Privacy Policy

Peptide United (“we,” “our,” “the Site”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

1. Information We Collect

Information you provide directly

• Account information: name, email address, password (hashed and never stored in plaintext)
• Membership information: subscription tier and billing details (processed by Stripe)
• Email newsletter subscriptions
• Profile updates and preferences

Information collected automatically

• Log data: IP address, browser type, pages visited, time spent, referring URLs
• Cookies and similar tracking technologies (see Section 5)
• Usage patterns: search queries, peptide profiles viewed, features accessed
• Device information: operating system, screen resolution, language settings

2. How We Use Your Information

• To provide and maintain your account and membership access
• To send transactional emails (password resets, subscription confirmations)
• To send research updates and newsletters (only if you opted in)
• To improve the Site, personalize content, and analyze usage patterns
• To detect, prevent, and address technical issues or abuse
• To comply with legal obligations

We do not sell your personal information to third parties.

3. Information Sharing

We may share your information with:

• Service providers: Third-party vendors who assist us in operating the Site — including Supabase (database hosting), Vercel (infrastructure), and Stripe (payment processing). These providers are contractually bound to protect your data.

• Affiliate partners (limited): When you click an affiliate link, the Partner's website will receive standard referral data (e.g., referring URL). We do not share your personal account data with Partners.

• Legal requirements: When required by law, court order, or governmental authority, or to protect the rights, property, or safety of Peptide United, our users, or the public.

• Business transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets, your data may be transferred as part of that transaction.

4. Data Retention

We retain your account information for as long as your account is active or as needed to provide services. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., transaction records).

Email subscriber records are retained until you unsubscribe. Click events and analytics data may be retained in aggregated, anonymized form indefinitely.

5. Cookies and Tracking

We use the following types of cookies and local storage:

• Authentication cookie: An HTTP-only, secure session token (payload-token) that keeps you logged in. Required for account functionality.

• Local storage: We store your recently viewed peptide history (pw_recently_viewed) in your browser's local storage for the Research Activity dashboard. This data never leaves your device.

• Analytics: We may use privacy-respecting analytics tools to understand aggregate traffic patterns. We do not use Google Analytics or similar services that build cross-site tracking profiles.

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: request a copy of the personal data we hold about you
• Correction: request correction of inaccurate or incomplete data
• Deletion: request deletion of your personal data ("right to be forgotten")
• Portability: request your data in a machine-readable format
• Objection: object to certain processing activities
• Withdrawal of consent: withdraw consent for email marketing at any time

To exercise these rights, contact us via your dashboard or email. We will respond within 30 days.

7. Children's Privacy

The Site is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us immediately and we will delete that information.

8. Security

We implement industry-standard security measures to protect your personal information, including encrypted connections (TLS/HTTPS), HTTP-only authentication cookies, and hashed password storage. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify registered users of material changes via email. Your continued use of the Site after changes constitutes your acceptance of the updated policy.