Skip to content
GrowthRx Labs

Last updated · May 28, 2026

Data Subject Request

This page is the single intake point for data subject access, correction, deletion, and portability requests under US state privacy laws (CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA, TDPSA) and GDPR.

What you can request

  • Right to know / access — what personal information we hold about you and how we use it
  • Right to correct — fix inaccurate personal information
  • Right to delete — request deletion of personal information, subject to legal exceptions
  • Right to portability — receive a copy of your data in a portable format
  • Right to opt out of sale or sharing — we do not sell or share personal information; this right is satisfied by default
  • Right to limit use of sensitive personal information — we do not collect sensitive PI on this site
  • Right to non-discrimination — we will not penalize you for exercising any right

How to submit a request

Email support@growthrxlabs.com with the subject line Data Subject Request. Include:

  1. The right you are exercising (access, delete, correct, port, opt-out)
  2. Your full name
  3. The email address(es) and phone number(s) you used to contact us, if any
  4. Any other information that helps us locate your records
  5. State of residence (so we apply the correct statutory framework)

If your data is held by a clinic (not us)

If you are a patient of a peptide clinic that uses our Peptide OS CRM, your data is controlled by the clinic, not by GrowthRx Labs. Contact your clinic directly. The clinic may use the Service to fulfill your request; we support clinics in doing so but are not the party that holds your patient record.

If you are unsure which clinic holds your data, contact us anyway and we will route the request appropriately.

Verification

We will verify your identity before fulfilling a request. For most requests this means confirming you control the email address you contacted us from. For deletion or portability requests we may ask for additional verification proportionate to the sensitivity of the data.

Authorized agents may submit requests on your behalf. The agent must provide signed authorization, and we may verify directly with you before fulfilling.

Response timeline

  • CCPA / state US laws — we respond within 45 days, with one 45-day extension permitted when reasonably necessary (you will be notified within the first 45 days if an extension is needed)
  • GDPR — we respond within 30 days, with up to two additional 30-day extensions when necessary given the complexity of the request

Appeals (state-specific)

If we deny your request and you reside in a state that grants an appeal right (Virginia, Colorado, Connecticut, others), you may appeal by replying to our denial email with the subject line Appeal. We will respond within 60 days. If we decline the appeal we will provide a written explanation and information for contacting your state Attorney General.

Limits

Statutory exceptions to deletion include data we are legally required to retain (e.g., tax records, audit logs). We will tell you what cannot be deleted and why.

Cost

Requests are free. If you request an additional copy within 12 months of the first response, we may charge a reasonable administrative fee or decline.