Privacy Policy
Last updated: March 27, 2026
PeptideSupplierMatch ("we," "us," or "our") operates the peptidesuppliermatch.com website. This Privacy Policy explains how we collect, use, share, and protect your information when you use our platform.
Information We Collect
We collect the following categories of information:
- Account Information: Email address, password (hashed), name when you create an account.
- Business Lead Data: Business name, business type, contact name, email, phone (optional), state, sourcing needs, and any additional message provided through our supplier-match intake form.
- Consumer Lead Data: Name, email, phone, location (state, city, zip code), peptide therapy interests, visit type preference (in-person, telehealth, or either), and any message provided through our provider matching form.
- Provider Profile Data: Practice name, address, services offered, telehealth availability, state licensure, and other professional information submitted by providers who claim their listings.
- Usage Data: Page views, session duration, general geographic location, device type, and browser information collected through Google Analytics (GA4).
- Email Subscription Data: Email address and subscription preferences for regulatory alerts and newsletters.
How We Use Your Information
- Supplier Matching: Business lead information is used to qualify leads and connect businesses with relevant supplier partners.
- Provider Matching: Consumer lead information, including therapy interests and location, is shared with matched providers to facilitate connections. By submitting a consumer lead form, you consent to this sharing.
- Platform Operations: To operate, maintain, and improve the platform, process transactions, and provide customer support.
- Communications: To send transactional emails (lead notifications, account updates) and, with your consent, marketing emails (regulatory alerts, newsletters).
- Analytics: Aggregated analytics data is used to improve content, understand user behavior, and optimize platform performance.
How We Share Your Information
We share your information only in the following circumstances:
- With Matched Providers (Consumer Leads): When you submit a provider matching form, your name, contact information, location, and therapy interests are shared with providers matched to your request. Only assigned providers can access your information.
- With Supplier Partners (Business Leads): Business lead information may be shared with relevant supplier partners to facilitate sourcing connections.
- Service Providers: We use third-party services to operate our platform (see "Third-Party Services" below). These providers process data on our behalf under contractual obligations.
- Legal Requirements: We may disclose information if required by law, subpoena, court order, or government regulation.
We do not sell your personal information to third parties for their independent marketing purposes.
Data Storage & Security
Lead and account data is stored securely in Supabase (PostgreSQL) with the following safeguards:
- Encryption in transit (TLS/HTTPS) and at rest
- Row-level security (RLS) policies restricting data access to authorized users
- Secure password hashing
- Regular security updates and monitoring
No method of transmission or storage is 100% secure. We implement commercially reasonable safeguards but cannot guarantee absolute security. You are responsible for keeping your account credentials confidential.
Data Retention
We retain your information for the following periods:
| Data Type | Retention Period |
|---|---|
| Consumer Leads | 6 months after submission, then deleted |
| Business Leads | 12 months after submission, then deleted |
| User Accounts | Until account deletion is requested |
| Provider Profiles | Until provider requests removal |
| Email Subscriptions | Until unsubscribed, plus 30 days |
| Analytics Data (GA4) | 14 months (managed by Google) |
You may request earlier deletion at any time (see "Your Rights" below).
Third-Party Services
We use the following third-party services, each governed by their own privacy policies:
- Supabase — Database hosting and authentication
- Vercel — Website hosting and deployment
- Google Analytics (GA4) — Website analytics and usage tracking
- Google Tag Manager — Tag management
- Stripe — Payment processing for provider subscriptions
- Resend — Transactional and marketing email delivery
Cookies & Tracking
We use cookies and similar technologies for analytics and platform functionality. See our Cookie Policy for details on what cookies we use and how to manage your preferences.
Your Rights
Depending on your location, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your personal data. We will process deletion requests within 30 days.
- Portability: Request your data in a portable format.
- Opt-Out of Communications: Unsubscribe from marketing emails at any time using the link in each email or by visiting our unsubscribe page.
To exercise any of these rights, email us at hello@peptidesuppliermatch.com with "Privacy Request" in the subject line. We will respond within 30 days.
California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
Categories of Personal Information Collected:
- Identifiers (name, email, phone number)
- Commercial information (business type, sourcing needs)
- Health-related information (peptide therapy interests)
- Internet activity (page views, session data via Google Analytics)
- Geolocation (state, city, zip code)
Your California Rights:
- Right to Know: Request disclosure of what personal information we have collected, used, and shared in the past 12 months.
- Right to Delete: Request deletion of your personal information (subject to certain exceptions).
- Right to Opt-Out of Sale: We do not sell personal information. However, sharing lead data with matched providers may be considered "sharing" under CPRA. You may opt out — see Do Not Sell or Share My Personal Information.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
To exercise these rights, email hello@peptidesuppliermatch.com with "CCPA Request" in the subject line. We will verify your identity and respond within 45 days.
Do Not Sell or Share My Personal Information
PeptideSupplierMatch does not sell personal information to third parties for monetary consideration. When you submit a consumer lead form, your information is shared with matched providers solely to facilitate the connection you requested. If you wish to opt out of this sharing, email hello@peptidesuppliermatch.com with "Do Not Share" in the subject line, and we will not route your information to providers.
EEA/UK Residents (GDPR)
If you are a resident of the European Economic Area (EEA), United Kingdom, or Switzerland:
- Legal Basis: We process your data based on: (a) your consent (email subscriptions, cookie consent), (b) contractual necessity (account creation, lead matching), and (c) legitimate interest (platform improvement, analytics).
- Data Controller: PeptideSupplierMatch is the data controller for your personal data.
- Data Transfers: Your data is processed in the United States. We rely on Standard Contractual Clauses and processor agreements with our service providers (Supabase, Vercel) to ensure appropriate safeguards.
- Additional Rights: You have the right to lodge a complaint with your local data protection authority. You also have rights to restriction of processing, data portability, and objection to processing.
Health Information Notice
PeptideSupplierMatch collects information about your peptide therapy interests to match you with relevant providers. This information is health-related but is not treated as Protected Health Information (PHI) under HIPAA, as PeptideSupplierMatch is not a covered entity or business associate under HIPAA. We are an informational matching platform, not a healthcare provider. We apply commercially reasonable security measures to protect all health-related information we collect.
Breach Notification
In the event of a data breach affecting your personal information:
- We will notify affected individuals by email within 30 days of discovering the breach.
- Notification will include a description of the breach, the data affected, and steps we are taking to address it.
- We will notify relevant regulatory authorities as required by applicable law.
Children's Privacy
PeptideSupplierMatch is not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If we learn we have collected data from someone under 18, we will delete it promptly.
Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the platform after changes constitutes acceptance of the revised policy.
Contact
For privacy-related questions or to exercise your rights, contact us at:
Email: hello@peptidesuppliermatch.com
Subject Line: "Privacy Request"