Privacy Policy

Effective Date: April 3, 2026

Peak Asset Performance LLC, doing business as TrimDoctor ("TrimDoctor," "we," "us," or "our"), is committed to protecting the privacy and security of your personal and health information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our website, mobile applications, patient portal, and related services (collectively, the "Platform").

By using the Platform, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Platform.

I. Information We Collect

A. Personal Information

We collect the following personal information when you create an account, complete an assessment, or use our services:

  • Full legal name
  • Date of birth
  • Biological sex
  • Email address
  • Phone number
  • Mailing address
  • State of residence
  • Payment information (processed securely via Stripe)
  • Account credentials

B. Protected Health Information (PHI)

In the course of providing telehealth services, we collect and maintain the following health-related information:

  • Medical history, pre-existing conditions, and current medications
  • Known allergies
  • Height, weight, and BMI
  • Health and weight loss goals
  • Previous GLP-1 medication use
  • Treatment records, prescriptions, and dosage information
  • Provider messages and consultation notes
  • Weight logs and progress data
  • Body composition data (VIP coaching members)

C. Usage and Technical Data

We automatically collect certain technical and usage information when you access the Platform:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited and features used
  • Cookies and session identifiers
  • Analytics data
  • Referral source and marketing attribution

II. How We Use Your Information

We use the information we collect for the following purposes:

  • Facilitating medical consultations with licensed healthcare providers
  • Processing prescriptions and coordinating pharmacy fulfillment
  • Managing subscriptions and processing billing
  • Providing customer support, including AI-assisted support
  • Sending transactional communications (order confirmations, shipping updates, appointment reminders)
  • Sending marketing communications (with your consent; you may opt out at any time)
  • Improving and optimizing the Platform
  • Preventing fraud and unauthorized access
  • Complying with legal and regulatory obligations

III. How We Share Your Information

We do NOT sell your personal information or protected health information to any third party.

We share your information only with the following categories of recipients, and only to the extent necessary to provide our services:

A. Healthcare Providers

Your health information is shared with licensed physicians contracted through our partner physician network, OpenLoop Health, for the purpose of medical evaluation and prescribing.

B. Compounding Pharmacies

Prescription and relevant health information is shared with Belmar Pharmacy Solutions and/or Empower Pharmacy for medication compounding and fulfillment.

C. Service Providers

We engage the following service providers, each of which maintains a Business Associate Agreement (BAA) with us where applicable:

  • Stripe — Payment processing
  • AWS — HIPAA-compliant cloud hosting
  • Anthropic (Claude AI) — AI-assisted support (de-identified data only)
  • Postmark — Transactional email delivery
  • Twilio — SMS communications
  • Vanta — Compliance monitoring and automation

D. Legal Requirements

We may disclose your information when required by law, regulation, subpoena, court order, or other legal process.

IV. Data Security

We implement robust administrative, technical, and physical safeguards to protect your information:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • HIPAA-compliant AWS infrastructure with a signed BAA
  • Role-based access controls
  • Comprehensive audit logging
  • Regular security assessments
  • Employee privacy and security training

V. HIPAA Compliance

TrimDoctor complies with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations. We maintain Business Associate Agreements (BAAs) with all vendors and service providers that access, process, or store protected health information. For detailed information about your rights under HIPAA, please see our separate Notice of Privacy Practices.

VI. Your Rights

You have the following rights regarding your personal and health information:

  • Access the personal and health information we maintain about you
  • Request corrections to inaccurate or incomplete information
  • Request deletion of your personal information (subject to legal retention requirements)
  • Opt out of marketing communications at any time
  • Request an accounting of disclosures of your PHI
  • File a complaint with us or with the U.S. Department of Health and Human Services (HHS) if you believe your privacy rights have been violated

VII. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know — You may request that we disclose the categories and specific pieces of personal information we have collected about you.
  • Right to Delete — You may request deletion of your personal information, subject to certain exceptions.
  • Right to Opt Out of Sale — We do NOT sell your personal information.
  • Right to Non-Discrimination — We will not discriminate against you for exercising your privacy rights.
  • Right to Correct — You may request correction of inaccurate personal information.
  • Right to Limit Use of Sensitive Personal Information — You may direct us to limit the use and disclosure of your sensitive personal information.

To exercise any of these rights, contact us at privacy@trimdoctor.com.

VIII. Cookies

We use the following types of cookies on the Platform:

  • Essential Cookies — Required for session management, authentication, and security.
  • Analytics Cookies — Help us understand how visitors interact with the Platform to improve user experience.
  • Marketing Attribution Cookies — Track the effectiveness of our advertising campaigns and referral sources.

You may manage your cookie preferences through your browser settings. Disabling essential cookies may affect Platform functionality.

IX. Data Retention

We retain your information for the following periods:

  • Account Information — Duration of your account plus 7 years
  • Health Records — Minimum 7 years (as required by applicable law)
  • Payment Records — 7 years (IRS requirements)
  • Marketing Preferences — Until you opt out
  • Audit Logs — Minimum 6 years (HIPAA requirements)

X. Children's Privacy

The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected information from a person under 18, we will promptly delete that information.

XI. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to you via email and/or a prominent notice on the Platform. Your continued use of the Platform after such changes constitutes your acceptance of the updated policy.

XII. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Privacy Inquiries: privacy@trimdoctor.com

General Support: help@trimdoctor.com

Phone: (323) 690-1564