TelePeptide Health
Privacy Policy
Effective Date: April 3, 2026 · Last Revised: April 13, 2026
This policy governs personal data collected through our website and marketing communications. For Protected Health Information collected during clinical intake, see our Notice of Privacy Practices.
1. Who We Are
TelePeptide Health ("TelePeptide," "we," "us," or "our") is a Florida-based telehealth platform. This Privacy Policy governs how we collect, use, disclose, and protect non-clinical personal information — including information submitted through our website, waitlist forms, and marketing communications. For Protected Health Information (PHI) collected during clinical intake, please see our Notice of Privacy Practices at /privacy-practices.
2. Information We Collect
We collect the following categories of personal information: (a) Contact and identity data — name, email address, phone number, and state of residence submitted through any form on this site; (b) Health and wellness information — body weight, BMI, medical history, current medications, and health goals you voluntarily submit during intake; (c) Payment data — billing name, address, and payment card details processed and stored by Stripe (we do not store card numbers); (d) Marketing interaction data — email open events, link clicks, unsubscribe status, and campaign history; (e) Technical data — IP address, browser type, device type, and pages visited, collected via standard server logs and analytics; (f) Apollo.io-sourced prospect data — for individuals in our marketing database, we may hold name, professional title, employer, email address, LinkedIn URL, and location sourced from publicly available professional directories via Apollo.io.
3. How We Use Your Information
We use your information to: (a) respond to intake submissions and waitlist sign-ups; (b) coordinate care with licensed physicians and compounding pharmacies; (c) process payments and manage subscriptions through Stripe; (d) send marketing emails about our programs, health content, and updates — only where you have consented or where permitted by law; (e) honor unsubscribe requests and maintain suppression lists; (f) analyze campaign performance and improve our services; (g) comply with legal obligations including HIPAA, CAN-SPAM, and Florida telehealth regulations; and (h) prevent fraud, abuse, and security incidents.
4. Marketing Emails and CAN-SPAM
If you submitted your email address through our waitlist, intake form, or any other form on this site, you consent to receive marketing emails from TelePeptide Health. All marketing emails comply with the CAN-SPAM Act (15 U.S.C. § 7701 et seq.): they clearly identify TelePeptide as the sender, include our physical mailing address, and include a functional one-click unsubscribe link. We honor opt-out requests within 10 business days. You can unsubscribe at any time by clicking the link in any email or emailing unsubscribe@telepeptide.org. If we source your contact information from a third-party directory (e.g., Apollo.io), we treat it as a cold outreach and include all required CAN-SPAM disclosures in the first message. We do not send emails to individuals who have previously opted out or whose email has hard-bounced.
5. Third-Party Processors We Use
We share your data only with the following categories of trusted processors, each under written data-processing agreements: (a) Stripe — payment processing and subscription management; (b) Resend — transactional and marketing email delivery; (c) Supabase — cloud database and backend infrastructure; (d) Apollo.io — business contact data platform used to source prospect information (name, professional title, employer, and business email) from publicly available professional directories for marketing outreach purposes; (e) Origami — a contact intelligence and data enrichment service used to verify, supplement, and score prospect records in our marketing database, including appending professional attributes such as industry, title, and employer from aggregated public sources; (f) A contracted telehealth infrastructure provider — we work with a third-party telehealth enablement network that provides the licensed physician network, clinical workflow infrastructure, and credentialing services that allow TelePeptide to connect patients with qualified providers. This partner processes intake data solely to facilitate provider matching and clinical review under a HIPAA-compliant Business Associate Agreement; (g) Licensed compounding pharmacies — for prescription fulfillment; (h) Vercel — cloud hosting and edge delivery. We do not sell your personal information to any third party, ever.
5a. Supabase and Resend — BAA Status and Consent
Two of our infrastructure providers process data on our behalf in ways that may involve Protected Health Information (PHI) or personally identifiable information (PII), and therefore require HIPAA-compliant Business Associate Agreements (BAAs): (a) Supabase stores all patient intake and clinical lead data in its cloud database infrastructure. TelePeptide Health is in the process of executing or has executed a HIPAA BAA with Supabase. Until BAA execution is confirmed in writing, users should be aware that Supabase's storage of PHI operates under regulatory risk. (b) Resend delivers transactional emails (including patient confirmation emails) that may contain patient names and program details. TelePeptide Health is in the process of executing or has executed a HIPAA BAA with Resend. Until BAA execution is confirmed, email transmissions involving PHI through Resend carry regulatory risk. By using this site and submitting personal or health information, you acknowledge that your data may be processed by Supabase and Resend as described above, and you consent to this processing subject to the BAA status disclosed here. You may request written confirmation of BAA execution status by emailing privacy@telepeptide.org.
6. Use of Artificial Intelligence
TelePeptide Health uses AI-assisted tools in limited, non-clinical contexts. Specifically: (a) Marketing content generation — we use AI language models to assist in drafting marketing email copy and campaign content. These tools receive only non-PHI information such as program names and general audience descriptions. No patient health information is ever submitted to AI tools for content generation. (b) Lead research and enrichment — our internal marketing pipeline uses AI to research and score prospective contacts using only publicly available professional information (title, employer, industry). No PHI is processed by these tools. (c) We do not use AI to make clinical decisions, evaluate patient eligibility, or assist in prescribing. All clinical decisions are made solely by licensed physicians. If we introduce AI tools into clinical workflows in the future, we will update this policy and ensure any such tool operates under a HIPAA-compliant Business Associate Agreement.
7. Cookies and Analytics
We use standard server-side analytics and may use first-party cookies to maintain session state in the provider portal. We do not use third-party advertising trackers or cross-site tracking cookies. If we add analytics tools in the future, this policy will be updated and users will be notified.
8. Data Retention
We retain personal information for as long as necessary to provide services, comply with legal obligations, resolve disputes, and enforce our agreements. Marketing contact data for individuals who have not become patients is retained for up to 2 years from the date of last interaction or until an opt-out is received. Clinical intake data is retained in accordance with Florida medical records laws (minimum 5 years for adult patients). Payment records are retained as required by applicable tax and financial regulations.
9. Your Rights
Depending on your state of residence, you may have the right to: (a) access a copy of the personal information we hold about you; (b) correct inaccurate information; (c) request deletion of your personal information (subject to legal retention obligations); (d) opt out of marketing communications at any time; (e) data portability where technically feasible. To exercise any of these rights, email privacy@telepeptide.org with your full name and email address. We will respond within 30 days. Note: deletion requests for PHI submitted during clinical intake are subject to Florida medical records retention requirements and HIPAA.
10. Security
We implement industry-standard security measures including TLS encryption in transit, encryption at rest for sensitive data, role-based access controls, audit logging, and HMAC-signed session tokens. However, no system is 100% secure. In the event of a data breach affecting your information, we will notify you as required by applicable law.
11. Children
Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, contact privacy@telepeptide.org immediately and we will delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email or a notice on the site at least 15 days before they take effect. The "Last Revised" date at the top of this page reflects the most recent update.
13. Contact
Privacy questions and data requests: privacy@telepeptide.org. Unsubscribe requests: unsubscribe@telepeptide.org. General support: help@telepeptide.org.
TelePeptide Health · 2077 Center Ave, Apt 9J, Fort Lee, NJ 07024 · privacy@telepeptide.org