Privacy Policy

Last updated: May 1, 2026

Peptech ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, create an account, or place an order. Please read this policy carefully.

1. Information We Collect

We collect information that you voluntarily provide to us when you:

Place an order: Full name, email address, billing and shipping addresses, phone number, date of birth (for age verification), and research affiliation.
Create an account: Name, email address, and a password (hashed via Supabase Auth — we never store plaintext passwords).
Contact us: Any information you provide when reaching out to customer support, including your name, email, and the contents of your message.
Subscribe to marketing: Email address, with your explicit consent, for newsletters and promotional communications.

We also automatically collect certain information when you visit our site, including IP address, browser type, device information, referring URLs, and pages viewed. This data is used for analytics, site optimization, and fraud prevention.

2. Payment Information

Peptech never receives, stores, or transmits full credit card numbers, CVV codes, or expiration dates on our servers. Card payments are tokenized and processed entirely through NMI (Network Merchants, Inc.), a PCI DSS Level 1 compliant payment gateway. We receive only a payment token and the last four digits of your card number for reference purposes.

Cryptocurrency payments are processed through Coinbase Commerce. Your blockchain wallet address and transaction details are collected solely for payment verification and order fulfillment.

ACH and eDebit payments are processed through Mercury (Mercury Technologies, Inc.). We receive confirmation of payment status but do not have access to your bank account details beyond what you provide for invoicing.

3. How We Use Your Information

We use the information we collect for the following purposes:

Order fulfillment: Processing and shipping your orders, sending order confirmations, and providing customer support.
Account management: Maintaining your account, processing returns, and tracking order history.
Transactional communications: Sending emails about your order status, shipping updates, and account-related notices (these are necessary for the performance of our contract with you).
Marketing communications: Sending newsletters, promotions, and product updates — only if you have explicitly opted in. You may unsubscribe at any time via the link in any marketing email or by contacting us.
Site improvement: Analyzing site usage to improve our products, user experience, and customer service.
Fraud prevention and security: Detecting and preventing fraudulent transactions, unauthorized access, and other potentially illegal activities.
Legal compliance: Complying with applicable laws, regulations, and legal processes, including responding to lawful requests from public authorities.

4. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to provide and improve our services:

Essential cookies: Required for core site functionality, including cart persistence, authentication sessions, and security measures. These cannot be disabled.
Functional cookies: Remember your preferences (e.g., age verification status, region settings) to provide a better browsing experience.
Analytics cookies: Help us understand how visitors interact with our site through services such as PostHog and Vercel Analytics. This data is aggregated and anonymized.
Marketing cookies: Used by our email marketing provider (Omnisend) to track site activity for abandoned cart reminders, browse abandonment flows, and campaign measurement — only when you have provided consent.

You may decline non-essential cookies through our consent banner. Most browsers also allow you to refuse or delete cookies through their settings. Note that disabling cookies may affect site functionality.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following limited circumstances:

Service providers: We share information with trusted third parties who perform services on our behalf, including payment processors (NMI, Coinbase Commerce, Mercury), shipping carriers (USPS, UPS), email service providers (Resend, Omnisend), analytics providers (PostHog, Vercel), and hosting infrastructure (Supabase, Vercel). These providers are contractually bound to use your data only for the services we request and in compliance with applicable privacy laws.
Legal requirements: We may disclose information if required by law, regulation, subpoena, court order, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
Business transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including:

Order records: Retained for at least 7 years to comply with tax, accounting, and legal obligations.
Account information: Retained while your account is active. You may request deletion at any time.
Marketing consent: Retained until you withdraw consent or unsubscribe.
Analytics data: Retained in anonymized form for business analysis purposes.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

Access: Request a copy of the personal data we hold about you.
Correction: Request that we correct inaccurate or incomplete information.
Deletion: Request that we delete your personal data, subject to legal retention requirements.
Portability: Request your data in a structured, machine-readable format.
Opt-out of sale/sharing: California residents and residents of other states with applicable laws may opt out of the "sale" or "sharing" of personal information. As stated above, we do not sell personal information.
Marketing opt-out: Unsubscribe from marketing communications at any time.

To exercise any of these rights, or if you have questions about our privacy practices, please contact us at privacy@peptidetech.co. We will respond to verifiable requests within 30 days as required by applicable law.

8. Children's Privacy

Our site is not intended for individuals under 21 years of age. We do not knowingly collect personal information from persons under 21. If we learn that we have collected personal data from an individual under 21, we will delete it promptly.

9. Data Security

We implement industry-standard technical and organizational measures to protect your personal information, including encryption in transit (TLS 1.3), encryption at rest, access controls, and regular security audits. However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. International Users

Our services are hosted in the United States. If you access our site from outside the U.S., your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using our site, you consent to such transfer and processing.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

12. Contact Us

For questions, concerns, or to exercise your privacy rights, please contact our Privacy Officer:

Peptide Tech LLC
Attn: Privacy Officer
1309 Coffeen Avenue, Suite 14346
Sheridan, Wyoming 82801
Email: privacy@peptidetech.co

You may also file a complaint with your local data protection authority if you believe your rights have been violated.