California Consumer Health Data Notice

Last updated: April 8, 2026

This California Consumer Health Data Notice ("Notice") supplements our Privacy Policyand describes how Vio Platform LLC d/b/a Pepvio ("Pepvio," "we," "our," or "us") collects, uses, shares, and protects consumer health data of California residents. It also describes your rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and the Confidentiality of Medical Information Act (CMIA).

1. What Is Consumer Health Data?

Consumer health data includes any personal information that identifies your past, present, or future physical or mental health status, including:

  • Information about health conditions, symptoms, diagnoses, treatments, or medications
  • Information about your interactions with healthcare providers, including telehealth interactions
  • Biometric and physiological data (height, weight, body measurements)
  • Information about reproductive or sexual health
  • Information about mental or emotional health
  • Information that could be used to infer health status (such as searches, purchases, or browsing related to health topics)
  • Genetic information
  • Precise geolocation data that could indicate visits to healthcare facilities

2. What Consumer Health Data We Collect

From California residents using the Pepvio Services, we collect the following categories of consumer health data:

  • Health intake responses: medical history, current medications and supplements, allergies, contraindications screening (active cancer, pregnancy, kidney disease, liver disease, heart conditions, blood clots, autoimmune conditions, etc.), symptoms, severity, duration, biological sex, height, and weight
  • Treatment goals: peptide therapy goals (recovery, longevity, body composition, immune support, cognitive function)
  • Provider communications: messages between you and your healthcare provider about your treatment
  • Prescription history: medications prescribed, doses, fulfillment dates
  • Identity verification: photo identification (temporarily stored, then deleted after provider review)
  • Inferences: peptide protocol matching based on your intake responses

3. How We Use Consumer Health Data

We use consumer health data only for the following purposes:

  • To provide telehealth services through licensed healthcare providers
  • To facilitate prescription review and fulfillment by licensed compounding pharmacies
  • To communicate with you about your treatment, prescriptions, and care
  • To improve the safety and quality of care
  • To comply with legal and regulatory obligations, including state and federal medical record retention laws
  • To respond to your privacy requests and inquiries
  • To prevent fraud and protect the rights, property, and safety of users

We do not use consumer health data for targeted advertising, cross-context behavioral advertising, or for sale to third parties.

4. With Whom We Share Consumer Health Data

We share consumer health data only with:

  • Licensed healthcare providers within the Pepvio-affiliated Medical Group, for the purpose of clinical review and prescribing
  • Licensed 503A and 503B compounding pharmacies, for the purpose of compounding and dispensing prescribed medications
  • HIPAA Business Associates (our service providers), bound by Business Associate Agreements that require them to protect the data and use it only for the purposes for which it is shared. Our key business associates include Vercel (hosting), Clerk (authentication), Brevo (email), Stripe (payment processing), and Anthropic (AI services)
  • Government agencies and law enforcement, as required by law (subpoena, court order, or other legal process)
  • You, upon your request to access, port, or download your information

We do not sell consumer health data. We do not share consumer health data for cross-context behavioral advertising.

5. Your Rights Under California Law

5.1 Right to Know

You have the right to request that we disclose the categories of consumer health data we have collected about you, the categories of sources from which the data is collected, the business or commercial purposes for collecting the data, the categories of third parties with whom we share the data, and the specific pieces of consumer health data we have collected about you.

5.2 Right to Delete

You have the right to request that we delete consumer health data that we have collected from you. We must comply with this request unless an exception applies. Exceptions include:

  • Information needed to complete a transaction or provide a service you requested
  • Information needed to detect security incidents or protect against fraudulent or illegal activity
  • Information that must be retained by law (medical records must be retained for the period required by California law, generally seven (7) years from the last date of care, longer for minors)
  • Information needed for internal uses that align with your reasonable expectations

5.3 Right to Correct

You have the right to request that we correct inaccurate consumer health data we have collected about you.

5.4 Right to Portability

You have the right to receive a copy of your consumer health data in a structured, commonly used, and machine-readable format.

5.5 Right to Limit Use of Sensitive Personal Information

Health information is considered sensitive personal information under California law. You have the right to limit our use of sensitive personal information to only those uses necessary to provide the services you requested. We already limit our use of consumer health data to these purposes.

5.6 Right to Opt Out of Sale or Sharing

You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. Pepvio does not sell or share consumer health data. However, you may still submit a request to confirm that we are not selling or sharing your data.

5.7 Right to Non-Discrimination

You have the right not to be discriminated against for exercising any of your CCPA rights. We will not deny you services, charge you a different price, or provide a different level or quality of service because you exercised your privacy rights.

5.8 Right to Appeal

If we deny your privacy request, you have the right to appeal our decision. To appeal, contact privacy@pepvio.comwith the subject line "California Privacy Appeal."

6. How to Exercise Your Rights

To exercise any of your rights under this Notice, contact us in any of the following ways:

  • Email: privacy@pepvio.com with the subject line "California Privacy Request"
  • Account dashboard: log in to your account and submit a request through the privacy section

We will verify your identity before responding to a request. We may ask you to provide information that matches what we have on file (such as your email address, date of birth, or recent order details). This is to protect you from unauthorized access to your information.

We will respond to verifiable requests within 45 days, with one possible 45-day extension if necessary. There is no charge for exercising your rights, unless your request is excessive or unfounded.

7. Authorized Agents

You may designate an authorized agent to make a privacy request on your behalf. The authorized agent must provide proof of authorization (such as a written, signed authorization from you, or a power of attorney). We may also require you to verify your identity directly with us, even when using an authorized agent.

8. Confidentiality of Medical Information Act (CMIA)

In addition to CCPA rights, your medical information is protected under California's Confidentiality of Medical Information Act (Cal. Civ. Code §§ 56-56.37). The CMIA prohibits the disclosure of medical information without your authorization, except in limited circumstances (such as for treatment, payment, healthcare operations, or as required by law).

9. Notice at Collection

At or before the point of collection, we provide a notice describing the categories of personal information we collect and the purposes for which they will be used. This Notice and our Privacy Policy serve as that notice.

10. Retention

We retain consumer health data only for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically, medical records are retained for the period required by California law (generally 7 years from the last date of care, longer for minors). Photo identification is deleted automatically after the Provider completes their review.

11. Children Under 16

The Services are not intended for individuals under 18, and we do not knowingly collect consumer health data from children under 16. If we learn we have collected such data, we will delete it promptly.

12. Changes to This Notice

We may update this Notice from time to time. We will post the updated Notice on this page and update the "Last updated" date. Material changes will be communicated by email or a prominent notice on the Site.

13. Contact

For privacy questions or to exercise your rights:

  • Email: privacy@pepvio.com
  • Mailing address: Vio Platform LLC, 30 N Gould St, Ste N, Sheridan, WY 82801