How Peptiter handles your data.
Last updated: 27 April 2026 · HIPAA Compliant · BAA Available · US Data Residency
Peptiter is a clinician decision-support platform. This policy explains what we collect, why we collect it, who we share it with, and the rights you have over your data. Plain-English summary first; defined terms follow customary HIPAA / GDPR usage.
1. Who we are
Peptiter Inc. ("Peptiter", "we", "us") operates a clinical decision-support platform for licensed prescribers. We are not a covered entity; we act as a Business Associate to clinic and pharmacy customers under HIPAA. A Business Associate Agreement (BAA) is available on request.
2. What we collect
Account data (name, email, NPI, DEA where applicable), clinical inputs (CGM, blood ketone BHB, RR-interval streams, lab values, AI-administered questionnaire responses), prescriber decisions, audit logs, and standard product telemetry (pages viewed, errors). We do not sell data and do not use identified PHI to train models without an explicit, signed research agreement.
3. How we use it
To compute scores (OII, CIR), surface evidence-gated recommendations, maintain audit trails, fulfil our BAA obligations, secure the platform, and improve product quality. Aggregated, de-identified data may be used to validate model performance — never with re-identifiable fields.
4. Sharing & subprocessors
We share data only with vetted subprocessors (cloud hosting, error monitoring, transactional email) operating under a BAA where PHI is involved. We do not share patient or prescriber data with pharmaceutical manufacturers or pharmacies for marketing. AKS-clean economics apply: zero per-prescription fees, zero referral fees.
5. Data residency & retention
All PHI is stored within US regions on encrypted volumes (AES-256 at rest, TLS 1.2+ in transit). Clinical data is retained for the duration of the customer relationship plus the period required by applicable medical records law. Customers can request export or deletion at any time, subject to legal hold.
6. Your rights
Depending on jurisdiction (HIPAA, CCPA/CPRA, GDPR where applicable), you may request access, correction, portability, or deletion of your personal data. Patients should route requests through their treating clinician; clinicians and direct account holders can email privacy@peptiter.com.
7. Security
Role-based access control, MFA for prescriber accounts, immutable audit logs, signed webhook payloads, and quarterly access reviews. Suspected security issues: security@peptiter.com.
8. Children
Peptiter is a clinician-facing tool. We do not knowingly collect data directly from individuals under 13. Paediatric clinical data entered by a treating clinician is handled under the same HIPAA controls as adult data.
9. Changes
We will post material changes to this policy on this page and notify account administrators by email at least 14 days before they take effect.
Privacy questions, BAA requests, data subject requests: privacy@peptiter.com. Security disclosures: security@peptiter.com.