TelePeptide Health
Notice of Privacy Practices
Effective Date: April 3, 2026 · Last Revised: April 13, 2026
This Notice applies to Protected Health Information (PHI) we receive through clinical intake. For non-clinical personal data, see our Privacy Policy.
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
TelePeptide Health is required by the Health Insurance Portability and Accountability Act (HIPAA) to maintain the privacy of your Protected Health Information (PHI), to provide you with notice of our legal duties and privacy practices, and to abide by the terms of the notice currently in effect.
1. What Is Protected Health Information (PHI)?
PHI is information about you, including demographic information, that may identify you and that relates to: (a) your past, present, or future physical or mental health or condition; (b) the provision of health care to you; or (c) the past, present, or future payment for the provision of health care to you. PHI submitted through TelePeptide Health includes your intake form responses, medical history, health goals, BMI data, current medications, and any communications with our clinical partners.
2. How We May Use and Disclose Your PHI
We may use and disclose your PHI for the following purposes without requiring your separate authorization: (a) Treatment — to coordinate your care with licensed Florida physicians, compounding pharmacies, and laboratory partners; (b) Payment — to process your subscription payments and maintain billing records through our payment processor, Stripe; (c) Healthcare Operations — for quality assurance, compliance reviews, provider credentialing, and business operations necessary to run our platform; (d) As Required by Law — when required by federal, state, or local law, including law enforcement requests, subpoenas, court orders, or public health reporting obligations; (e) Business Associates — we share PHI with third-party service providers (Business Associates) under HIPAA-compliant Business Associate Agreements, including: our cloud database provider (Supabase) and email delivery provider (Resend) where they process PHI on our behalf; and a contracted telehealth infrastructure partner that provides the licensed physician network and clinical workflow infrastructure through which provider matching and clinical review occur — this partner receives only the minimum necessary PHI to facilitate those functions.
3. Uses and Disclosures Requiring Your Authorization
We will not use or disclose your PHI for the following purposes without your written authorization: (a) marketing communications that involve your PHI; (b) sale of your PHI; (c) most uses of psychotherapy notes (if applicable); or (d) any other purpose not described in this Notice. You may revoke any such authorization in writing at any time, except to the extent that we have already taken action in reliance on it.
4. Your Rights Regarding Your PHI
You have the following rights regarding your PHI held by TelePeptide Health: (a) Right to Inspect and Copy — you may request access to your PHI. We will respond within 30 days. We may charge a reasonable cost-based fee for copies. (b) Right to Amend — you may request that we amend PHI you believe is incorrect or incomplete. We may deny the request in certain circumstances. (c) Right to an Accounting of Disclosures — you may request a list of certain disclosures of your PHI made in the six years prior to your request, excluding disclosures for treatment, payment, and operations. (d) Right to Request Restrictions — you may request restrictions on certain uses and disclosures of your PHI. We are not required to agree, except where the restriction is for a disclosure to a health plan and you paid out-of-pocket in full. (e) Right to Request Confidential Communications — you may request that we communicate with you about your health information in a specific way or at a specific location. (f) Right to a Paper Copy of This Notice — you may request a paper copy at any time even if you previously agreed to receive it electronically. (g) Right to File a Complaint — if you believe your privacy rights have been violated, you may file a complaint with TelePeptide Health or with the U.S. Department of Health and Human Services Office for Civil Rights. We will not retaliate against you for filing a complaint.
4a. Third-Party Infrastructure Processors — BAA Notice
TelePeptide Health relies on third-party cloud infrastructure to store and transmit Protected Health Information. Two providers in particular process PHI as part of normal platform operations and require HIPAA-compliant Business Associate Agreements (BAAs): (a) Supabase — our cloud database and backend infrastructure provider stores all patient intake data, including PHI such as names, health history, and program information. Supabase is a third-party data processor headquartered outside of HIPAA's covered entity definition. HIPAA requires that a signed BAA be in place between TelePeptide and Supabase before any PHI is stored. TelePeptide Health is actively pursuing or has executed this BAA; patients should be aware that until a BAA is confirmed in writing, Supabase's processing of PHI carries regulatory risk. (b) Resend — our transactional and marketing email delivery provider transmits emails that may contain PHI, including patient names, confirmation details, and program information. Resend is a third-party email service provider. HIPAA requires a signed BAA before any PHI is transmitted through Resend's infrastructure. TelePeptide Health is actively pursuing or has executed this BAA; patients should be aware that email transmissions through Resend carry regulatory risk until BAA execution is confirmed. By submitting your information through TelePeptide Health, you acknowledge and consent to the processing of your data by these infrastructure providers as described above, subject to the BAA status disclosed here. If you do not consent, do not submit information through this platform. You have the right to request confirmation of BAA execution status by emailing privacy@telepeptide.org.
5. Our Duties
TelePeptide Health is required by law to: (a) maintain the privacy and security of your PHI; (b) provide you with this Notice of Privacy Practices; (c) follow the terms of this Notice; and (d) notify you in the event of a breach of your unsecured PHI as required by the HIPAA Breach Notification Rule. We reserve the right to change our privacy practices and to make the new practices effective for all PHI we maintain. If we make a material change, we will post the revised Notice on our website and notify you by email.
6. Security Safeguards
We implement administrative, physical, and technical safeguards to protect your PHI from unauthorized access, use, or disclosure, including: TLS encryption in transit; encryption at rest for databases containing PHI; role-based access controls; audit logging; HMAC-signed authentication tokens; and contractual data security requirements for all Business Associates.
7. How to Exercise Your Rights or File a Complaint
To exercise any of your rights under this Notice or to file a privacy complaint, contact our Privacy Officer at privacy@telepeptide.org. To file a complaint with the federal government: U.S. Department of Health and Human Services, Office for Civil Rights, 200 Independence Avenue SW, Washington, D.C. 20201 | hhs.gov/ocr | 1-800-368-1019.
8. Effective Date
This Notice of Privacy Practices is effective as of April 3, 2026, and was last revised April 13, 2026.
TelePeptide Health · 2077 Center Ave, Apt 9J, Fort Lee, NJ 07024 · privacy@telepeptide.org