How LegitPep, our partner providers, and our partner pharmacy collect, use, and protect your information, including protected health information. Last updated 2026-05-09.
LegitPep operates this website. Patient-facing care is delivered by independent US-licensed providers, and medications are dispensed by an independent US-licensed compounding pharmacy. For privacy questions, contact privacy@legitpep.com.
Your protected health information (PHI) is handled under the federal Health Insurance Portability and Accountability Act (HIPAA) where applicable. PHI includes any information that identifies you and relates to your health, treatment, or payment for treatment. PHI is shared only with the people and entities required to deliver your care: your prescribing provider, the dispensing pharmacy, and any subcontractor bound by a Business Associate Agreement (such as a hosting provider, secure-messaging vendor, or shipping carrier acting under our instruction).
You have the right under HIPAA to: receive a copy of our Notice of Privacy Practices; access and obtain a copy of your PHI; request a correction; request restrictions on certain uses; and request an accounting of disclosures. To exercise these rights, email privacy@legitpep.com.
To process your consultation and provide treatment, fulfill prescriptions, ship medications, send treatment reminders and order updates, provide customer support, prevent fraud, and improve the platform. We do not sell your personal or health information to third parties.
We share data with: your prescribing provider (to evaluate and treat you), the dispensing pharmacy (to compound and ship your medication), our payment processor (to charge cards), our shipping carrier (to deliver orders), our email service provider (for transactional emails), and law enforcement when legally required. All vendors are bound by confidentiality and data-processing agreements; vendors handling PHI are bound by Business Associate Agreements.
Pharmacy and provider records are retained for the period required by state pharmacy and medical-board law (typically 5–10 years, varying by state). Account records are retained while your account is active and for a reasonable period after closure, subject to legal retention obligations.
You may request access to, correction of, restriction on, or deletion of your personal information (subject to legal retention requirements). You may also unsubscribe from marketing emails (transactional and treatment-related emails will continue while you have an active prescription). Email privacy@legitpep.com.
We use TLS for all transmissions, encryption at rest for PHI, hashed password storage, role-based access internally, regular security audits, and breach-notification procedures consistent with HIPAA. No system is perfectly secure; we encourage strong unique passwords and two-factor authentication on your account.
LegitPep is not directed at children. You must be at least 18 years old to use the site. We do not knowingly collect data from anyone under 18.
This policy may be updated periodically. The current version is always posted at this URL with the effective date above. Material changes affecting how PHI is handled will be communicated to active patients by email.
