Privacy Policy
Last updated: 24 June 2026
1. Who we are
PepUp Health (Pty) Ltd ("PepUp", "we", "us") is a South African doctor-led peptide wellness platform. For the purposes of POPIA, PepUp is the responsible party for the personal information described in this policy.
Information Officer: contact us at info@pepup.co.za.
2. Information we collect
- Identity & contact details: name, surname, email, mobile number and (optionally) your South African ID number.
- Health information (special personal information): assessment answers, medical history, measurements, goals, prescriptions and related clinical information.
- Order & payment information: products and subscriptions purchased and payment status. Card payments are processed by our payment provider (Paystack); we do not store your card details.
- Account & technical data: login identifiers and basic usage information needed to operate the service.
3. How and why we use your information
We process your information to:
- create and manage your account and wellness profile;
- enable a registered clinician to review your assessment and, where appropriate, issue a prescription;
- fulfil and deliver orders and manage subscriptions;
- communicate with you about your assessment, consultation and orders; and
- meet our legal, regulatory and healthcare record-keeping obligations.
We process your health information with your explicit consent for the purpose of providing healthcare services, and otherwise on the lawful bases permitted by POPIA (including performance of our contract with you and compliance with the law).
4. Who we share it with
We share personal information only as needed to deliver the service, with:
- HPCSA-registered clinicians who review your assessment and prescribe;
- SAHPRA-compliant compounding pharmacies that prepare your medicine;
- our payment provider (Paystack) to process payments;
- our hosting, database and email service providers (operators) who process information on our behalf under appropriate safeguards; and
- couriers for delivery, and authorities where required by law.
We do not sell your personal information.
5. Cross-border processing
Some of our service providers may process information outside South Africa. Where this happens, we take reasonable steps to ensure your information is protected by a comparable level of protection as required by POPIA.
6. Security
We apply appropriate technical and organisational measures to protect your information, including access controls, encryption in transit, and restricting access to your records to authorised clinicians and staff. No method of transmission or storage is completely secure, but we work to protect your information and to address any incident promptly.
7. How long we keep it
We retain personal information for as long as needed to provide the service and to meet legal, medical record-keeping and regulatory requirements, after which it is securely deleted or de-identified.
8. Your rights under POPIA
You have the right to:
- request access to the personal information we hold about you;
- request correction or deletion of your information;
- object to certain processing and withdraw consent (this may limit our ability to provide care);
- not be subject to direct marketing without consent; and
- lodge a complaint with the Information Regulator.
To exercise any of these rights, email info@pepup.co.za.
9. The Information Regulator
You may contact the Information Regulator (South Africa): website inforegulator.org.za, email enquiries@inforegulator.org.za.
10. Age restriction
PepUp's services are intended for adults aged 18 and over. We do not knowingly process the information of minors.
11. Changes to this policy
We may update this policy from time to time. We will post the updated version here with a revised "last updated" date.
12. Contact us
For any privacy question or request, contact us at info@pepup.co.za.
