Privacy Policy

Effective date: March 31, 2026 · Coleman & Co. Peptide and Aesthetic Care, LLC, a Florida limited liability company (“Coleman & Co.,” “we,” “us,” or “our”)

Notice: This policy describes our privacy practices, including protections we apply to protected health information under HIPAA (defined below). Have your attorney review updates to ensure they match your operations, notices you provide in person or on paper, and any Business Associate Agreements you maintain.

This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit colemanandcompanypeptides.com and related pages (the “Site”), use our client intake or contact flows, or use password-protected member areas or messaging features we make available.

By using the Site, you agree to this Privacy Policy. If you do not agree, please do not use the Site.

1. Who we are

We are Coleman & Co. Peptide and Aesthetic Care, LLC, a single-member Florida limited liability company. There is no board of directors. Where this policy refers to “we” or “us,” it means the LLC and the sole member and other personnel authorized to act on its behalf.

2. HIPAA and protected health information (PHI)

We maintain privacy and security practices designed to comply with the Health Insurance Portability and Accountability Act of 1996 and its regulations (collectively, HIPAA), including the Privacy, Security, and Breach Notification Rules, for protected health information (PHI)—information about health, care, or payment for care that identifies you or could reasonably be used to identify you—that we create, receive, maintain, or transmit in the course of providing services to clients.

Our commitment. For clients with whom we have a professional relationship, we apply HIPAA-aligned safeguards to PHI as described in this policy, in our internal policies and procedures, and in separate notices or authorizations where required.

Uses and disclosures of PHI. We use and disclose PHI only as permitted or required by HIPAA, including for example:

Treatment — To coordinate or manage care and related services.
Payment — To obtain or provide reimbursement for services, as applicable.
Health care operations — For quality improvement, training, and business management that support our practice, as permitted by law.
As authorized by you — When you sign a valid authorization or otherwise agree as HIPAA allows.
As required by law — Including public health, oversight, and judicial or administrative proceedings where applicable.

Business associates. Vendors that create, receive, maintain, or transmit PHI on our behalf (for example, hosting, secure messaging, or form infrastructure) are required to protect that information under written Business Associate Agreements that satisfy HIPAA, or as otherwise permitted by law.

Your rights under HIPAA. Subject to HIPAA and applicable exceptions, you may have the right to:

Access — Request access to PHI we maintain about you in a designated record set.
Amendment — Request amendment of PHI we maintain, as provided by law.
Accounting of disclosures — Request a list of certain disclosures of your PHI.
Restrictions — Request restrictions on certain uses and disclosures (we are not required to agree in all cases).
Confidential communications — Request reasonable alternative means or locations for communications.
Copy of this notice — Obtain a copy of our privacy practices in paper or electronic form.

Complaints. You may file a complaint with us if you believe your privacy rights have been violated (see Contact / Privacy Officer below). You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights. We will not retaliate against you for filing a complaint.

Breach notification. If unsecured PHI is compromised in a reportable manner, we will notify affected individuals and others as required by HIPAA and applicable state law.

3. Information we collect

Depending on how you interact with us, we may collect:

Contact and identity information — For example, name, email address, phone number, and similar details you submit through forms (such as the client intake form), email, or messages.
Health-related information — The intake form and related communications may include health history, goals, medications, lab information, or other information that may constitute PHI when combined with identifiers. Do not submit information you are not comfortable sharing electronically.
Account information — If we offer a member login, our authentication provider may process your email address and authentication tokens so you can access member resources.
Messages — Content you send through on-Site messaging or chat features we provide.
Technical and usage data — Such as browser type, device type, general location derived from IP address (e.g., region or city), pages viewed, and timestamps. Where this data is not combined with health information in a way that identifies you as a patient, it may not be PHI.

4. How we use information

We use information to operate our practice, respond to inquiries, provide consultations or services you request, authenticate member accounts, send administrative messages, comply with law, and improve the Site. Uses of PHI are limited as described in Section 2.

We do not sell PHI. We do not sell personal information for monetary or other valuable consideration as defined under applicable state privacy laws, except as permitted by law.

We share information only as described in this policy, as required by HIPAA for PHI, or as you authorize. Categories include:

Service providers under contract and, where they handle PHI, under Business Associate Agreements;
Professional advisors (for example, attorneys or accountants) subject to confidentiality obligations;
Authorities when required by law, regulation, or legal process.

Our Site may use services such as Netlify (hosting and identity) and Supabase or similar providers (data storage and messaging). PHI is shared with such vendors only under safeguards consistent with HIPAA and our agreements.

6. Cookies and similar technologies

We and our service providers may use cookies, local storage, or similar technologies to keep you logged in (where applicable), remember preferences, maintain security, and understand Site usage. You can control cookies through your browser settings; disabling cookies may limit certain features.

7. Retention

We retain information, including PHI, for as long as needed to provide services, meet legal and professional obligations (including HIPAA record requirements), resolve disputes, and enforce agreements.

8. Security

We implement administrative, physical, and technical safeguards appropriate to the size and nature of our practice, including access controls, workforce training, and secure transmission where available. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

9. State privacy rights (e.g., California)

Depending on where you live, you may have additional rights regarding personal information under state law (for example, California’s CCPA/CPRA), some of which may overlap with HIPAA. Where HIPAA applies to PHI, HIPAA governs our use and disclosure of that information. To exercise rights, contact us using the information below.

10. Children’s privacy

The Site is not directed at children under 13 (or 16 where a higher age applies). We do not knowingly collect personal information from children in a manner inconsistent with law. If you believe we have collected such information, contact us and we will take appropriate steps.

11. International users

If you access the Site from outside the United States, your information may be processed in the United States, where privacy laws may differ from those in your country.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Effective date” above. For material changes affecting PHI, we will comply with HIPAA’s requirements for notice.

13. Contact us / Privacy Officer

For privacy questions, HIPAA rights requests, or complaints:

Privacy Officer — Coleman & Co. Peptide and Aesthetic Care, LLC
Email: colemanandcompanypeptides@gmail.com
Phone: 727-509-2811