Skip to main content

Privacy Policy

Effective April 14, 2026

This Privacy Policy explains how PepHookup, LLC, a Texas limited liability company (“PepHookup,” “we,” “us,” “our”), collects, uses, shares, and retains personal information about users of the PepHookup directory service at pephookup.com (the “Service”). It covers visitors, patients, and providers.

PepHookup is a directory. We are not a covered entity under HIPAA and PepHookup is not the place to share protected health information — use your provider’s secure channels for that.

1. Information we collect

Account information. When you create an account, we collect your name, email address, and password. Providers additionally provide a practice name, location, stated credentials, contact information, and the peptides they offer.

Waitlist submissions. Patient waitlist: email, zip code, and peptide interest. Provider waitlist: practice name, contact name, email, phone, location, practice type, and peptides offered.

Consultation requests. Contact information, peptide interest, and the free-form message you send to the selected provider.

Reviews. The rating and comment you submit, associated with your account.

Usage and device data. IP address, approximate geolocation derived from IP, browser type, pages visited, and referring URLs. We receive IP-based city and region from Vercel’s edge and use it only to seed the “near me” default on the providers page.

What we don’t collect. We don’t ask for, and don’t want, Social Security numbers, payment card numbers, insurance numbers, or clinical records. If you accidentally include them in a consultation request or review, we will remove them when we notice.

2. How we use your information

  • To provide and operate the Service.
  • To route consultation requests to the provider you selected.
  • To send account, security, and service-related email (for example, password reset, account confirmation, consult request receipts).
  • To send opt-in product updates, provider analytics summaries, and regulatory alerts — each with a one-click unsubscribe.
  • To detect, prevent, and respond to abuse, fraud, and security incidents.
  • To comply with legal obligations and enforce our Terms of Service.
  • To analyze aggregate usage patterns so we can improve the Service.

3. Legal basis for processing (GDPR)

PepHookup primarily serves users in the United States. If you access the Service from the European Economic Area, United Kingdom, or Switzerland, we process your personal information on the following legal bases:

  • Performance of a contract — to deliver the Service you requested (account creation, routing of consultation requests).
  • Legitimate interests — to operate, improve, and secure the Service (aggregate analytics, fraud prevention).
  • Consent — for marketing email and other optional communications. You can withdraw consent at any time via the unsubscribe link in the email.
  • Legal obligation — when we need to comply with law.

4. How we share your information

With providers. When you submit a consultation request, the selected provider receives your contact information and message.

With service providers we rely on. We share personal information with vendors who process data on our behalf under contract. Current processors:

  • Supabase, Inc. — database, authentication, and file storage.
  • Vercel, Inc. — application hosting and content delivery.
  • Vercel Web Analytics — privacy-first, cookieless traffic analytics (see Section 6).
  • Resend, Inc. — transactional and opt-in marketing email delivery.
  • Functional Software, Inc. (Sentry) — application error and performance monitoring.
  • Upstash, Inc. — rate limiting and ephemeral key-value storage.

For legal reasons. We may disclose information when we believe in good faith that it is necessary to comply with law, legal process, or a lawful government request; to enforce our Terms; or to protect the rights, property, or safety of PepHookup, our users, or the public.

Business transfers. If PepHookup, LLC is involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction. We will post a notice here and, where required, contact affected users directly.

We do not sell or “share” your personal information. We don’t sell personal information for money, and we don’t “share” it for cross-context behavioral advertising, as those terms are defined under the California Consumer Privacy Act and similar laws.

5. Your rights

Depending on where you live, you may have some or all of the following rights:

  • Access — request a copy of the personal information we hold about you.
  • Correction — ask us to fix inaccurate or incomplete information.
  • Deletion — ask us to delete your account and associated personal information, subject to exceptions for legal record-keeping and fraud prevention.
  • Portability — receive a structured, machine-readable copy of information you provided.
  • Restriction / objection — ask us to limit or stop certain processing.
  • Opt out of marketing email — use the unsubscribe link in any marketing email.
  • Opt out of sale or sharing (California) — we don’t sell or share personal information, but you may submit a confirming request.
  • Non-discrimination— we won’t deny you service or charge you differently for exercising any of these rights.

To exercise any right, email support@pephookup.com with the subject “Privacy Request.” We verify requests against the email address on your account. You may authorize an agent to submit a request on your behalf by providing written authorization.

EEA, UK, and Swiss users have the right to lodge a complaint with their local data protection authority.

6. Cookies and analytics

Essential cookies. We use first-party cookies that are strictly necessary to sign you in, keep you signed in, and remember your session. These can’t be turned off without breaking core functionality.

Analytics. We use Vercel Web Analytics, which is designed to be privacy-first and does not set tracking cookies or use cross-site identifiers. It collects aggregate page-view and performance data that we use to understand which pages people visit. No advertising identifiers are collected.

Ad and social cookies. We don’t use them.

You can manage or block cookies in your browser settings. Because we don’t rely on third-party advertising cookies, there’s no separate cookie consent banner to interact with.

7. Data retention

We keep personal information only as long as we need it for the purposes described in this Policy, unless a longer period is required or permitted by law. Typical periods:

  • Account data — while your account is active, plus up to twelve (12) months after account deletion for fraud prevention and legal record-keeping.
  • Waitlist entries — until the waitlist is closed or you unsubscribe, whichever comes first.
  • Consultation requests — up to twenty-four (24) months, so providers can reference recent requests and so we can respond to disputes. You can request earlier deletion at any time.
  • Reviews — approved reviews remain public for as long as the provider is listed, even after you delete your account, consistent with the Terms of Service. You may remove a review at any time before then.
  • Email logs — up to twelve (12) months for delivery diagnostics.
  • Analytics events — up to ninety (90) days in raw form; aggregate rollups may be retained longer.
  • Error monitoring data — up to ninety (90) days in Sentry.
  • Backups — encrypted database backups are retained for up to thirty (30) days before rotation.

8. International data transfers

PepHookup is operated from the United States and our processors may store or process personal information in the U.S. and other countries. Where we transfer personal information from the EEA, UK, or Switzerland to a country without an adequacy decision, we rely on appropriate safeguards — typically the European Commission’s Standard Contractual Clauses in the agreements we have with our processors.

9. Security

We use industry-standard safeguards to protect personal information: TLS in transit, encryption at rest with our database provider, role-based access controls, logging, and least-privilege service credentials. No system is perfectly secure; we will notify affected users and regulators if we become aware of a personal information breach that triggers a notification obligation.

10. Children’s privacy

PepHookup is not directed to and not intended for anyone under 18. We don’t knowingly collect personal information from children. If you believe a child has submitted information to us, contact support@pephookup.com and we will delete it.

11. Changes to this Policy

We may update this Policy as our practices evolve. Material changes will be posted here with a revised effective date. If the changes are significant, we will also notify registered users by email. Your continued use of the Service after changes take effect means you accept the updated Policy.

12. Contact us

PepHookup, LLC
13423 Blanco Rd, Unit #3307
San Antonio, TX 78216
Email: support@pephookup.com