Privacy Policy

Last updated: April 8, 2026

This Privacy Policy describes how Vio Platform LLC d/b/a Pepvio ("Pepvio," "we," "our," or "us") collects, uses, shares, and protects information about you when you visit pepvio.com (the "Site") or use our services (collectively, the "Services"). It applies to all visitors and users of the Services.

Health information protected by HIPAA is also governed by our Notice of Privacy Practices. California, Washington, Nevada, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and Montana residents have additional rights described in Section 11. California consumer health data is also subject to additional protections described in our California Consumer Health Data Notice.

1. Information We Collect

1.1 Information You Provide

  • Account information: name, email address, phone number, date of birth, password
  • Health intake information: medical history, current medications, supplements, allergies, contraindications screening, symptoms, severity, duration, biological sex, height, weight, peptide therapy goals, and any other information you submit through the health intake
  • Identity verification: photo identification you upload for verification (which is reviewed by your Provider and then deleted after their decision)
  • Shipping information: mailing address, delivery instructions
  • Payment information: processed by our payment processor (Stripe). Pepvio does not store credit card numbers, full bank account numbers, or CVV codes on its own servers
  • Communications: messages you send through the Pepvio chat widget, email correspondence with support, and any other communications
  • Marketing preferences: early access list signups, email subscription preferences

1.2 Information Collected Automatically

  • Device and browser information (operating system, browser type and version, screen resolution, language)
  • IP address and approximate geographic location
  • Pages visited, links clicked, time spent on pages, and other interaction data
  • Referring URLs and search terms that brought you to the Site
  • UTM parameters for marketing attribution
  • Cookies and similar tracking technologies (see Section 9)

1.3 Information from Third Parties

  • Payment confirmation and dispute information from our payment processor
  • Shipment tracking information from the compounding pharmacy and shipping carriers
  • Authentication information from Clerk (our identity provider) when you create an account or sign in
  • Marketing analytics data from advertising platforms when you arrive at our site from an ad

2. How We Use Your Information

We use your information to:

  • Provide the Services, including matching you with a licensed Provider, facilitating prescription review, processing payments, and arranging shipment of any prescribed medication
  • Verify your identity and prevent fraud
  • Communicate with you about your account, orders, prescriptions, and customer support
  • Send transactional emails (order confirmations, shipping notices, prescription updates, refill reminders)
  • Send marketing communications about Pepvio products and services, where permitted (you can opt out at any time)
  • Improve and personalize the Services and develop new features
  • Conduct analytics about usage patterns and Service performance
  • Comply with legal, regulatory, and contractual obligations
  • Protect the rights, property, and safety of Pepvio, our users, and third parties
  • Enforce our Terms of Service and other policies

3. HIPAA-Protected Health Information

Health information you provide through your health intake, communications with your Provider, and clinical records is treated as Protected Health Information (PHI) under HIPAA when held by the Medical Group or by Pepvio acting as a Business Associate. PHI is governed by separate, more protective rules described in our Notice of Privacy Practices.

Pepvio implements administrative, physical, and technical safeguards to protect PHI, including:

  • Encryption in transit (TLS 1.2 or higher) and at rest
  • Access controls and role-based permissions limiting PHI to authorized personnel
  • Multi-factor authentication for administrative access
  • Regular security audits, monitoring, and rate limiting
  • Business Associate Agreements with all third-party vendors that may access PHI
  • Secure data deletion after retention periods expire
  • Breach detection and notification procedures

4. How We Share Your Information

We share your information only as described below. We do not sell your personal information for monetary consideration.

4.1 With Healthcare Providers and Pharmacies

We share your health information with the licensed Provider who reviews your intake and (if appropriate) with the licensed compounding pharmacy that fills your prescription. This sharing is essential for providing the Services and is permitted under HIPAA for treatment, payment, and healthcare operations.

4.2 With Service Providers

We share information with third-party service providers that help us operate the Services. These providers are bound by contractual obligations (including Business Associate Agreements where applicable) to use the information only for the purposes for which we share it. Our key service providers include:

  • Vercel — website hosting and infrastructure
  • Clerk — user authentication and identity management
  • Stripe — payment processing and subscription management
  • Brevo — transactional and marketing email delivery
  • Anthropic — AI services for the chat widget and health intake processing
  • Google AI — image generation and AI services
  • The Medical Group and affiliated Providers — clinical review and prescribing
  • 503A/503B compounding pharmacies — medication compounding and fulfillment
  • Shipping carriers (USPS, UPS, FedEx) — medication delivery

4.3 Legal and Safety

We may disclose information when we believe in good faith that disclosure is required to: (a) comply with a legal obligation, court order, subpoena, or other legal process; (b) protect and defend the rights or property of Pepvio; (c) prevent or investigate possible wrongdoing; (d) protect the personal safety of users or the public; or (e) protect against legal liability.

4.4 Business Transfers

If Pepvio is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of company assets, your information may be transferred as part of that transaction. We will notify you (by email and a prominent notice on the Site) of any change in ownership or use of your information.

4.5 With Your Consent

We may share information for any other purpose with your explicit consent.

4.6 We Do Not Sell or Share for Cross-Context Behavioral Advertising

Pepvio does not sell your personal information for monetary consideration. Pepvio does not share your protected health information for cross-context behavioral advertising. We may use limited non-health analytics data (such as page views and traffic sources) to improve our marketing, but we do not target ads based on your health information, intake responses, or any other PHI.

5. Your Privacy Rights

You have the following rights with respect to your personal information. To exercise any of these rights, contact us at privacy@pepvio.com. We will respond within the timeframe required by applicable law (generally 45 days, with one possible 45-day extension).

  • Right to access: request a copy of the personal information we hold about you
  • Right to correct: request that we correct inaccurate or incomplete personal information
  • Right to delete: request that we delete your personal information, subject to legal retention requirements (for example, medical records must be retained for the period required by state law, generally 7-10 years)
  • Right to portability: request a copy of your personal information in a structured, machine-readable format
  • Right to opt out of marketing: unsubscribe from marketing emails at any time using the unsubscribe link in any marketing email or by contacting us
  • Right to restrict or object: in some jurisdictions, request that we restrict or stop processing your personal information for certain purposes
  • Right to non-discrimination: we will not discriminate against you for exercising your privacy rights
  • Right to withdraw consent: where we rely on your consent to process information, you may withdraw consent at any time
  • Right to appeal: if we deny your request, you have the right to appeal our decision

6. Verification of Requests

When you submit a request to exercise your privacy rights, we may need to verify your identity before fulfilling the request. We may ask for information that matches what we have on file (such as your email, date of birth, or recent order details) to confirm that you are the person whose information is being requested. This helps protect you from unauthorized access to your information.

7. Data Retention

We retain your personal information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

  • Account information: retained while your account is active and for a reasonable period after closure
  • Medical records and PHI: retained as required by state medical record retention laws, generally 7-10 years from the last date of treatment, or longer where required for minors
  • Photo identification: deleted automatically after the Provider completes their review of your intake
  • Payment records: retained as required by tax, financial, and legal obligations (generally 7 years)
  • Marketing data: retained until you opt out or withdraw consent
  • Analytics data: retained in aggregate and anonymized form indefinitely; identifiable analytics data is deleted within 26 months
  • Security and audit logs: retained for the period required by applicable security standards

8. Data Security

We implement industry-standard administrative, physical, and technical security measures to protect your information from unauthorized access, use, disclosure, alteration, or destruction. These measures include:

  • Encryption in transit (TLS 1.2 or higher) and at rest
  • Strong authentication and access controls
  • Regular security testing and monitoring
  • Rate limiting and bot protection
  • Security headers (HSTS, CSP, X-Frame-Options) and content security policies
  • Multi-factor authentication for administrative accounts
  • Vendor security review and Business Associate Agreements
  • Incident response procedures and breach notification protocols

However, no method of electronic transmission or storage is 100% secure. If you have reason to believe your interaction with us is no longer secure (for example, if you believe your account has been compromised), please contact us immediately at security@pepvio.com.

9. Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies on the Site for the following purposes:

  • Strictly necessary: required for the Site to function (authentication, security, session management)
  • Functional: remember your preferences (language, region, accessibility settings)
  • Analytics: understand how visitors use the Site to help us improve it
  • Advertising: measure the effectiveness of our advertising campaigns and limit the number of times you see an ad

You can manage cookie preferences through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. Note that disabling cookies may impair the functionality of certain features. We honor browser-level Global Privacy Control (GPC) signals as opt-out requests under applicable state laws.

10. Children's Privacy

The Services are not intended for individuals under 18 years of age, and we do not knowingly collect personal information from anyone under 18. If you are under 18, do not use the Services or provide any personal information. If we learn that we have collected personal information from a child under 18, we will delete that information promptly. If you believe we may have collected information from a child under 18, please contact us immediately at privacy@pepvio.com.

11. State-Specific Privacy Disclosures

California Residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), including:

  • The right to know what categories of personal information we have collected, used, disclosed, and sold or shared
  • The right to delete personal information (subject to legal exceptions)
  • The right to correct inaccurate personal information
  • The right to opt out of the sale or sharing of personal information for cross-context behavioral advertising
  • The right to limit the use and disclosure of sensitive personal information
  • The right to non-discrimination for exercising your CCPA rights

Pepvio does not sell personal information for monetary consideration and does not share personal information for cross-context behavioral advertising. Health information collected through the Services is also subject to California's Confidentiality of Medical Information Act (CMIA) and additional consumer health data protections. See our California Consumer Health Data Notice.

Categories of personal information we collect (per Cal. Civ. Code § 1798.140):

  • Identifiers (name, email, phone, IP address)
  • Personal information categories listed in Cal. Civ. Code § 1798.80(e)
  • Protected classification characteristics (age, sex)
  • Commercial information (purchase history)
  • Internet or other electronic network activity information (browsing history on our Site)
  • Geolocation data (approximate, from IP)
  • Sensory data (photo ID for identity verification — temporarily stored)
  • Sensitive personal information (precise health information collected through the intake)
  • Inferences drawn from the above (peptide protocol matching)

To exercise your California rights or request your information, contact privacy@pepvio.comwith the subject line "California Privacy Request." You may also designate an authorized agent to make a request on your behalf, in which case the agent must provide proof of authorization.

Washington Residents (My Health My Data Act)

Washington residents have additional rights under the My Health My Data Act, including the right to confirm whether we collect, share, or sell consumer health data; the right to access, delete, or withdraw consent for processing of consumer health data; and the right not to be discriminated against for exercising those rights. Pepvio does not sell consumer health data. To exercise these rights, contact privacy@pepvio.com.

Nevada Residents

Nevada residents have the right to opt out of the sale of certain covered information, even though Pepvio does not currently sell personal information. To submit a verified request to opt out, contact privacy@pepvio.com.

Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and Montana Residents

Residents of these states have similar rights under their respective state privacy laws, including the right to access, correct, delete, and obtain a portable copy of their personal information; the right to opt out of targeted advertising, sale, and certain profiling; and the right to appeal a denied request. Pepvio does not engage in targeted advertising or sale of personal information as defined under these laws. To exercise these rights, contact privacy@pepvio.com.

12. International Users

The Services are intended for users located in the United States. If you access the Services from outside the United States, you acknowledge that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country. By using the Services, you consent to such transfer and processing.

13. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you and any required regulators in accordance with applicable laws, including HIPAA Breach Notification Rule and state breach notification statutes. Notifications will include the nature of the breach, the information affected, the steps we are taking in response, and recommended actions you can take to protect yourself.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page, updating the "Last updated" date at the top, and (where required by law or for material changes) by sending you an email or providing a prominent notice on the Site. Your continued use of the Services after the effective date of the updated policy constitutes acceptance of the changes.

15. Contact Us

If you have questions about this Privacy Policy or our privacy practices:

  • Privacy: privacy@pepvio.com
  • Security: security@pepvio.com
  • HIPAA: hipaa@pepvio.com
  • Mailing address: Vio Platform LLC, 30 N Gould St, Ste N, Sheridan, WY 82801