We built Revrcel a modern page replacement system. The existing WordPress pages are slow, bloated with plugin overhead, and difficult to update. We recreated key pages from scratch using clean, modern HTML and CSS — no WordPress, no page builder plugins, no theme bloat. The result is pages that load significantly faster, look identical (or better) to the originals, and are hosted on their own dedicated server (Google Cloud) separate from WordPress.
We also set up Cloudflare DNS for the domain with all existing email records (Google Workspace MX, SPF, DKIM, DMARC) already in place, and wrote a Cloudflare Worker that routes specific page URLs to the new modern pages while sending everything else to the WordPress site.
Complete page built from scratch in modern HTML and CSS. Includes hero section, clinical results, product science breakdown, ethics section, call-to-action buttons, and the Revrcel AI chat widget.
Pixel-accurate rebuild of the WooCommerce product page. Image gallery, price display, quantity selector, "Add to Cart" button connected to the real WooCommerce cart. Serves as a reusable template for future product pages.
Full rebuild of the WordPress bloodwork page. Original scanned element-by-element using automated browser tools. Rebuilt from scratch in semantic HTML/CSS — matches the original design exactly. Loads dramatically faster.
Full static HTML/CSS/JavaScript replication of the entire revrcel.com website. Every page on the live site was cloned into a standalone, high-performance static site deployed to Google Cloud Run as a separate service. The result is a complete, independent copy of the site that loads significantly faster than WordPress and can be customized, extended, or used as a migration target.
| Component | Detail |
|---|---|
| HTML Pages | 43 pages across 6 subdirectories (products, blog, account, skincare, legal, main) |
| CSS Architecture | 15 files — reset, variables, global, 2 component files (header/footer), 10 page-specific stylesheets |
| JavaScript | 2 files — core functionality + embedded chat widget |
| Image Assets | 37 files — logos, backgrounds, blog images, product images, team photos, icons |
| Video Assets | 2 files — hero video + redefine background video |
| Responsive Design | Mobile (<768px), Tablet (768–1024px), Desktop (>1024px) breakpoints |
| Deployment | Dockerfile + nginx.conf, deployed to Cloud Run (revrcel-website, us-east4) |
| Documentation | REPLICATION_PLAN.md (phased plan), SITEMAP.md (complete URL mapping) |
We conducted a comprehensive HIPAA compliance analysis of the Revrcel platform (operated by Bluprint Health), examining all technology systems, data flows, communication touchpoints, published policies, and vendor relationships for Protected Health Information (PHI) handling.
The audit assessed 12 website pages, 15 communication touchpoints across the full customer lifecycle, all published legal/policy pages, 8 vendors for BAA status, and conducted a deep dive into the GoHighLevel HIPAA module.
Neither Automattic nor WooCommerce offer a Business Associate Agreement. Order records linking patients to peptide purchases constitute PHI when tied to a clinical relationship. No encryption, no access controls, no audit logging.
The most sensitive clinical communications — lab orders, 100+ biomarker results, prescriptions, and treatment protocols — flow via standard email. No evidence of Paubox, Virtru, Hushmail, or any encrypted email service.
HIPAA requires BAAs with every vendor that touches PHI. No BAAs were evidenced with GoHighLevel, WordPress hosting, email provider, SMS provider, or lab partners.
The FAQ states "all peptides require a doctor's prescription" but anyone can add products to cart and purchase without consultation, prescription, or physician approval. Product pages carry contradictory "research purposes only" disclaimers.
Six observable indicators suggest the $297/mo HIPAA add-on is not active: misspelled HIPAA URL, no mention of GHL's HIPAA module in policies, privacy policy disclaims PHI collection, and overall compliance posture.
The HIPAA policy directs patients to submit PHI access requests to info@revrcel.com — likely standard, unencrypted email. Every PHI response sent through it is a potential violation.
No mention of encryption standards, TLS versions, named platforms, or specific safeguards. URL is misspelled (/hippa-policy/ instead of /hipaa-policy/).
States "We do not knowingly collect PHI through standard website forms" while the business model inherently collects PHI through WooCommerce checkout tied to clinical relationships.
All clinical documents (lab scripts, results, treatment plans, prescriptions) exchanged via email rather than a secure, access-controlled patient portal.
These gaps cannot be resolved within the current technology stack:
Order records linking patients to specific peptide purchases constitute PHI. WooCommerce stores this in an unencrypted MySQL database with no access controls, no audit logging, and no BAA. There is no HIPAA pathway for WooCommerce — it cannot be fixed, only replaced.
The most sensitive clinical communications — lab scripts, lab results, treatment plans, prescriptions — flow via standard email between Dr. Hodor and patients, outside of any encrypted or HIPAA-compliant system.
Anyone can purchase peptide products without consultation, prescription verification, or physician approval — despite the FAQ stating "all peptides require a doctor's prescription." Product pages carry "research and educational purposes only" disclaimers that contradict the physician-supervised clinical framing.
Markdown — 581 lines
Print-ready HTML — 50 KB
PDF — 8 pages, 486 KB
Markdown — 355 lines (full remediation spec)
The build plan includes complete specifications for a HIPAA-compliant replacement platform: database schema (9 migrations), field-level AES-256 encryption, hash-chained tamper-proof audit logging, role-based access control, prescription verification gate, and an 8-phase implementation roadmap. Remediation work is not included in this invoice and would be scoped separately.
| Deliverable | Market Value | Status |
|---|---|---|
| Infrastructure (Cloud Run + Docker + nginx + GitHub + Cloudflare) | $2,000 | Delivered |
| 3 landing pages (Skincare, Product Template, Bloodwork) | Included | Delivered |
| Complete website replication (43 pages, 68 MB) | $8,000 | Delivered — Market Price |
| HIPAA Compliance Audit & Risk Assessment | $5,000 | Delivered — Market Price |
| Routing to revrcel.com | — | Blocked (GoDaddy nameserver change) |
| HIPAA remediation platform build | — | Scoped separately (build plan delivered) |