PEPTPlus
PrivacyTermsLog in

Privacy Policy

Last revised: June 2026

This Privacy Policy describes how PEPTPlus (“PEPTPlus,” “we,” “us”) collects, uses, discloses, and protects information in connection with our platform that coordinates compounded prescriptions among licensed healthcare providers, verified 503A/503B compounding pharmacies, and patients. By using the platform you agree to the practices described here.

1. Who this policy covers

PEPTPlus serves three primary types of users, and our handling of information differs by role:

  • Providers: licensed prescribers and their clinic staff who place and manage prescriptions.
  • Pharmacies: 503A and 503B compounding pharmacies that receive, fill, and ship orders.
  • Patients: individuals who receive compounded medications dispensed by a partner pharmacy.

2. Information we collect

Account & organization information

Names, business and contact details, professional license and credentialing information, role assignments, and organization affiliation used to create and administer accounts.

Prescription & clinical information

Prescription details, compound and dosing information, patient demographics, and related clinical notes necessary to route, fill, and fulfill an order. Some of this may constitute Protected Health Information (see Section 5).

Transaction & fulfillment information

Order status, pharmacy matching and routing data, shipment and delivery details, and payment metadata. Card payments are processed by a third-party payment processor; we do not store full card numbers.

Technical information

Log data, device and browser information, and audit-trail records of actions taken within the platform.

3. How we use information

  • To operate the platform: routing prescriptions to verified pharmacies, coordinating fulfillment, and tracking outcomes.
  • To verify provider and pharmacy eligibility, licensure, and credentials.
  • To enforce that only FDA-eligible compounds are listed and prescribed.
  • To maintain security, prevent fraud, and keep an append-only audit trail.
  • To provide support and communicate about accounts, orders, and service changes.
  • To comply with legal, regulatory, and pharmacy-practice obligations.

4. How information is shared

We share information only as needed to deliver the service, including:

  • With the pharmacy matched to fill and ship a given prescription.
  • With the prescribing provider and their authorized clinic staff.
  • With service providers acting on our behalf (e.g., hosting, payment processing, communications) under contract.
  • As required by law, regulation, or valid legal process.

We do not sell personal information.

5. Protected Health Information (PHI) & HIPAA

Certain prescription and patient information processed through the platform may constitute Protected Health Information under the Health Insurance Portability and Accountability Act (HIPAA). Where PEPTPlus acts as a business associate, our handling of PHI is governed by applicable Business Associate Agreements (BAAs) with the relevant covered entities, and we apply administrative, technical, and physical safeguards intended to protect that information.

Patient-identifying communications are only sent through channels covered by an appropriate BAA. We limit access to PHI to personnel and partners with a legitimate need, and we log access to support accountability.

6. Interim synthetic-data notice

During the platform’s interim build-and-evaluation phase, environments may be populated with synthetic (non-real) data for development, testing, and demonstration. Synthetic records do not describe real individuals. Where real patient-identifying data is introduced, it is handled under the PHI safeguards and BAA arrangements described in Section 5.

7. Data security

We use reasonable administrative, technical, and physical safeguards designed to protect information against unauthorized access, loss, or misuse, including access controls, encryption in transit, and audit logging. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Data retention

We retain information for as long as needed to provide the service and to meet legal, regulatory, and pharmacy record-keeping requirements, after which it is deleted or de-identified in accordance with applicable law.

9. Your choices & rights

Depending on your role and jurisdiction, you may have rights to access, correct, or request deletion of certain information. Patients should generally direct medical-record requests to the prescribing provider or dispensing pharmacy. Contact us using the details below to make a request.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the platform or by other reasonable means. Continued use after an update constitutes acceptance of the revised policy.

11. Contact us

Questions about this policy? and mention “privacy” in your message.

PEPTPlus
For ProvidersFor PharmaciesDevelopers / APIInvestBlogLog in
© 2026 PEPTPlus · All rights reserved · For licensed healthcare providers only.
Privacy Policy·Terms of Use·Security