Legal

Privacy Policy

Effective Date: April 29, 2026  ·  Last Updated: April 29, 2026  ·  privacy@mypeptide.app

Important: MyPeptide is a general wellness application. It is not a HIPAA covered entity, does not provide medical advice, and does not create a physician-patient relationship. Health data you enter is stored to power the app's features for your personal use only and is never sold to third parties.

Contents

  1. Introduction
  2. Regulatory Framework
  3. Information We Collect
  4. How We Use Your Information
  5. AI-Generated Wellness Suggestions
  6. How We Share Your Information
  7. Data Security
  8. Data Retention
  9. Your Rights and Choices
  10. Apple HealthKit Data
  11. State-Specific Rights
  12. Children's Privacy
  13. Changes to This Policy
  14. Contact Us

1. Introduction

MyPeptide, Inc. ("MyPeptide," "we," "us," or "our") operates the MyPeptide mobile application available at mypeptide.app. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our App.

By downloading or using the App, you agree to this Privacy Policy. Questions? Contact us at privacy@mypeptide.app.

2. Regulatory Framework

HIPAA Status

MyPeptide is not a "covered entity" or "business associate" under HIPAA. The App is a direct-to-consumer wellness tool and health data you voluntarily enter is not "Protected Health Information" (PHI) as defined under HIPAA. We voluntarily apply HIPAA-equivalent security standards including AES-256 encryption at rest and TLS in transit.

FDA Status

MyPeptide is a general wellness app under the FDA's January 2026 guidance on low-risk wellness devices. The App does not diagnose, treat, cure, or prevent any disease or medical condition and is not a Software as a Medical Device (SaMD).

FTC Compliance

We comply with the FTC Health Breach Notification Rule (16 CFR Part 318) and will notify you within 72 hours of any confirmed breach involving your health information.

Apple HealthKit

Our use of Apple HealthKit data complies with Apple's HealthKit guidelines. HealthKit data is never used for advertising, sold to third parties, or shared with data brokers.

3. Information We Collect

Information you provide directly

Information collected automatically

Information from third-party integrations

If you connect Apple Health, Whoop, Garmin, or Oura, we receive only the data types you explicitly authorize. You can revoke permissions at any time in your device Settings.

What we do NOT collect

4. How We Use Your Information

We use your information to: analyze your bloodwork and generate personalized wellness suggestions; create and display your customized peptide stack; track protocol adherence and dose history; sync data from connected wearables; send dose reminders you configure; provide customer support; and improve the App using aggregated, de-identified data.

We do not: sell your personal or health data; use your health data for advertising; use Apple HealthKit data for advertising; or share your individual data with employers, insurance companies, or government agencies except as required by law.

5. AI-Generated Wellness Suggestions

MyPeptide uses Anthropic's Claude API to analyze your health data and generate personalized wellness suggestions. Your data is transmitted using TLS encryption and is used only to generate your response — it is not retained by Anthropic for training purposes under our data processing agreement.

AI-generated suggestions are for informational and educational purposes only. They do not constitute medical advice, diagnosis, or treatment recommendations. No physician-patient relationship is created through use of the App. Always consult a licensed healthcare provider before starting any new wellness protocol.

6. How We Share Your Information

We do not sell your personal information. We share data only with: trusted service providers under confidentiality agreements (cloud infrastructure, Anthropic for AI processing, analytics using anonymized data, customer support, email providers); Apple for subscription processing; and as required by law.

In the event of a business transfer, we will notify you at least 30 days before your data becomes subject to a different privacy policy.

7. Data Security

We implement the following safeguards: AES-256 encryption of all health data at rest; TLS 1.3 encryption for all data in transit; access controls limiting data access to personnel with a need to know; regular security testing; and SOC 2 Type II certified data center infrastructure.

No method of electronic storage is 100% secure. In the event of a breach we will notify you within 72 hours.

8. Data Retention

We retain your data for as long as your account is active. When you delete your account, we will delete or de-identify your personal and health data within 90 days. Subscription records are retained for 7 years for legal compliance.

9. Your Rights and Choices

10. Apple HealthKit Data

We commit that HealthKit data will not be used for advertising; will not be sold to advertising platforms, data brokers, or information resellers; will not be used to calculate insurance eligibility; will not be used by employers for employment decisions; and will only be shared with third parties with your express permission or as needed to provide the App's wellness features.

11. State-Specific Rights

California (CCPA/CPRA)

California residents may request access to, deletion of, and correction of their personal information. MyPeptide does not sell or share personal information for cross-context behavioral advertising. To exercise your rights, contact privacy@mypeptide.app. We will respond within 45 days.

Washington (My Health My Data Act)

We comply with WMHMDA. We do not sell consumer health data. Washington residents may request deletion of consumer health data by contacting privacy@mypeptide.app.

Other states

Residents of Virginia, Colorado, Connecticut, Texas, Oregon, Montana, and other states with comprehensive privacy laws may contact us at privacy@mypeptide.app to exercise applicable rights.

12. Children's Privacy

MyPeptide is intended for users 18 and older. We do not knowingly collect data from children under 18. If you believe we have collected data from a minor, contact us immediately at privacy@mypeptide.app.

13. Changes to This Policy

We will notify you of material changes by email and in-app notice at least 30 days before the effective date. Continued use after the effective date constitutes acceptance.

14. Contact Us

MyPeptide, Inc.
Privacy Officer
privacy@mypeptide.app
mypeptide.app