, security, session management)
Functional: remember your preferences (language, region, accessibility settings)
Analytics: understand how visitors use the Site to help us improve it
Advertising: measure the effectiveness of our advertising campaigns and limit the number of times you see an ad
You can manage cookie preferences through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. Note that disabling cookies may impair the functionality of certain features. We honor browser-level Global Privacy Control (GPC) signals as opt-out requests under applicable state laws.
The Services are not intended for individuals under 18 years of age, and we do not knowingly collect personal information from anyone under 18. If you are under 18, do not use the Services or provide any personal information. If we learn that we have collected personal information from a child under 18, we will delete that information promptly. If you believe we may have collected information from a child under 18, please contact us immediately at privacy@pepvio.com.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), including:
The right to know what categories of personal information we have collected, used, disclosed, and sold or shared
The right to delete personal information (subject to legal exceptions)
The right to correct inaccurate personal information
The right to opt out of the sale or sharing of personal information for cross-context behavioral advertising
The right to limit the use and disclosure of sensitive personal information
The right to non-discrimination for exercising your CCPA rights
Pepvio does not sell personal information for monetary consideration and does not share personal information for cross-context behavioral advertising. Health information collected through the Services is also subject to California's Confidentiality of Medical Information Act (CMIA) and additional consumer health data protections. See our California Consumer Health Data Notice.
Categories of personal information we collect (per Cal. Civ. Code § 1798.140):
Identifiers (name, email, phone, IP address)
Personal information categories listed in Cal. Civ. Code § 1798.80(e)
Protected classification characteristics (age, sex)
Commercial information (purchase history)
Internet or other electronic network activity information (browsing history on our Site)
Geolocation data (approximate, from IP)
Sensory data (photo ID for identity verification — temporarily stored)
Sensitive personal information (precise health information collected through the intake)
Inferences drawn from the above (peptide protocol matching)
To exercise your California rights or request your information, contact privacy@pepvio.comwith the subject line "California Privacy Request." You may also designate an authorized agent to make a request on your behalf, in which case the agent must provide proof of authorization.
Washington residents have additional rights under the My Health My Data Act, including the right to confirm whether we collect, share, or sell consumer health data; the right to access, delete, or withdraw consent for processing of consumer health data; and the right not to be discriminated against for exercising those rights. Pepvio does not sell consumer health data. To exercise these rights, contact privacy@pepvio.com.
Nevada residents have the right to opt out of the sale of certain covered information, even though Pepvio does not currently sell personal information. To submit a verified request to opt out, contact privacy@pepvio.com.
Residents of these states have similar rights under their respective state privacy laws, including the right to access, correct, delete, and obtain a portable copy of their personal information; the right to opt out of targeted advertising, sale, and certain profiling; and the right to appeal a denied request. Pepvio does not engage in targeted advertising or sale of personal information as defined under these laws. To exercise these rights, contact privacy@pepvio.com.
The Services are intended for users located in the United States. If you access the Services from outside the United States, you acknowledge that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country. By using the Services, you consent to such transfer and processing.
In the event of a data breach affecting your personal information, we will notify you and any required regulators in accordance with applicable laws, including HIPAA Breach Notification Rule and state breach notification statutes. Notifications will include the nature of the breach, the information affected, the steps we are taking in response, and recommended actions you can take to protect yourself.
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page, updating the "Last updated" date at the top, and (where required by law or for material changes) by sending you an email or providing a prominent notice on the Site. Your continued use of the Services after the effective date of the updated policy constitutes acceptance of the changes.
If you have questions about this Privacy Policy or our privacy practices:
Privacy: privacy@pepvio.com
Security: security@pepvio.com
HIPAA: hipaa@pepvio.com
Mailing address: Vio Platform LLC, 30 N Gould St, Ste N, Sheridan, WY 82801