Privacy Policy

 

Introduction

DefyAgeRx (“Company” or “we” or “us” or “our”) is publishing this Privacy Policy for its users (“user” or “you”) that use our website located at www.DefyAgeRx.com, including other media forms, media channels, mobile website or mobile application related or connected thereto (collectively, the “Website”). Your access and use of the Website, any part thereof, or anything associated therewith, including its content (“Content“), any products or services provided through the Website or otherwise by DefyAgeRx, and any affiliated website, software or application owned or operated by DefyAgeRx (collectively, including the Website and the Content, the “Service“) are subject to this Privacy Policy unless specifically stated otherwise.

The following Company privacy policy (“Privacy Policy”) is designed to inform you, as a user of the Website, about the types of information that Company may gather about or collect from you in connection with your use of the Website. It also is intended to explain the conditions under which Company uses and discloses that information, and your rights in relation to that information. Changes to this Privacy Policy are discussed at the end of this document. Each time you use the Website, however, the current version of this Privacy Policy will apply. Accordingly, each time you use the Website you should review any changes since the last time you used the Website. Capitalized terms not otherwise defined in this Privacy Policy have the same meaning as set forth in the DefyAgeRx Terms of Use (“Terms of Use”).

If you are using the Service on behalf of an individual other than yourself, you represent that you are authorized by such individual to act on such individual’s behalf and that such individual acknowledges the practices and policies outlined in this Privacy Policy.

 

Notice to Users Outside the United States

The Website and all products and services offered through the Website, including prescription medications, compounded preparations, and peptide-based treatments, are intended solely for customers located within the United States. DefyAgeRx does not ship prescription medications, compounded drugs, or peptide compounds internationally. Any order placed with a shipping address outside the United States will be cancelled, and any associated payment will be refunded in accordance with DefyAgeRx’s applicable refund policy. Users who access the Website from outside the United States do so at their own risk and are solely responsible for compliance with all applicable local laws and regulations. DefyAgeRx makes no representation that the Website or its products and services are appropriate, lawful, or available in any jurisdiction outside the United States. For informational purposes only: the Website is hosted in the United States and is subject to U.S. state and federal law. If you are located outside the United States and nonetheless access the Website, please be aware that any information you submit may be transferred to and processed in the United States. Such access does not authorize you to purchase or receive any products or services offered through the Website, and DefyAgeRx reserves the right to refuse, cancel, or reverse any transaction that it determines originates from outside the United States.

BY USING OR ACCESSING THE WEBSITE, YOU ARE ACCEPTING THE PRACTICES DESCRIBED IN THIS PRIVACY POLICY.

 

GATHERING, USE AND DISCLOSURE OF NON-PERSONALLY-IDENTIFYING INFORMATION

Users of the Website Generally

“Non-Personally Identifying Information” is information that, without the aid of additional information, cannot be directly associated with a specific person. “Personally Identifying Information,” by contrast, is information such as a name or email address that, without more, can be directly associated with a specific person.

Like most website operators, Company gathers from users of the Website Non-Personally Identifying Information of the sort that Web browsers, depending on their settings, may make available. That information includes the user’s Internet Protocol (IP) address, operating system, browser type and the locations of the websites the user views right before arriving at, while navigating and immediately after leaving the Website. Although such information is not Personally Identifying Information, it may be possible for Company to determine from an IP address a user’s Internet service provider and the geographic location of the visitor’s point of connectivity as well as other statistical usage data. Company analyzes Non-Personally Identifying Information gathered from users of the Website to help Company better understand how the Website is being used. By identifying patterns and trends in usage, Company is able to better design the Website to improve users’ experiences, both in terms of content and ease of use.

From time to time, Company may also release the Non-Personally Identifying Information gathered from Website users in the aggregate, such as by publishing a report on trends in the usage of the Website.

 

Web Cookies

A “Web Cookie” is a string of information which assigns you a unique identification that a website stores on a user’s computer, and that the user’s browser provides to the website each time the user submits a query to the website. We use cookies on the Website to keep track of services you have used, to record registration information regarding your login name and password, to record your user preferences, to keep you logged into the Website and to facilitate purchase procedures. Company also uses Web Cookies to track the pages that users visit during each Website session, both to help Company improve users’ experiences and to help Company understand how the Website is being used. As with other Non-Personally Identifying Information gathered from users of the Website, Company analyzes and discloses in aggregated form information gathered using Web Cookies, so as to help Company, its partners and others better understand how the Website is being used. COMPANY USERS WHO DO NOT WISH TO HAVE WEB COOKIES PLACED ON THEIR COMPUTERS SHOULD SET THEIR BROWSERS TO REFUSE WEB COOKIES BEFORE ACCESSING THE WEBSITE, WITH THE UNDERSTANDING THAT CERTAIN FEATURES OF THE WEBSITE MAY NOT FUNCTION PROPERLY WITHOUT THE AID OF WEB COOKIES. WEBSITE USERS WHO REFUSE WEB COOKIES MAY LOSE FUNCTIONALITY OR USE OF CERTAIN FEATURES OF THE WEBSITE.

“Device fingerprinting” can track devices over time, based on your browser’s configurations and settings. Because each browser is unique, device fingerprinting can identify your device, without using cookies. Since device fingerprinting uses the characteristics of your browser configuration to track you, deleting cookies won’t help. Device fingerprinting technologies are evolving and can be used to track you on all kinds of internet-connected devices that have browsers, such as smartphones, tablets, laptop and desktop computers. For more information please see: https://www.consumer.ftc.gov/articles/0042-online-tracking

 

Flash Cookies

Flash cookies, which are cookies written using Adobe Flash, may be permanently stored on your device. Similar to standard cookies, Flash cookies can retain user settings and actions and may enable a website to recognize a particular browser or device. Flash cookies are not managed by the same browser settings that are used for regular cookies.

 

Web Beacons

A “Web Beacon” is an object that is embedded in a web page or email that is usually invisible to the user and allows website operators to check whether a user has viewed a particular web page or an email. Company may use Web Beacons on the Website and in emails to count users who have visited particular pages, viewed emails and to deliver co-branded services. Web Beacons are not used to access users’ Personally Identifying Information. They are a technique Company may use to compile aggregated statistics about Website usage. Web Beacons collect only a limited set of information, including a Web Cookie number, time and date of a page or email view and a description of the page or email on which the Web Beacon resides. You may not decline Web Beacons. However, they can be rendered ineffective by declining all Web Cookies or modifying your browser setting to notify you each time a Web Cookie is tendered, permitting you to accept or decline Web Cookies on an individual basis.

 

Analytics

We may use third-party vendors, including Google, who use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) together to inform, optimize and serve ads based on your past activity on the Website, including Google Analytics for Display Advertising. The information collected may be used to, among other things, analyze and track data, determine the popularity of certain content and better understand online activity. If you do not want any information to be collected and used by Google Analytics, you can install an opt-out in your web browser (https://tools.google.com/dlpage/gaoptout) and/or opt out from Google Analytics for Display Advertising or the Google Display Network by using Google’s Ads help (https://support.google.com/analytics/answer/181881?hl=en).

 

Scripts

Scripts are pieces of code embedded in a website to define how the website behaves in response to certain key or click requests sent by the user. Scripts are sometimes used to collect information about the user’s interactions with the website, such as the links the user clicks on. They are typically active only during a user’s connection to our Website and are either deactivated or removed once the user disconnects from the website.

 

Aggregated and Non-Personally Identifying Information

We may share aggregated and Non-Personally Identifying Information we collect under any of the above circumstances. We may also share it with third parties and our affiliate companies to develop and deliver targeted advertising on the Website and on websites of third parties. We may combine Non-Personally Identifying Information we collect with additional Non-Personally Identifying Information collected from other sources. We also may share aggregated information with third parties, including advisors, advertisers and investors, for the purpose of conducting general business analysis. For example, we may tell our advertisers the number of visitors to the Website and the most popular features or services accessed. This information does not contain any Personally Identifying Information and may be used to develop website content and services that we hope you and other users will find of interest and to target content and advertising.

In addition, Company may make use of de-identified information in accordance with applicable privacy law.

 

Mobile Device Additional Terms

• Mobile Device. If you use a mobile device to access the Website or download any of our applications, we may collect device information (such as your mobile device ID, model and manufacturer), operating system, version information and IP address.
• Geo-Location Information. Unless we have received your prior consent, we do not access or track any location-based information from your mobile device at any time while downloading or using our mobile application or our services, except that it may be possible for Company to determine from an IP address the geographic location of your point of connectivity, in which case we may gather and use such general location data.
• Push Notifications. We may send you push notifications if you choose to receive them, letting you know when someone has sent you a message or for other service-related matters. If you wish to opt-out from receiving these types of communications, you may turn them off in your device’s settings.
• Mobile Analytics. We use mobile analytics software to allow us to better understand the functionality of our mobile software on your phone. This software may record information, such as how often you use the application, the events that occur within the application, aggregated usage, performance data and where the application was downloaded from. We do not link the information we store within the analytics software to any Personally Identifying Information you submit within the mobile application.

 

SOCIAL MEDIA

We may provide you the option to connect your account on the Website to your account on some social networking sites for the purpose of logging in, uploading information or enabling certain features on the Website. When logging in using your social network credentials, we may collect the Personally Identifying Information you have made publicly available on the social networking site, such as your name, profile picture, cover photo, username, gender, friends network, age range, locale, friend list and any other information you have made public. Once connected, other users may also be able to see information about your social network, such as the size of your network and your friends, including common friends. By connecting your account on the Website to your account on any social networking site, you hereby consent to the continuous release of information about you to us. We will not send any of your account information to the connected social networking site without first disclosing that to you. Each social network may further allow you to set privacy controls around your information on their system, and our collection of information will always follow such controls and permissions. This feature is subject to continuous change and improvement by us and each social networking site involved, and therefore the available features and shared information are subject to change without notice to you.

We may use hyperlinks on the Website which will redirect you to a social network if you click on the respective link. However, when you click on a social plug-in, such as Facebook’s “Like” button, Twitter’s (X) “tweet” button or the Google+, that particular social network’s plugin will be activated and your browser will directly connect to that provider’s servers. If you do not use these buttons, none of your data will be sent to the respective social network’s plugin provider. So for example, when you click on the Facebook’s “Like” button on the Website, Facebook will receive your IP address, the browser version and screen resolution, and the operating system of the device you have used to access the Website. Settings regarding privacy protection can be found on the websites of these social networks and are not within our control.

 

COLLECTION, USE AND DISCLOSURE OF PERSONALLY-IDENTIFYING INFORMATION

Website Registration

As defined above, Personally Identifying Information is information that can be directly associated with a specific person. Company may collect a range of Personally Identifying Information from and about Website users. Much of the Personally Identifying Information collected by Company about users is information provided by users themselves when (1) registering for our service, (2) logging in with social network credentials, (3) participating in polls, contests, surveys or other features of our service, or responding to offers or advertisements, (4) communicating with us, (5) creating a public profile or (6) signing up to receive newsletters. That information may include each user’s name, address, email address and telephone number, and, if you transact business with us, financial information such as your payment method (valid credit card number, type, expiration date or other financial information), shipping information, and electronic signature. We also may request information about your interests and activities, your gender, age, date of birth, username, password, and other account registration details, hometown and other demographic or relevant information as determined by Company from time to time. Additional information you provide may include, but is not limited to, photographic or video images submitted for identification or non-diagnosis or treatment purposes, including photographs of your driver’s license or passport, information about third parties that you refer to us (e.g., name, email, and/or other contact information, relationship), any other information you provide when you contact or communicate with us. Users of the Website are under no obligation to provide Company with Personally Identifying Information of any kind, with the caveat that a user’s refusal to do so may prevent the user from using certain Website features.

BY REGISTERING WITH OR USING THE WEBSITE, YOU CONSENT TO THE USE AND DISCLOSURE OF YOUR PERSONALLY-IDENTIFYING INFORMATION AS DESCRIBED IN THIS “COLLECTION, USE AND DISCLOSURE OF PERSONALLY-IDENTIFYING INFORMATION” SECTION.

 

Online Postings

Certain Personally Identifying Information collected from users may be disclosed as a matter of course as a result of your use of the Website. We may provide areas on the Website where you can post reviews and other information relating to your activities on the Website. Such postings are governed by our Terms of Use. In addition, such postings may appear on other websites or when searches are executed on the subject of your posting. Also, whenever you voluntarily disclose personal information on publicly-viewable web pages, that information will be publicly available and can be collected and used by others. For example, if you post your email address, you may receive unsolicited messages. We cannot control who reads your posting or what other users may do with the information you voluntarily post, so we encourage you to exercise discretion and caution with respect to your personal information. USERS ASSUME ALL RESPONSIBILITY FOR ANY LOSS OF PRIVACY OR OTHER HARM RESULTING FROM THEIR VOLUNTARY DISCLOSURE OF PERSONALLY IDENTIFYING INFORMATION.

 

Medical Information

We collect certain medical information on behalf of the Providers, which may include, but is not limited to, the categories listed below. All medical information collected is used solely for the purpose of facilitating clinical evaluation, diagnosis, treatment, and prescription fulfillment by the applicable Providers and Pharmacies. Such information will not be used for marketing, product development, or shared with third parties for commercial purposes without your express prior written consent. We implement technical and administrative safeguards appropriate to the sensitivity of this information, including access controls limiting disclosure to personnel with a legitimate need to fulfill your care. Where such information constitutes Protected Information under applicable federal or state law, it will be handled in strict accordance with those legal requirements.

• Health and medical data you submit for diagnosis or treatment purposes, including information in any questionnaires or surveys you complete for these purposes
• Previous doctors or other healthcare providers you visited
• Date of visit
• Images or videos you share for diagnosis or treatment purposes
• Communications with Providers

We may also receive information about you from our partners. For example, as part of our identity verification process, our vendor may send us information they have independently collected, such as your name, age, and estimated location. Our marketing partners may also send us information about you, even if you have not visited or registered on our site.

DefyAgeRx does not collect or create biometric information about you. To use some of our services, however, we may be required to verify your identity. If you are asked to submit proof of identity (such as a driver’s license or passport), we may share that document and the selfie you provide with our identity verification partner, who may create biometric information about your face solely for the purpose of verifying that your selfie matches your proof of identity. Biometric information is not retained by or shared with DefyAgeRx and is deleted by our identity verification partner promptly upon completion of the identity verification process. DefyAgeRx may receive non-biometric information extracted from your photos, such as data fields from your driver’s license and a confidence score indicating whether there is a match between your two submitted photos. We use this information solely to help verify your identity. To the extent any biometric data is incidentally processed in connection with our identity verification services, DefyAgeRx and its identity verification partner will comply with all applicable state biometric privacy laws, including but not limited to the Illinois Biometric Information Privacy Act (740 ILCS 14/1 et seq.), the Texas Capture or Use of Biometric Identifier Act (Tex. Bus. & Com. Code 503.001), and the Washington Biometric Privacy Law (RCW 19.375). Users located in states with biometric privacy laws retain the right to request information about the collection and use of their biometric data and may submit such requests to customersupport@DefyAgeRx.comwith the subject line “Biometric Data Request.” For California residents, biometric-adjacent information processed in connection with identity verification constitutes sensitive personal information under the CPRA. California residents have the right to limit the use and disclosure of such information as described in the California Privacy Rights section of this Privacy Policy.

In addition to the information we collect directly from you, we may also collect certain information from the Providers who provide treatment or other services to you in connection with our service. This information may include, but is not limited to, diagnoses, treatment plans (including prescription details) and notes.

We may also receive information from third parties that pay for your care or provide you with treatment, laboratory care or prescription medication, which may include, for example, your prescription history and laboratory test results.

 

Company Communications

We may occasionally use your name and email address to send you notifications regarding new services offered by the Website that we think you may find valuable. We may also send you service-related announcements from time to time through the general operation of the service. Generally, you may opt out of such emails at the time of registration or through your account settings, though this may not opt you out of all emails, such as notices about your account, including service announcements and administrative messages.

 

General Use by Company

Company uses the Personally Identifying Information in the file we maintain about you, and other information we obtain from your current and past activities on the Website (1) to deliver the products and services that you have requested; (2) to manage your account and provide you with customer support; (3) to communicate with you by email, postal mail, telephone and/or mobile devices about products or services that may be of interest to you either from us, our affiliate companies or other third parties; (4) to develop and display content and advertising tailored to your interests on the Website and other sites; (5) to resolve disputes and troubleshoot problems; (6) to measure consumer interest in our services; (7) to inform you of updates; (8) to customize your experience; (9) to detect and protect us against error, fraud and other criminal activity; (10) to enforce our Terms of Use; and (11) to do as otherwise described to you at the time of collection. At times, we may look across multiple users to identify problems. In particular, we may examine your Personally Identifying Information to identify users using multiple user IDs or aliases. We may compare and review your Personally Identifying Information for accuracy and to detect errors and omissions. We may use financial information or payment method to process payment for any purchases made on the Website, enroll you in the discount, rebate, and other programs in which you elect to participate, to protect against or identify possible fraudulent transactions and otherwise as needed to manage our business.

 

Company Disclosures

Company will disclose Personally Identifying Information under the following circumstances:

• By Law or to Protect Rights. When we believe disclosure is appropriate, we may disclose Personally Identifying Information in connection with efforts to investigate, prevent or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of Company, our users, our employees or others; to comply with applicable law or cooperate with law enforcement; to enforce our Terms of Use or other agreements or policies, in response to a subpoena or similar investigative demand, a court order or a request for cooperation from a law enforcement or other government agency; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases, we may raise or waive any legal objection or right available to us.
• We will not share, rent, or sell your Personal Information to other companies or individuals unless we have your consent. No mobile information will be shared with third parties/affiliates for marketing/promotional purposes.
• Marketing Communications. Unless users opt-out from receiving Company marketing materials upon registration, Company may email users about products and services that Company believes may be of interest to them. If you wish to opt-out of receiving marketing materials from Company, you may do so by following the unsubscribe link in the email communications, by going to your account settings (if applicable) or contacting us using the contact information below.
• Third-Party Marketing Communications. Company will not share, sell, or otherwise provide users’ personal information, including email addresses, to unaffiliated third parties for direct marketing purposes without first obtaining the user’s express affirmative opt-in consent. Where such consent has been obtained, users may withdraw it at any time by contacting us using the information below or updating their account settings. Upon receipt of a withdrawal of consent, Company will cease sharing the user’s information with third parties for marketing purposes on a going-forward basis and will notify any third parties to whom the information was previously provided of the user’s opt-out request. Company will not condition access to its services on a user’s agreement to receive third-party marketing communications.
• Third-Party Service Providers. We may share your Personally Identifying Information, which may include your name and contact information (including email address) with our authorized service providers that perform certain services on our behalf. These services may include fulfilling orders, providing customer service and marketing assistance, performing business and sales analysis, supporting the Website’s functionality and supporting contests, sweepstakes, surveys and other features offered through the Website. We may also share your name, contact information and credit card information with our authorized service providers who process credit card payments. These service providers may have access to personal information needed to perform their functions but are not permitted to share or use such information for any other purpose.
• Business Transfers; Bankruptcy. Company may disclose all Personally Identifying Information in its possession to a successor organization in the event of a merger, acquisition, bankruptcy or other sale of all or a portion of Company’s assets. Other than to the extent ordered by a bankruptcy or other court, the use and disclosure of all transferred Personally Identifying Information will be subject to this Privacy Policy, or to a new privacy policy if you are given notice of that new privacy policy and are given an opportunity to affirmatively opt-out of it. Personally Identifying Information submitted or collected after a transfer, however, may be subject to a new privacy policy adopted by the successor organization.
• Medical Groups and Providers: For purposes of this Privacy Policy, “Medical Groups” means the professional medical corporations or group practices that contract with DefyAgeRx to facilitate the provision of clinical services through the Website, including through the licensed healthcare providers affiliated with such groups (“Providers”). Personally Identifying Information may be disclosed to the Medical Groups, Providers, and Pharmacies to enable them to provide services to you and to collect payment on their behalf.
• Employees, Contractors, and Consultants: Some Company employees and operations contractors may have limited access to your Personal Information in the course of providing services to you, including for the purpose of troubleshooting problems and/or resolving complaints. These contractors include vendors and suppliers that provide us with technology, services, and/or content for the operation and maintenance of the Website. Access to your Personal Information is limited to the information reasonably necessary for the employee or contractor to perform the function needed to resolve the issue or to provide or improve the service.For purposes of this Privacy Policy, “Brand Partners” means independent third parties who have entered into written promotional, co-marketing, or distribution arrangements with DefyAgeRx. Brand Partners are independent third parties and are not employees, contractors, or agents of DefyAgeRx. Brand Partners may receive limited user information solely to the extent necessary to facilitate promotional or distribution activities conducted in connection with their arrangement with DefyAgeRx. Brand Partners are not authorized to access your Personal Information for the purpose of troubleshooting, complaint resolution, or any purpose other than those expressly authorized in writing by DefyAgeRx. Any use of your information by a Brand Partner beyond the scope described herein is not authorized by DefyAgeRx, and DefyAgeRx is not responsible for such unauthorized use.

 

Children’s Personally Identifying Information

Our service is intended exclusively for use by individuals who are at least eighteen (18) years of age, or such older age as may be required by applicable state laws in the jurisdiction in which an individual utilizes the Service. Individuals under the age of eighteen (18) may not use or access the Website or any of its services at any time or in any manner. The features, programs, promotions and other aspects of our service requiring the submission of Personally Identifying Information are not intended for anyone under 18 years of age. We do not knowingly collect Personally Identifying Information from children under the age of 13. If we obtain actual knowledge that we have collected personal information through the Platform from a person under eighteen (18) years of age, we will use reasonable efforts to refrain from further using such personal information or maintaining it in retrievable form and will take steps to delete it promptly. DefyAgeRx implements age verification controls at registration and at the point of clinical intake to restrict access to all services to individuals who are eighteen (18) years of age or older. If you are a parent or guardian of a minor and believe he or she has disclosed Personally Identifying Information to us, please contact us at:

• By mail: DefyAgeRx, Attn: Privacy Officer 3761 Camino Cielo, Lincoln, CA 95648, with a subject line of “Removal of Minor Information. If you send by mail, please send by U.S. Certified Mail, Return Receipt Requested to allow for confirmation of mailing, delivery and tracking.
• By email: customersupport@DefyAgeRx.com, with a subject line of “Removal of Minor Information”

 

Protected Health Information

When you set up an account with DefyAgeRx, you are creating a direct customer relationship with DefyAgeRx that enables you to access and/or utilize the various functions of the Website as a user. As part of that relationship, you provide information to DefyAgeRx, including but not limited to your name, email address, shipping address and phone number, that we may collect, use and disclose in accordance with our Privacy Policy, and that we do not consider to be “health” or “medical” information.

However, in using certain components of the Website, you may also provide certain medical information that may be protected under applicable laws. DefyAgeRx is not a “covered entity” under the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, and its related regulations and amendments from time to time (collectively, “HIPAA”). One or more of the Pharmacies or Providers may be a “covered entity” under HIPAA, and where DefyAgeRx provides services to such a covered entity, DefyAgeRx may function as a “business associate” as defined under HIPAA. In its capacity as a business associate, DefyAgeRx is subject to applicable HIPAA provisions governing the use and disclosure of “protected health information” (“PHI”) as defined under HIPAA and will comply with those obligations accordingly. DefyAgeRx has entered into, or will enter into, Business Associate Agreements with applicable covered entities as required by HIPAA. In addition, any medical or health information you provide that is subject to specific protections under applicable state laws (collectively, with PHI, “Protected Information”) will be used and disclosed only in accordance with such applicable laws. Any information that does not constitute Protected Information under applicable laws may be used or disclosed in any manner permitted under this Privacy Policy. Protected Information does not include information that has been de-identified in accordance with HIPAA.

The Providers have adopted a Telehealth Consent that describes how they use and disclose Protected Information. By accessing or using any part of the Website, you are acknowledging receipt of the Notice of Privacy Practices.

Information you submit to DefyAgeRx that is not used solely for the provision of diagnosis and treatment by the Providers or prescription fulfillment by the Pharmacies may not constitute Protected Information under HIPAA or applicable state law, and may be used and disclosed in accordance with this Privacy Policy and applicable law. DefyAgeRx will use reasonable efforts to identify and segregate Protected Information from non-protected information and will handle all health-related information with appropriate care regardless of its protected status. Nothing in this Privacy Policy shall be construed as a waiver of any privacy rights or protections you may have under applicable federal or state law.

 

REGULATORY DISCLOSURE REGARDING COMPOUNDED AND NON-FDA APPROVED SUBSTANCES

Certain products available through the Website, including peptide-based treatments, may be compounded preparations or otherwise not approved by the U.S. Food and Drug Administration (“FDA”). Compounded medications are not FDA-approved, meaning the FDA has not verified their safety, effectiveness, or quality prior to marketing. These products are prepared by licensed and FDA regulated 503(a) compounding pharmacies pursuant to a valid prescription issued by a licensed healthcare provider. DefyAgeRx does not manufacture, dispense, or prescribe any medication or treatment. All prescribing decisions are made solely by independent, licensed Providers. Any personal information you provide in connection with obtaining access to compounded or non-FDA approved substances, including health questionnaires and medical history, is collected for the purpose of facilitating a clinical evaluation by a Provider and is subject to all applicable federal and state health privacy laws. DefyAgeRx does not use such information for product development, marketing, or any commercial purpose unrelated to the facilitation of your care without your express prior consent. Nothing in this Privacy Policy or on the Website should be construed as a medical claim or endorsement of any non-FDA approved product.

 

COLLECTION AND USE OF INFORMATION BY THIRD PARTIES GENERALLY

Company contractually prohibits its employees, contractors, and affiliates from disclosing Personally Identifying Information received from Company, other than in accordance with this Privacy Policy. However, third parties are under no obligation to comply with this Privacy Policy with respect to Personally Identifying Information that users provide directly to those third parties, or that those third parties collect for themselves. These third parties include advertisers, providers of services, utilities, widgets and a variety of other third-party applications accessible through the Website. Company neither owns nor controls the third-party websites and applications accessible through the Website. Thus, this Privacy Policy does not apply to information provided to or gathered by the third parties that operate them. Before visiting a third party, or using a third-party application, whether by means of a link on the Website, directly through the Website or otherwise, and before providing any Personally Identifying Information to any such third party, users should inform themselves of the privacy policies and practices (if any) of the third party responsible for that website or application, and should take those steps necessary to, in those users’ discretion, protect their privacy. DefyAgeRx does not permit third parties or third-party cookies to access any communications you have with the Providers, or medical information that you submit to the Providers for diagnosis and treatment purposes.

 

SECURITY

We use reasonable electronic, personnel and physical measures to protect it from loss, theft, alteration or misuse. However, please be advised that even the best security measures cannot fully eliminate all risks. We cannot guarantee that only authorized persons will view your information. We are not responsible for third-party circumvention of any privacy settings or security measures. We are dedicated to protecting all information on the Website as is necessary. However, you are responsible for maintaining the confidentiality of your Personally Identifying Information by keeping your password confidential. You should change your password immediately if you believe someone has gained unauthorized access to it or your account. If you lose control of your account, you should notify us immediately.

Despite our efforts to protect your Personally Identifiable Information, there is always some risk that an unauthorized third party may find a way around our security systems or that transmissions of your information over the Internet may be intercepted. We do not utilize encryption systems for emails from us to you. Therefore, we make no representations or warranties regarding the sufficiency of the above security measures. No data transmission over the Internet or through mobile devices can be guaranteed to be 100% secure. While we strive to protect your personal information from unauthorized access, use or disclosure, we cannot ensure or warrant the security of any information you transmit to us on the Website. There is no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. It is your responsibility to protect the security of your login information. Therefore, the Company is not responsible for any actual or consequential damages that result from a lapse in compliance with this Privacy Policy because of a security breach or technical malfunction.

DATA BREACH NOTIFICATION\n\nIn the event of a security incident involving unauthorized access, acquisition, disclosure, or use of your personal information or protected health information, DefyAgeRx will notify affected users in accordance with applicable federal and state data breach notification laws, including applicable state breach notification statutes and, where applicable, the HIPAA Breach Notification Rule (45 C.F.R. §§ 164.400–414). Notification will be sent to the email address on file for the affected user within the timeframe required by applicable law. Where direct notice cannot be provided due to inaccurate, outdated, or insufficient contact information, DefyAgeRx will comply with applicable substitute notice requirements, which may include conspicuous posting on the Website homepage or notification through statewide media, to the extent required by applicable law. Users are responsible for keeping their contact information current and accurate in their account settings to ensure timely receipt of any required notification. DefyAgeRx will also notify applicable regulatory authorities (including the U.S. Department of Health and Human Services, where required by HIPAA) within the timeframes mandated by applicable law. This provision does not create obligations beyond those imposed by applicable law, and does not constitute an admission that DefyAgeRx is a covered entity or business associate under HIPAA, except as otherwise expressly stated in the Protected Health Information section of this Privacy Policy.

 

TRANSACTIONS

In connection with any transaction that you conduct through the Service (e.g., the purchase of any products or services on or through the Service), you may be asked to supply certain information relevant to the transaction, including, without limitation, your credit card number and expiration date, your billing address, your shipping address, your phone number and/or your email address. By submitting such information, you authorizeDefyAgeRx to provide such information to third-party payment processors solely to the extent necessary to facilitate, process, and complete the applicable transaction. Such authorization is limited in scope to the specific transaction for which the information is submitted and does not constitute a general or ongoing grant of rights in your personal or financial information. DefyAgeRx will not sell, transfer, or otherwise disclose your payment card information to any third party except as necessary to process payment for a transaction you have initiated or as required by applicable law. DefyAgeRx will not use your transaction information for any purpose other than facilitating the transaction and maintaining records as required by law. All payment card information collected through the Service is handled in accordance with applicable Payment Card Industry Data Security Standards (“PCI-DSS”), and DefyAgeRx requires that any third-party payment processors it engages maintain equivalent PCI-DSS compliance.

All credit card, debit card and other monetary transactions on or through the Service occur through an online payment processing application(s) accessible through the Service. This online payment processing application(s) is provided by DefyAgeRx’s third-party online payment processing vendor. Information about that vendor’s privacy policy and information security measures may be obtained by contacting us using the information in the “Contact Us” section below. Any such reference is for informational purposes only and is in no way incorporated into or made a part of this Privacy Policy. DefyAgeRx’s relationship with its payment processing vendor is merely contractual in nature, and such vendor is in no way subject to DefyAgeRx’s direction or control; thus, their relationship is not, and should not be construed as, one of fiduciaries, franchisors-franchisees, agents-principals, employers-employees, partners, joint venturers or the like.

 

DATA RETENTION

DefyAgeRxretains your personal information only for as long as is reasonably necessary to fulfill the purposes for which it was collected, in accordance with the following general retention schedule: (i) account and registration information is retained for the duration of your account and for a period of five (5) years following account closure or last activity, whichever is later; (ii) medical information collected on behalf of Providers, including health questionnaires, treatment plans, and clinical notes, is retained for a minimum of seven (7) years from the date of collection, or longer where required by applicable state medical records retention laws; (iii) financial and transaction records are retained for a minimum of seven (7) years in accordance with applicable tax and financial recordkeeping laws; (iv) identity verification records are retained only for as long as necessary to complete verification and are thereafter deleted in accordance with our identity verification partner’s data deletion protocols; and (v) marketing and communications preferences are retained for the duration of your relationship with DefyAgeRx and for one (1) year following opt-out. DefyAgeRx may retain information beyond these periods where required by applicable law, regulation, or legal process, or where necessary to resolve an active dispute. DefyAgeRx will dispose of or delete information securely upon expiration of the applicable retention period.

Similarly, the Medical Groups and Providers may retain your information for as long as they believe necessary; as long as necessary to comply with their respective legal obligations, resolve disputes and/or enforce its agreements; and/or as long as needed to provide you with the products and/or services of the Medical Groups and Providers. The Medical Groups and Providers may dispose of or delete any such information at any time, except as set forth in any other agreement or document executed by the Medical Groups or Providers or as required by law.

 

PRIVACY POLICY CHANGES

Company may, in its sole discretion, change this Privacy Policy from time to time. Any and all changes to Company’s Privacy Policy will be reflected on this page and the date new versions are posted will be stated at the top of this Privacy Policy. Unless stated otherwise, our current Privacy Policy applies to all information that we have about you and your account. Users should regularly check this page for any changes to this Privacy Policy. Company will always post new versions of the Privacy Policy on the Website. However, Company may, as determined in its discretion, decide to notify users of changes made to this Privacy Policy via email or otherwise. Accordingly, it is important that users always maintain and update their contact information.

 

CALIFORNIA PRIVACY RIGHTS

If you are a California resident, you have the following rights under the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”): (i) the right to know what personal information we collect, use, disclose, sell,or share about you; (ii) the right to access your personal information; (iii) the right to correct inaccurate personal information we maintain about you; (iv) the right to delete your personal information; (v) the right to opt out of the sale or sharing of your personal information, including sharing for cross-context behavioral advertising; (vi) the right to limit the use and disclosure of your sensitive personal information; and (vii) the right not to be discriminated against for exercising any of the foregoing rights.

Categories of Personal Information. The following describes the categories of personal information we collect, the purposes for which we collect it, and the categories of third parties to whom we disclose it: (i) Identifiers (e.g., name, email address, phone number, IP address, username, password) — collected to create and manage your account, provide and improve the Service, communicate with you, and verify your identity; disclosed to service providers, identity verification partners, and Providers and Pharmacies; (ii) Financial Information (e.g., credit card number, billing address) — collected to process transactions; disclosed to payment processing service providers; (iii) Health and Medical Information (e.g., health questionnaires, diagnoses, treatment plans, prescription history, laboratory results) — collected on behalf of Providers to facilitate clinical evaluation, diagnosis, treatment, and prescription fulfillment; disclosed to Providers, Pharmacies, and authorized service providers supporting care delivery; (iv) Sensitive Identifying Information (e.g., government-issued identification documents and selfie images submitted for identity verification) — collected to verify your identity as required for access to certain services; disclosed to our identity verification partner solely for verification purposes; (v) Internet or Electronic Network Activity (e.g., browsing history on the Website, cookie data, device identifiers) — collected to analyze usage, improve the Website, and deliver targeted advertising; disclosed to analytics and advertising service providers; (vi) General Geolocation Data (derived from IP address) — collected to understand the geographic distribution of users; not disclosed to third parties for marketing purposes; and (vii) Communications (e.g., messages to Providers, customer support interactions) — collected to facilitate care delivery and resolve service issues; disclosed to Providers and authorized service providers as necessary.

To exercise these privacy rights and choices, please follow the instructions below:

How to request access to your personal information: You may request access to your personal information twice in a 12-month period. To do so, please email us at customersupport@DefyAgeRx.com with the subject heading “California Privacy Rights,”. In response, we will produce an Access Report detailing the personal information we have collected, disclosed, and/or sold about you. This Access Report will be delivered by mail or electronically at your request. Note, we may not always be able to fully address your request, for example, if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way. Please be aware that not all information sharing is covered by the California Privacy Rights requirements and only information on covered sharing will be included in our response.

• How to request deletion of your personal information: You may request that we delete the personal information it has collected and/or maintained about you. To do so, please email us at customersupport@DefyAgeRx.com. Note, we may need to retain certain personal information as permitted by law, such as to complete the transaction for which the personal information was collected, maintain an electronic medical record for a Medical Group or Provider, provide a requested good or service, detect security incidents, protect against malicious, deceptive, fraudulent or illegal activities, comply with legal obligations or to enable solely internal uses that are reasonably aligned with your expectations or lawful within the context in which you provided the information.
• How to request correction of your personal information: You have the right to request that we correct inaccurate personal information we maintain about you, subject to certain exceptions. To submit a correction request, please email us at customersupport@DefyAgeRx.com with the subject line “California Correction Request” and describe the inaccuracy and the corrected information you believe should be reflected. We will respond to verifiable correction requests within forty-five (45) calendar days of receipt, subject to a forty-five (45) day extension where reasonably necessary and will notify you of any extension in writing within the initial response period. We may deny a correction request if we determine, based on the totality of the circumstances, that the contested information is more likely than not accurate, or if an applicable legal exception applies.
• How to request limitation of use of your sensitive personal information: You have the right to direct us to limit our use and disclosure of your sensitive personal information to what is necessary to perform the services or provide the goods you have requested, or as otherwise permitted under the CPRA. Sensitive personal information includes, but is not limited to, health and medical information, financial account data, government-issued identification information, and similar categories as defined under the CPRA. To exercise this right, please email us at customersupport@DefyAgeRx.com with the subject line “Limit Sensitive Information.” Please note that limiting our use of certain sensitive personal information may affect our ability to provide you with the full range of services available through the Website.

We reserve the right to charge a fee where permitted by law, for instance, if your request is manifestly unfounded or excessive. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Verification: Please note, we will take steps to verify your identity before fulfilling any of the above requests. If you maintain an account with us, we will verify your identity through existing authentication practices for the account (e.g., login and password). If you are not a registered member, we will verify your identity by matching two or three data points that you provide with data points that we maintain and have determined to be reliable for the purposes of verification (e.g., browser or device ID).

Authorized Agents: Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your or your minor child’s personal information. In order to designate an authorized agent to make a request on your behalf, you must provide written proof that you have consented to this designation unless the agent has power of attorney pursuant to California Probate Code sections 4000-4465. You must also verify your identity directly with us by providing a copy of your government issued identification.

Response Timing and Format: We will respond to a verifiable consumer request within forty-five (45) calendar days of its receipt. If we require more time (up to an additional forty-five (45) calendar days), we will inform you of the reason and the extension period in writing within the initial 45-day period. If you are a DefyAgeRx customer with an online account, we will deliver our written response to that account online or via email. If you are not a DefyAgeRx customer or do not have an online account, we will deliver our written response by mail or electronically, at your preference. The response will also explain the reasons we cannot comply with a request, if applicable. Please note that if you are submitting a request regarding information you provided to a Medical Group, a Provider, or a Pharmacy, your request should be directed to that entity.

Anti-Discrimination Right: We will not discriminate against you for exercising any of your CCPA rights. But note that some of the functionality and features available to you may change or no longer be available to you upon deletion of your personal information or opt-out of sale of your personal information.

We do not sell your personal information for monetary consideration. However, certain of our data sharing practices with advertising and analytics partners – including our use of cookies, pixels, and similar tracking technologies – may constitute a “sale” or “sharing” of personal information for cross-context behavioral advertising under the CCPA/CPRA. To opt out of the sale or sharing of your personal information: (i) click the “Do Not Sell or Share My Personal Information” link available on the Website’s homepage; (ii) contact us at customersupport@DefyAgeRx.com; or (iii) enable a browser-based Global Privacy Control (“GPC”) signal, which we will honor as a valid opt-out request. Additionally, some of our vendors may use your data in ways that could be construed as a sale or sharing under the CCPA/CPRA, for example by using machine learning on identity documents to improve an identity verification platform as a whole. Please see the “Web Cookies” section above for further information regarding our cookie usage.

We do not and will not sell the personal information of minors under 16 years of age without affirmative authorization.

California Shine the Light. Under California Civil Code Section 1798.83 (the “Shine the Light” law), California residents who have an established business relationship with us may request, once per calendar year, a list of the categories of personal information, if any, we disclosed to third parties for those third parties’ own direct marketing purposes during the preceding calendar year, as well as the names and addresses of those third parties. As described in this Privacy Policy, we do not share personal information with unaffiliated third parties for those third parties’ own direct marketing purposes without your express affirmative opt-in consent. If you wish to submit a request under the Shine the Light law or have questions about our practices in this regard, please contact us at customersupport@DefyAgeRx.com with the subject line “Shine the Light Request.”

DO-NOT-TRACK POLICY

Most web browsers and some mobile operating systems include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. The Website does not currently respond to traditional DNT browser signals or mechanisms. However, DefyAgeRx does recognize and honor browser-based Global Privacy Control (“GPC”) signals as a valid opt-out request from the sale or sharing of your personal information for cross-context behavioral advertising, as required under the CCPA/CPRA. If your browser or device transmits a GPC signal, we will process it as a valid opt-out request applicable to that browser or device.

MISCELLANEOUS

We strive to use reasonable physical, technical and administrative measures to protect information under our control. However, you must keep your Account password secure and your Account confidential, and you are responsible for any and all use of your Account. If you have reason to believe that the security of your Account has been compromised, please notify us immediately in accordance with the “Contacting Us” section below.

When using the Service, you may choose not to provide us with certain information, but this may limit the features you are able to use or may prevent you from using the Service all together. You may also choose to opt out of receiving certain communications (e.g., newsletters, promotions) by emailing us your preference. Please note that even if you opt out, we may still send you Service-related communications. DefyAgeRx recognizes and honors browser-based Global Privacy Control (“GPC”) signals as a valid opt-out request from the sale or sharing of your personal information for cross-context behavioral advertising. The Website does not otherwise respond to traditional Do-Not-Track (“DNT”) browser signals. DefyAgeRx may supplement, amend, or otherwise modify this Privacy Policy at any time. Such supplements, amendments and other modifications will be posted on this or a similar page of the Service, and shall be deemed effective as of the “Last Updated” date; provided, however, that DefyAgeRx will notify you and/or require you to accept the updated Privacy Policy if the supplemented, amended or otherwise modified Privacy Policy implements material changes from DefyAgeRx’s then-current Privacy Policy. It is your responsibility to carefully review this Privacy Policy each time you visit, access or use the Service.

 

CONTACT US

If you have any questions about this Privacy Policy, please contact us by email at customersupport@DefyAgeRx.com or by regular mail at:

DefyAgeRx LLC.
3761Camino Cielo, Lincoln, CA 95648
Attn: Privacy Officer

For additional information, call U.S Office of Civil Rights at (800) 368-1019 (Voice) or (800) 537-7697 or via Fax: (202) 619-3818 or email: ocrmail@hhs.gov , or contact your local Office of Civil Rights of the U.S. Department of Health and Human Services: https://www.hhs.gov/ocr/about-us/contact-us/index.html#ocr-regional-offices.

EFFECTIVE DATE

This Privacy Policy is effective as of April 13, 2026.

Bottom of Form

© 2026 DefyAgeRx LLC. All rights reserved.