Privacy Policy

1. Who We Are

PepLab ("PepLab," "we," "us," or "our") operates peplab.health. PepLab is a technology and care coordination platform, not a healthcare provider. We facilitate access to licensed independent physicians who provide clinical services. We do not practice medicine or provide medical advice.

2. Information We Collect

Information you provide directly:

• Contact information: name, email address, phone number, mailing address
• Application information: health history, symptoms, prior treatments, performance goals
• Health and medical information: lab results, physician notes, protocol information
• Payment information: processed through secure third-party payment processors; we do not store payment card data

Information collected automatically:

• Device and browser information, IP address, operating system
• Usage data: pages visited, time on site, referring URLs
• Cookies and similar tracking technologies (see Section 7)

3. How We Use Your Information

• To review your application and assess clinical appropriateness
• To coordinate care between you and licensed physicians in our network
• To communicate about your account, program status, and protocol updates
• To process payments and manage billing
• To send program updates and clinical insights you have opted into
• To improve our platform and services
• To comply with legal obligations and applicable regulations
• To protect against unauthorized access, fraud, and abuse

4. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

• Licensed physicians: Health information is shared with the independent physician managing your care, solely for the purpose of providing clinical services
• Compounding pharmacies: Prescription information necessary for fulfillment is shared with your licensed pharmacy partner
• Service providers: HIPAA-compliant vendors who assist in operating our platform (hosting, payment processing, communication tools) under appropriate data processing agreements
• Legal requirements: When required by law, court order, or to protect the rights and safety of PepLab, our users, or the public
• Business transfers: In connection with a merger, acquisition, or sale of assets, with appropriate notice to affected users

5. HIPAA and Protected Health Information

Health information collected in connection with clinical services is Protected Health Information (PHI) under HIPAA. PHI is used and disclosed only as required to provide and coordinate your care, as required by law, and as otherwise permitted under HIPAA. You have the right to access, correct, and request deletion of your PHI. To exercise these rights, contact us at .

PepLab functions as a Business Associate under HIPAA with respect to PHI handled on behalf of your treating physician. Our clinical infrastructure partners operate under Business Associate Agreements that require HIPAA-compliant handling of health information.

6. Data Security

We implement industry-standard security measures including encryption in transit (TLS) and at rest, access controls, and regular security assessments. No method of internet transmission is fully secure. We cannot guarantee absolute security, but we notify affected users and applicable regulators in the event of a breach as required by law.

7. Cookies

We use cookies and similar technologies to improve your experience, analyze usage, and maintain session state. You can control cookie preferences through your browser settings or the consent banner on our site. Declining cookies does not affect your ability to use core platform features.

We do not use cookies for targeted advertising or share cookie data with advertising networks.

8. Your Rights

Depending on your location, you may have rights under applicable privacy laws (CCPA, GDPR, state privacy laws) including:

• Right to know what personal information we collect and how it is used
• Right to access, correct, or delete your personal information
• Right to opt out of the sale of personal information (we do not sell personal information)
• Right to data portability
• Right to non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us at . We will respond within 45 days.

9. Children

PepLab does not knowingly collect personal information from individuals under 18 years of age. Our services are not directed to minors. If we become aware that we have collected information from a minor, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or by posting a notice on our website. Continued use of the platform after changes take effect constitutes acceptance of the updated policy.

11. Contact

Questions about this Privacy Policy or our data practices: