Legal

Privacy Policy

The Peptide Association is committed to protecting your privacy and handling your personal information with transparency and care.

Effective Date: January 1, 2026  ·  Organization: The Peptide Association  ·  Website: peptideassociation.org

Overview

This Privacy Policy describes how The Peptide Association ("we," "us," or "our") collects, uses, and shares information about you when you visit or use our website and services at peptideassociation.org. By using our services, you agree to the collection and use of information in accordance with this policy. This policy applies to all visitors, members, healthcare providers, partners, and any other users of our platform.

1. Information We Collect

Personal Information You Provide

We collect information that you voluntarily provide when you create an account, register for membership, complete forms, or communicate with us. This may include:

  • Full name, email address, phone number, and mailing address
  • Professional credentials, license numbers, and specialty information (for healthcare providers and partners)
  • Billing information such as credit card or bank account details (processed securely through Stripe — we do not store full card numbers)
  • Practice or organization name, website, and business contact information
  • Account credentials (username and password, managed through Clerk)
  • Any other information you choose to provide in messages, forms, or profile fields

Automatically Collected Usage Data

When you visit our website, we automatically collect certain technical and usage information, including:

  • IP address, browser type and version, operating system, and device type
  • Pages visited, links clicked, time spent on pages, and referring URLs
  • Session information, including login timestamps and navigation paths
  • Performance data and error logs used for debugging and improving our services

This data is collected through server logs, analytics tools, and cookies (see our Cookie Policy below).

Information from Third Parties

We may receive information about you from third-party services you connect to our platform, such as authentication providers (Clerk), payment processors (Stripe), or professional verification services. We may also collect publicly available professional information for the purposes of verifying credentials or populating our provider directory.

2. How We Use Information

We use the information we collect for the following purposes:

Providing Our Services

Creating and managing your account, processing membership applications and payments, and enabling access to member resources.

Communication

Sending transactional emails (account confirmations, receipts, password resets), responding to inquiries, and providing customer support.

Platform Improvement

Analyzing usage patterns to improve website functionality, content, and user experience across our platform.

Compliance & Safety

Verifying provider credentials, maintaining the integrity of our network, and complying with applicable legal obligations.

Provider Directory

Displaying verified provider profiles in our public directory when providers opt in to that feature.

Marketing (With Consent)

Sending newsletters, educational content, and promotional communications where you have opted in or as permitted by applicable law.

We do not sell your personal information. We do not use your personal data to make fully automated decisions that produce legal or similarly significant effects without human oversight.

3. Information Sharing & Disclosure

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We may share your information in the following limited circumstances:

Service Providers

We share information with trusted third-party vendors who assist us in operating our platform, including authentication providers (Clerk), database infrastructure (Supabase), hosting providers (Vercel), and payment processors (Stripe). These service providers are bound by contractual obligations to protect your information and may not use it for their own independent purposes beyond providing services to us.

Legal Requirements

We may disclose your information when required by law, subpoena, court order, or other legal process, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a governmental request.

Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information.

With Your Consent

We may share your information with third parties when you have given us explicit consent to do so. For example, if you opt into our provider directory, your professional profile information will be made publicly visible on our website.

4. Third-Party Services

Our platform relies on the following key third-party services. Each has its own privacy policy governing data it processes on our behalf:

Clerk

Authentication & Identity Management

Privacy Policy

We use Clerk to manage user registration, login, and account security (including multi-factor authentication). Clerk processes your authentication credentials and session data. Your password is never stored by us directly.

Supabase

Database & Backend Infrastructure

Privacy Policy

Supabase powers our backend database and API infrastructure. Member profile data, provider records, and application data are stored in Supabase's hosted PostgreSQL environment, which operates on AWS infrastructure with encryption at rest and in transit.

Vercel

Web Hosting & Deployment

Privacy Policy

Our website is hosted on Vercel's global edge network. Vercel processes request logs including IP addresses and user-agent data as part of normal hosting operations. Edge function execution and CDN delivery pass through Vercel's infrastructure.

Stripe

Payment Processing

Privacy Policy

All payment transactions are processed by Stripe. We do not store full credit card numbers, CVV codes, or full bank account numbers on our servers. Stripe is PCI DSS compliant and handles all sensitive financial data directly. We retain only a transaction reference ID and billing metadata.

5. HIPAA Considerations

Important Notice Regarding Healthcare Information

The Peptide Association is primarily an educational, infrastructure, and professional membership organization. We are not a covered entity under HIPAA in most of our operational contexts. We do not provide clinical care, diagnose conditions, or serve as a healthcare clearinghouse.

However, because our platform serves licensed healthcare providers and may involve discussions, certifications, or tools related to clinical practice, we take the following measures with respect to sensitive health-related information:

No Patient Health Records

We do not collect, store, or process patient Protected Health Information (PHI) as defined by HIPAA. Our platform is designed for use by providers and professionals — not for patient-facing clinical record management. If you are a healthcare provider using our tools in a clinical context, you remain solely responsible for compliance with HIPAA and applicable state privacy laws with respect to your patient data.

Provider Professional Data

Information collected about healthcare providers — including license numbers, credentials, specialties, and practice information — is treated as professional business information and is handled with appropriate security controls. This information is not PHI and is not subject to HIPAA, but we treat it with the same degree of care.

Business Associates

To the extent that any of our services are used in a manner that involves PHI, we are willing to enter into a Business Associate Agreement (BAA) with covered entities that require one. Please contact us at hello@peptideassociation.org to discuss BAA requirements.

State Privacy Laws

Some states have enacted health data privacy laws that may apply beyond HIPAA's scope, including laws in Washington, Nevada, Connecticut, and others. We are committed to complying with applicable state health data privacy requirements. If you believe a specific state law applies to your interaction with our platform, please contact us.

6. Data Security

We implement commercially reasonable technical, administrative, and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

  • Encryption of data in transit using TLS/HTTPS across all platform endpoints
  • Encryption of data at rest within our database infrastructure (Supabase / AWS)
  • Role-based access controls limiting employee and contractor access to personal data on a need-to-know basis
  • Secure authentication flows managed by Clerk, including support for multi-factor authentication
  • Payment card data handled exclusively by Stripe under PCI DSS Level 1 compliance — never stored on our own servers
  • Regular review of our security practices and third-party service provider security postures

Despite our efforts, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately at hello@peptideassociation.org.

In the event of a data breach that affects your personal information, we will notify you as required by applicable law, including applicable state breach notification statutes.

7. Cookie Policy

We use cookies and similar tracking technologies to improve your experience on our website. Cookies are small text files stored on your device that help us recognize you and remember your preferences.

Essential Cookies

Required for the website to function properly. These include session authentication cookies (managed by Clerk) and security cookies. You cannot opt out of essential cookies without disabling core site features.

Functional Cookies

Remember your preferences and settings, such as saved filters or display options. These enhance your experience but are not strictly necessary.

Analytics Cookies

Help us understand how visitors use our site — which pages are visited most, how users navigate the platform, and where improvements can be made. We may use privacy-preserving analytics tools for this purpose.

Third-Party Cookies

Some third-party services (such as Stripe's payment forms or Clerk's authentication widgets) may set their own cookies. These are governed by each provider's respective cookie and privacy policies.

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. Please note that disabling certain cookies may affect the functionality of our website.

8. Your Rights

Depending on your location and applicable law, you may have the following rights with respect to your personal information:

1

Right to Access

You may request a copy of the personal information we hold about you.

2

Right to Correction

You may request that we correct inaccurate or incomplete information about you. Many fields can be updated directly from your account settings.

3

Right to Deletion

You may request that we delete your personal information. Some information may be retained as required by law or for legitimate business purposes (e.g., billing records). Deleting your account will remove your profile and membership data.

4

Right to Portability

You may request a machine-readable copy of your personal data so that you can transfer it to another service.

5

Right to Object or Restrict Processing

In certain circumstances, you may object to or request that we limit the processing of your personal information.

6

Right to Withdraw Consent

Where processing is based on your consent, you may withdraw it at any time. This will not affect the lawfulness of processing before the withdrawal.

7

California Privacy Rights (CCPA/CPRA)

California residents have additional rights including the right to know about categories of personal information collected and the right to non-discrimination for exercising privacy rights. We do not sell personal information as defined under the CCPA.

To exercise any of these rights, please contact us. We will respond to verifiable requests within 30 days, or as required by applicable law.

9. Children's Privacy

Our services are not directed to children under the age of 18, and we do not knowingly collect personal information from minors. Our platform is intended exclusively for licensed healthcare professionals, healthcare organizations, and adults with a professional or educational interest in peptide therapy.

If we become aware that we have inadvertently collected personal information from a child under 18 without parental consent, we will take steps to delete such information promptly. If you believe we may have any information from or about a child under 18, please contact us at hello@peptideassociation.org.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other business reasons. When we make material changes to this policy, we will:

  • Update the "Effective Date" at the top of this page
  • Post the revised policy on this page with reasonable prominence
  • Send an email notification to registered users for material changes, where required by law or where we deem appropriate

Your continued use of our services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this page periodically to stay informed about how we protect your information.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please reach out:

Organization

The Peptide Association
peptideassociation.org

Go to Contact Page

Disclaimer

The Peptide Association provides educational and infrastructure services only. We do not prescribe, sell, or distribute peptides. All clinical decisions must be made by licensed healthcare providers. This privacy policy does not constitute legal advice.