Privacy Policy

01Entities Covered by This Policy

PEPT and [Telehealth Provider Name] operate under a management-services structure:

• [Telehealth Provider Name] is an independent professional practice that provides all clinical services.
• PEPT, Inc. provides non-clinical services such as scheduling, technology, communications, payment processing, marketing, and administrative support.

Medical records created by the Telehealth Provider are protected under HIPAA and are not governed by all provisions of this Policy.

PEPT does not access or use protected health information (“PHI”) except as permitted under HIPAA-compliant business-associate arrangements.

02Information We Collect

We collect information in the following ways:

A. Information you provide directly

• Personal identifiers (name, address, date of birth, phone number, email)
• Account-registration information
• Appointment information
• Payment and billing details
• Medical history, symptoms, and intake information (for Telehealth Services)
• Communications you send to PEPT or the Telehealth Provider
• Uploaded documents, photos, lab results, or medical data

B. Information collected during Telehealth Services

The Telehealth Provider may collect:

• Medical history and clinical data
• Symptoms, diagnostic information, and treatment responses
• Prescriptions, lab orders, and clinical notes
• Video, audio, chat, and message content used for clinical purposes

This information is classified as Protected Health Information (PHI) under HIPAA.

C. Information collected automatically

When you use the Site, we may collect:

• Device information (IP address, browser type, operating system)
• Cookies and tracking technologies
• Log data (pages viewed, time spent, links clicked)
• Approximate location information
• Usage information for analytics and fraud prevention

D. Information from third parties

We may receive information from:

• Payment processors (e.g., Stripe)
• Laboratories and pharmacies
• Referral partners or affiliates
• Identity-verification services

03How We Use Your Information

PEPT and the Telehealth Provider use information for different purposes depending on the nature of your interaction.

A. Use by the Telehealth Provider

For clinical purposes:

• Evaluating your health
• Providing telehealth consultations
• Diagnosing and treating conditions
• Prescribing medications
• Ordering and reviewing diagnostic tests
• Communicating with you about your care
• Maintaining medical records
• Complying with HIPAA and medical regulations

This data is used solely to deliver medical care.

B. Use by PEPT (non-clinical purposes)

For administrative, operational, and business purposes:

• Operating and improving the Site
• Processing payments
• Scheduling appointments
• Providing customer support
• Sending administrative or service-related messages
• Fraud prevention and security
• Internal analytics
• Marketing and advertising (only where permitted)
• User-account management
• Enforcing our Terms of Use

PEPT does not use PHI for marketing without explicit, HIPAA-compliant authorization.

04How We Share Your Information

We may share information under the following circumstances:

A. With the Telehealth Provider

To provide Telehealth Services, PEPT may share:

• Contact information
• Intake data
• Information necessary to schedule or support healthcare delivery

All clinical information is handled directly by the Telehealth Provider under HIPAA.

B. Service providers & vendors

PEPT may share information with:

• Payment processors
• Cloud-service providers
• Communication platforms (SMS / email systems)
• Analytics providers
• Pharmacy and laboratory partners
• IT and security providers

All PHI shared is governed by HIPAA business-associate agreements where required.

C. Legal, regulatory, and safety requirements

Information may be disclosed:

• To comply with applicable laws
• To respond to subpoenas or legal process
• To protect against fraud or security threats
• To protect patient safety or public health

D. Corporate transactions

In the event of a merger, acquisition, financing, or sale of assets, information may be transferred as permitted by law.

05Cookies & Tracking Technologies

We may use:

• Cookies
• Pixels
• Web beacons
• Session tracking
• Analytics tools (e.g., Google Analytics)

These help us improve the user experience, measure effectiveness, and enhance Site functionality.

You can adjust your browser settings to disable cookies, but certain features may not function correctly.

06HIPAA and Protected Health Information (PHI)

The Telehealth Provider is a HIPAA-covered entity, and PEPT may operate as its business associate for certain functions.

Your PHI:

• Is used only for treatment, payment, and healthcare operations
• Is protected under federal and state law
• Is not used for marketing without written authorization
• Is not sold under any circumstances

07Data Security

We use industry-standard security measures to protect your personal information, including:

• Encryption of sensitive data
• Secure servers
• Access controls
• Audit logs
• Periodic security assessments

However, no system is 100% secure. You acknowledge that transmitting information over the internet is done at your own risk.

08Data Retention

We retain:

• Medical records — for as long as required by state law and medical regulations
• Non-medical user data — for as long as necessary for operational, legal, and business purposes

You may request deletion of certain data, but medical records cannot be deleted before regulatory requirements are met.

09Your Rights

Depending on your jurisdiction, you may have the right to:

• Access your personal information
• Request corrections
• Request deletion (where permitted)
• Opt out of marketing communications
• Request restrictions on certain uses of PHI (HIPAA)
• Obtain a copy of your medical records (HIPAA)

To exercise rights related to PHI, contact the Telehealth Provider. For all other requests, email members@trypept.com.

10Children's Privacy

The Site is not intended for individuals under 18 years of age. We do not knowingly collect information from minors.

11Third-Party Links

The Site may contain links to external websites not controlled by PEPT. We are not responsible for the privacy practices of third parties.

12California Privacy Rights (CCPA / CPRA)

California residents may:

• Request disclosure of the personal information collected about them
• Request deletion (subject to exceptions)
• Opt out of certain data sharing
• Request correction of inaccurate information
• Not be discriminated against for exercising privacy rights

We do not sell personal information. To exercise California privacy rights, email members@trypept.com.

13International Users

The Site is operated in the United States. If you access it from outside the U.S., you consent to your information being processed within the U.S.

14Changes to This Privacy Policy

We may update this Policy periodically. The updated Policy will be posted on the Site with a new “Last updated” date. Continued use of the Site constitutes acceptance of the changes.

15Contact Us