Privacy Policy

Peptide Contacts ("we," "us," "our") operates the website at peptidecontacts.com. We are a research intelligence platform that provides information about peptide vendors, compounds, research tools, and community features. We are not a pharmacy, clinic, manufacturer, or healthcare provider.

For any privacy-related questions or requests, contact us through the messaging system on the platform or at the contact information provided on the site.

We collect information in the following categories:

2.1 Information You Provide Directly

• Account data: Email address, full name, password (hashed), and role selection (user, vendor, or customer) when you create an account
• Profile data: Optional bio, avatar image, age range, and display preferences
• Vendor data: Business name, website, contact email, phone number, WhatsApp, WeChat, country, city, state, GMP certifications, and product catalog (for vendor accounts)
• Customer data: Company name, license number, state, customer type, and use case (for customer accounts)
• Content you create: Forum posts, comments, reviews, transformation photos, journal entries, and messages
• Research journal data: Peptides used, dosage notes, mood/energy/sleep ratings, side effects, and protocol logs

2.2 Information Collected Automatically

• Device and browser data: IP address, browser type, operating system, device type, and screen resolution
• Usage data: Pages visited, search queries, features used, time spent on pages, and interaction patterns
• Location data: Approximate geographic location derived from your IP address (country, region, city) for language detection and analytics
• Cookies: Session cookies for authentication, language preference cookies, and analytics cookies (see Section 7)

2.3 Information from Third Parties

• Vendor data: We scrape publicly available business information from vendor websites, directories, and regulatory databases to build vendor profiles
• Expert contact data: We compile publicly available information about peptide researchers, clinicians, and industry figures from public sources (YouTube, Twitter, academic publications, company websites)

We use your information for the following purposes:

• Platform operation: Account authentication, authorization, session management, and delivering platform features
• Personalization: Language detection and locale preferences, search results, and content recommendations
• Communication: Transactional emails (account verification, password resets), in-app notifications, and direct messages between users
• Community features: Displaying your public content (forum posts, reviews, transformations) with your chosen username, calculating karma ("Peps") scores, and maintaining leaderboards
• Analytics: Understanding how the platform is used, identifying popular features, measuring traffic, and improving user experience
• Research: Generating anonymized, aggregated datasets from user-submitted data (journal entries, reviews, community content) for peptide research insights
• Safety and security: Detecting fraud, abuse, spam, and violations of our Terms of Service; enforcing rate limits and access controls
• Legal compliance: Responding to lawful requests from government authorities and enforcing our legal rights

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

• Contract performance: Processing necessary to provide you with the platform services you signed up for (account management, messaging, content features)
• Legitimate interests: Analytics, fraud prevention, platform improvement, and maintaining community safety, where these interests are not overridden by your rights
• Consent: Analytics cookies (Google Analytics), marketing communications, and anonymized research data sharing. You may withdraw consent at any time
• Legal obligation: Where we are required to process data to comply with applicable law

We share your data with the following categories of third parties:

5.1 Service Providers

5.2 Research Partners

We may share anonymized, de-identified, aggregated data with approved research institutions under strict Data Use Agreements. See our Terms of Service (Section 5) for details. No individually identifiable data is ever shared with research partners.

5.3 We Never

• Sell your individually identifiable personal data to any third party
• Share your email address with marketers or advertisers
• Provide your data to data brokers or data resellers
• Allow third-party advertising networks to track you on our platform

Your data is stored on Supabase (PostgreSQL) servers hosted in the United States (us-east-1 region). We implement the following security measures:

• All data transmitted between your browser and our servers is encrypted using TLS 1.2+
• Passwords are hashed using bcrypt — we never store passwords in plain text
• Database access is protected by Row-Level Security (RLS) policies ensuring users can only access their own data
• API routes enforce authentication and role-based access controls
• Rate limiting protects against brute-force attacks and abuse (e.g., 50 messages/hour per user)
• Service role credentials are never exposed to the client

While we take reasonable measures to protect your data, no system is 100% secure. In the event of a data breach affecting your personal information, we will notify affected users within 72 hours and report the breach to relevant authorities as required by law.

We use the following cookies:

Essential cookies are required for the platform to function and cannot be disabled. You can manage analytics cookies through your browser settings. Most browsers allow you to block or delete cookies, though this may affect platform functionality.

Depending on your location, you may have the following rights regarding your personal data:

All Users

• Access: Request a copy of all personal data we hold about you
• Correction: Update or correct inaccurate personal data through your account settings
• Deletion: Delete your account and all associated personal data
• Export: Download your data (including journal entries) in standard formats (CSV, JSON)
• Withdraw consent: Opt out of analytics cookies at any time

EEA/UK Residents (GDPR)

• Right to restriction: Request that we limit how we process your data
• Right to portability: Receive your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interests
• Right to lodge a complaint: File a complaint with your local data protection authority

California Residents (CCPA/CPRA)

• Right to know: Request disclosure of personal information collected, used, and shared
• Right to delete: Request deletion of personal information
• Right to opt out: We do not sell personal information, so this right is satisfied by default
• Non-discrimination: We will not discriminate against you for exercising your privacy rights

To exercise any of these rights, contact us through the platform messaging system or at the contact information provided on the site. We will respond within 30 days (or sooner if required by applicable law).

We retain your data for the following periods:

• Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
• Content you create: Retained while your account is active. Public content is removed upon account deletion. Anonymized aggregated data derived from your content persists (see Terms of Service, Section 8).
• Journal entries: Retained while your account is active. Permanently deleted upon account deletion. Anonymized aggregates persist.
• Messages: Retained for 2 years after account deletion (to preserve conversation context for other participants), then permanently deleted.
• Analytics data: Google Analytics data is retained for 14 months per Google's default retention settings.
• Server logs: Retained for 30 days for debugging and security purposes, then automatically purged.

Peptide Contacts is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information as quickly as possible.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately so we can delete the data.

Your data is stored in the United States. If you are accessing the platform from outside the United States, your data will be transferred to and processed in the United States. By using the platform, you consent to this transfer.

For EEA/UK users, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission, where applicable, to ensure adequate protection for international data transfers. Our service providers (Supabase, Vercel, Google) maintain their own compliance frameworks for international data transfers.

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Notify registered users via email at least 14 days before changes take effect
• Display a prominent in-app notice for 30 days

We encourage you to review this page periodically. Your continued use of the platform after changes take effect constitutes acceptance of the revised policy.

For privacy-related questions, data access requests, or to exercise any of your rights under this policy, contact us through the messaging system on the platform or at the contact information provided on the site.

We aim to respond to all privacy requests within 30 days. For urgent concerns (suspected data breach, unauthorized access), flag your message as "URGENT" and we will prioritize your request.