PPepcheck

Privacy Policy

This Privacy Policy explains how Pepcheck collects, uses, discloses, and safeguards information when you visit our website and use our services, and describes the choices and rights you have.

Effective:
June 12, 2026
Last updated:
June 12, 2026

1. Overview

Pepcheck (“Pepcheck,” “we,” “us,” or “our”) operates an independent information service that helps people compare publicly available pricing, concentrations, and provider availability for compounded GLP-1 medications. We are not a pharmacy, medical provider, or insurer, and we do not prescribe, sell, or dispense medication.

We take your privacy seriously and aim to collect as little personal information as possible. By using our website (the “Site”) or services (together, the “Services”), you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Services.

2. Who we are

The data controller responsible for your information is Pepcheck. You can reach us about privacy matters at privacy@pepcheck.co.

3. Information we collect

Information you provide to us

  • Waitlist sign-ups. When you join our waitlist, we collect the email address you submit so we can notify you about launch and updates.
  • Reviews and feedback. If you submit a provider review or other feedback, we collect the content you choose to share (such as a rating and written comments). Please do not include sensitive personal or health information in reviews.
  • Communications. If you email us or otherwise contact us, we collect the information in your message and our reply.

Information we collect automatically

  • Usage and analytics data. We collect aggregated, privacy-friendly metrics about how the Site is used, such as pages viewed, referring pages, and general performance (load times and Core Web Vitals).
  • Device and connection data. Our hosting and analytics providers process technical data such as browser type, device type, operating system, language, and a coarse, country/region-level location inferred from your IP address.
  • Outbound click data. When you click a link to a third-party provider, we record that the click occurred (for example, which provider listing was clicked and when) so we can understand which comparisons are useful. We do not control what the provider collects after you leave our Site.
  • Anti-abuse identifiers. To deter spam and duplicate review submissions, we store a one-way, salted hash derived from technical signals (such as an IP address) rather than the raw value itself. The hash is used for integrity and abuse prevention.

Sensitive and health information

We do not ask for, and you should not submit, information about your health conditions, prescriptions, diagnoses, or treatment. The Services provide general information only and are not a place to share protected health information.

4. How we use information

We use the information described above to:

  • provide, operate, maintain, and improve the Services;
  • send you waitlist and launch communications you have requested, and respond to your inquiries;
  • display and moderate user-submitted reviews and prevent spam, fraud, and abuse;
  • understand how the Services are used so we can improve content, performance, and usability;
  • maintain the security and integrity of the Services and our systems; and
  • comply with legal obligations and enforce our Terms of Service.

We do not use your information to make decisions that produce legal or similarly significant effects about you, and we do not sell your personal information (see Section 6).

5. Cookies & analytics

We use privacy-conscious, cookieless analytics that do not track you across other websites and do not build advertising profiles. We do not use third-party advertising or cross-site tracking cookies.

We may use strictly necessary, first-party storage required for the Site to function (for example, to remember basic preferences or for security). Where required by law, we will request your consent before using any non-essential cookies. You can control cookies through your browser settings; disabling some storage may affect Site functionality.

6. How we share information

We do not sell your personal information, and we do not “share” it for cross-context behavioral advertising as those terms are defined under U.S. state privacy laws. We disclose information only in the following circumstances:

  • Service providers. We use vetted vendors to operate the Services on our behalf — for example, cloud hosting and content delivery, database hosting, analytics, and email delivery. These providers process information only as needed to perform services for us and under contractual confidentiality and security obligations.
  • Legal and safety. We may disclose information if required by law, subpoena, or other legal process, or if we reasonably believe disclosure is necessary to protect the rights, property, or safety of Pepcheck, our users, or the public.
  • Business transfers. If we are involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to this Privacy Policy.
  • With your direction or consent. We may share information for other purposes you direct or to which you consent.

Aggregated or de-identified information that cannot reasonably identify you may be used and shared for any lawful purpose.

7. Affiliate links & advertising

Pepcheck may, now or in the future, participate in affiliate programs and earn a commission when you click certain links and sign up with a provider, at no additional cost to you. Where affiliate links are present, we disclose them clearly and conspicuously. Affiliate relationships never affect our rankings, which are ordered by verified all-in price. We do not display third-party behavioral advertising on the Site.

8. Data retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, including providing the Services, complying with our legal obligations, resolving disputes, and enforcing our agreements. Waitlist emails are retained until you unsubscribe or ask us to delete them; review content may be retained while it is published and for a reasonable period afterward; and aggregated analytics are retained in de-identified form. When information is no longer needed, we delete or de-identify it.

9. Data security

We use reasonable administrative, technical, and organizational measures designed to protect information against unauthorized access, loss, misuse, and alteration — including encryption in transit, access controls, and database-level row security. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping any credentials you use confidential.

10. Your privacy rights

Depending on where you live, you may have rights regarding your personal information. To exercise any right, contact us at privacy@pepcheck.co. We will respond within the time required by applicable law. We will not discriminate against you for exercising your rights. We may need to verify your identity before fulfilling certain requests.

11. U.S. state privacy rights

If you are a resident of California or another U.S. state with a comprehensive privacy law, you may have the right to:

  • Know / access the categories and specific pieces of personal information we have collected about you;
  • Delete personal information we have collected, subject to legal exceptions;
  • Correct inaccurate personal information;
  • Opt out of the sale or sharing of personal information for targeted advertising — though, as noted above, we do not sell or share personal information; and
  • Non-discrimination for exercising these rights.

You may use an authorized agent to submit a request on your behalf, subject to verification. If we deny your request, you may appeal by replying to our decision; if you have concerns about our response, you may contact your state attorney general.

12. EEA & UK rights

If you are in the European Economic Area, the United Kingdom, or Switzerland, you may have rights under the GDPR/UK GDPR, including the rights to access, rectify, erase, restrict, or object to processing, and to data portability. Where we rely on consent, you may withdraw it at any time. Our legal bases for processing are typically your consent (for example, waitlist emails), our legitimate interests (operating and securing the Services), and compliance with legal obligations. You also have the right to lodge a complaint with your local supervisory authority.

13. Do Not Track & Global Privacy Control

Some browsers offer a “Do Not Track” (DNT) signal. Because there is no common industry standard for DNT, our Site does not currently respond to DNT signals. Where required by law, we honor recognized opt-out preference signals such as the Global Privacy Control (GPC).

14. Health information & HIPAA

Pepcheck is not a covered entity or business associate under the U.S. Health Insurance Portability and Accountability Act (HIPAA), and the information we collect is not protected health information governed by HIPAA. We provide general, educational information about medication pricing and availability and do not provide medical care. Please do not send us health or treatment details.

15. Children’s privacy

The Services are intended for adults and are not directed to children. You must be at least 18 years old to use the Services. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, please contact us and we will take appropriate steps to delete it.

17. International users

Pepcheck is operated from the United States, and our Services are intended for users in the United States. If you access the Services from outside the United States, you understand that your information will be processed in the United States, where data-protection laws may differ from those in your country.

18. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice. Your continued use of the Services after changes take effect constitutes acceptance of the updated policy.

19. Contact us

If you have questions or requests about this Privacy Policy or your information, contact us at: