Privacy Policy

This Privacy Policy explains how What The Pep ([LEGAL ENTITY NAME], "we," "us," or "the Platform") collects, uses, stores, and shares information when you use whatthepep.com or related services. We are based in Florida, United States.

What we are not. What The Pep is an educational platform and a lead-introduction service that connects users with independently licensed healthcare providers. We are not a healthcare provider, we do not provide medical services, and we are not a HIPAA covered entity. Our use of your information is governed by this Privacy Policy and applicable state and federal consumer privacy laws — not HIPAA.

1. Information we collect

a) Information you provide

• Email address. When you complete the quiz, join the provider waitlist, or otherwise submit your email.
• Quiz answers.Your selected goals, U.S. state of residence, age range, sex, urgency, and preference signals. These are aggregated into a "lead profile" tied to your email.
• Waitlist intake. Budget range, insurance status, telehealth preference, and other intake answers you provide to be matched with a provider.
• Communications. Anything you send us by email or contact form.

b) Information stored only on your device

The dose log and protocol tracking inside the "Today's Dose" feature — peptides you're taking, doses, schedules, injection logs — are stored in your browser's local storage. They are not transmitted to our servers. We do not have access to this information, and we cannot recover it for you if you clear your browser data.

c) Automatically collected

• Usage analytics. Pages visited, referring URL, anonymized device and browser type, approximate location derived from IP, and engagement events. We use a privacy-respecting analytics provider; we do not use third-party ad-tracking pixels.
• Cookies and similar technology. Strictly necessary cookies for site function and analytics cookies as described above. We do not use cross-site advertising cookies.

2. How we use your information

• To respond to you and operate the Platform.
• To match you with a verified, licensed healthcare provider you can choose to engage.
• To send you transactional emails (waitlist confirmations, match notifications).
• To send you product or educational updates if you have opted in. You can opt out at any time using the unsubscribe link in any such email.
• To improve the Platform, debug, and prevent abuse.
• To comply with applicable law and respond to lawful requests.

We do not use your information to train third-party AI models, and we do not sell your personal information for cross-context behavioral advertising.

3. How we share your information

a) Verified providers (lead-introduction)

When you ask to be matched with a provider, we share your lead profile (email, state, age range, goal of interest, urgency, and any waitlist intake answers you provide) with one or more verified, independently licensed healthcare providers we determine to be a fit. We may receive a referral fee from a provider when you engage them. The provider you choose to engage will then operate under their own privacy practices, which we encourage you to review.

You will not be matched with a provider until a verified provider is available in your state and your match preferences. You can ask us at any time to remove your record from our matching queue.

b) Service providers

We share information with vendors that help us operate the Platform (hosting, email delivery, analytics, customer support). These vendors are bound by contract to use information only on our behalf and consistent with this Policy.

c) Legal and safety

We may disclose information when required by law, to comply with valid legal process, to protect the rights, property, or safety of users or the public, or in connection with a corporate transaction (e.g., merger, acquisition, financing). We will notify users of any change in ownership or control of personal information.

What we do not do. We do not sell your personal information to data brokers or marketers, and we do not share your information for cross-context behavioral advertising.

4. Data retention

We retain your lead profile for as long as your account is active or as needed to provide the matching service. If we have not matched you with a provider and you have not engaged with the Platform for [24] months, we will delete or anonymize your record. You can request deletion at any time (see Section 7).

5. Security

We use industry-standard administrative, technical, and physical safeguards (encryption in transit, encryption at rest where supported by our hosting provider, access controls, and logging) to protect your information. No system is perfectly secure, and we cannot guarantee absolute security. If we discover a breach affecting your personal information, we will notify you and applicable authorities as required by law.

6. Children

The Platform is intended for adults 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, contact us at privacy@whatthepep.com and we will delete it.

7. Your choices and rights

Subject to applicable law, you have the right to:

• Access the personal information we hold about you.
• Correct inaccurate personal information.
• Delete your personal information.
• Export a copy of your personal information.
• Opt out of marketing emails (use the unsubscribe link in any email).
• Withdraw consent we relied on to process information about you.

To exercise any of these rights, email privacy@whatthepep.com. We will verify your identity before fulfilling sensitive requests. We will not discriminate against you for exercising a privacy right.

8. State-specific rights

California (CCPA / CPRA)

California residents have the rights described in Section 7 above, plus the right to opt out of the "sale" or "sharing" of personal information (we do not sell or share for cross-context advertising), and the right to limit use of sensitive personal information. We do not knowingly collect or sell the personal information of minors under 16.

Washington (My Health My Data Act)

The information you provide on the Platform — particularly quiz answers about health goals, conditions, and preferences — may constitute "consumer health data" under the Washington My Health My Data Act for users in Washington. We only collect and process this data to provide the educational and matching services you request. We do not sell consumer health data. Washington residents may exercise the rights described in Section 7 by contacting privacy@whatthepep.com.

Other states

Residents of other U.S. states with comprehensive consumer privacy laws (including Colorado, Connecticut, Virginia, Oregon, Texas, Montana, and others) have rights substantially similar to those in Section 7.

EU / UK / EEA visitors

If you are visiting from outside the United States, your information will be transferred to and processed in the United States. By using the Platform, you consent to this transfer.

9. Third-party links

The Platform may link to third-party websites we do not control. Their privacy practices are governed by their own policies. We encourage you to review them.

10. Changes to this Policy

We may update this Policy. If we make material changes, we will notify users by email or by a prominent notice on the Platform before the changes take effect. The "Last updated" date at the top reflects the current version.

11. Contact us

Questions or requests: privacy@whatthepep.com

[LEGAL ENTITY NAME]
[BUSINESS ADDRESS]
Florida, United States