Legal

Privacy Policy

Effective Date: April 17, 2026·PeptidesGPT·support@peptidesgpt.com
🔒
Your Privacy Is Our Commitment
We do not sell your personal information — ever. This policy explains exactly what we collect, why we collect it, who we share it with, and how you can control your data at any time.

This Privacy Policy describes how PeptidesGPT (“Company”, “we”, “our”, or “us”) collects, uses, and protects your information when you use https://peptidesgpt.com (the “Site”) and related services (the “Services”). By using the Services, you agree to the practices described in this Policy.

Section 01

Information We Collect

We may collect the following categories of information:

A — Personal Information
  • Name
  • Email address
  • Account credentials
  • Billing and payment information (processed via third-party providers)
B — Usage & Technical Data
  • IP address
  • Device type and browser information
  • Pages visited and interactions
  • Session and performance data
C — Health-Related Inputs (User-Provided)
  • Lifestyle data and daily habits
  • Goals and personal optimization preferences
  • General health-related information entered into the platform
Important — HIPAA Clarification
We do not collect or store medical records or Protected Health Information (PHI) as defined under HIPAA. See Section 09 for our full HIPAA positioning statement.
Section 02

How We Use Your Information

We use your information to:

  • Provide and operate the Services
  • Generate AI-powered insights and personalized protocol recommendations
  • Process payments and manage subscriptions
  • Improve platform performance and user experience
  • Communicate with you regarding your account, support requests, and updates
  • Ensure security and prevent fraud
Section 03

Legal Basis (GDPR Users)

For users in the European Economic Area (EEA), we process personal data based on the following legal grounds:

  • Contractual necessity — to provide the Services you have signed up for
  • Legitimate business interests — to operate, improve, and secure the platform
  • User consent — where explicitly required by applicable law
Section 04

Sharing of Information

We do not sell your personal information. We may share information only with trusted third-party service providers necessary to operate the platform:

Payments
Stripe

Processes all subscription payments, one-time purchases, and billing management. PeptidesGPT does not store your full payment card details — all payment data is handled directly by Stripe under their PCI-DSS compliance framework.

Infrastructure
Supabase

Provides our database infrastructure and user authentication system. Your account data, assessment history, protocol records, check-ins, and user profile are stored securely in Supabase. All data is encrypted at rest and in transit. Supabase operates under SOC 2 compliance standards.

Infrastructure
Hosting Providers

Our platform is hosted on infrastructure providers (including Vercel and Render) that deliver the site and backend services. These providers do not access or use your personal data independently.

Analytics
Analytics Providers

We may use analytics tools (such as Google Analytics) to understand how users interact with the platform. Analytics data is aggregated and does not identify you personally.

Third-Party Standards
All third-party service providers are required to maintain appropriate security safeguards and are contractually prohibited from using your data for their own purposes beyond the services they provide to us.
Section 05

Data Retention

We retain your data only as long as necessary to:

  • Provide the Services and maintain your account history
  • Comply with applicable legal obligations
  • Resolve disputes and enforce our agreements

You may request deletion of your data at any time. See Section 07 for how to exercise this right.

Section 06

Security

We implement commercially reasonable technical and organizational safeguards to protect your data, including:

  • Encryption of data in transit (TLS) and at rest
  • Row-level security controls in our database infrastructure
  • Authenticated access — your data is only accessible to you
  • Third-party providers operating under SOC 2 and PCI-DSS compliance frameworks
No System Is Fully Secure
While we take security seriously, no system is completely immune to breach. We cannot guarantee absolute security and encourage you to use a strong, unique password for your account.
Section 07

Your Rights

U.S. — CCPA / CPRA (California)
  • Request access to your personal data
  • Request correction of inaccurate data
  • Request deletion of your data
  • Opt out of data sale (we do not sell data)
EU / EEA — GDPR
  • Access your personal data
  • Request correction or deletion
  • Object to or restrict processing
  • Request data portability
How to Exercise Your Rights
To submit a data access, correction, or deletion request, contact us at support@peptidesgpt.com. We will respond within 30 days.
Section 08

Cookies & Tracking

We may use cookies and similar tracking technologies to:

  • Maintain your authenticated session
  • Analyze usage patterns and improve platform performance
  • Enhance your user experience

You may control or disable cookies through your browser settings. Note that disabling certain cookies may affect platform functionality, including your ability to stay signed in.

Section 09

HIPAA & Health Data Disclaimer

Not a Healthcare Provider
PeptidesGPT is not a healthcare provider and is not subject to HIPAA regulations.

We do not:

  • Store Protected Health Information (PHI) as defined under HIPAA
  • Provide medical services, diagnoses, or treatment
  • Act as a covered entity or business associate under HIPAA

Health-related inputs you provide (such as goals, lifestyle habits, and general preferences) are used solely to generate educational AI outputs and are not classified as or treated as medical records.

Section 10

Children's Privacy

The Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that a minor has provided us with personal data, we will take steps to delete it promptly.

If you believe a minor has created an account, please contact us at support@peptidesgpt.com.

Section 11

Changes to This Policy

We may update this Privacy Policy at any time. Updates will be posted on this page with a revised effective date. Continued use of the Services after any changes constitutes your acceptance of the updated Policy. We encourage you to review this page periodically.

Section 12

Contact

For privacy questions, data requests, or concerns about how we handle your information, contact our team. We aim to respond within 30 days.

Privacy Inquiries & Data Requests
Data access, correction, and deletion requests handled promptly.
support@peptidesgpt.com →