Skip to main content
PEPTIDE / PORTAL

Legal

Privacy Policy

Effective Date: May 8, 2026 | Last Updated: May 8, 2026

1. Introduction

Peptide Portal (“we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services (collectively, the “Services”).

This policy applies to all users worldwide and addresses requirements under the General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and other applicable privacy laws including those in Delaware, Virginia, Colorado, Connecticut, and other U.S. states with comprehensive privacy legislation.

By using our Services, you consent to the data practices described in this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

2. Data Controller

Peptide Portal is the data controller responsible for your personal data. If you have questions about this Privacy Policy or our data practices, you may contact us at:

Peptide Portal
Email: privacy@peptideportal.com

3. Information We Collect

3.1 Information You Provide Directly

We collect information you voluntarily provide when using our Services:

  • Account Information: Email address, password, display name, and optional broad location information when you create or complete an account
  • Research Access Setup: Your research-only acknowledgement, age and terms confirmation timestamps, broad professional context, comparison scope, and selected platform goals
  • User-Generated Content: Reviews, ratings, protocols, and comments you submit to the platform
  • Saved Preferences: Peptides you save or bookmark for your research
  • Communications: Information you provide when contacting us for support or inquiries

3.2 Information Collected Automatically

When you access our Services, we may automatically collect certain information:

  • Device Information: Browser type, operating system, device identifiers, and screen resolution
  • Log Data: IP address, access times, pages viewed, referring URL, and actions taken on the Services
  • Location Data: General geographic location based on IP address (country and region level only)

3.3 Cookies and Similar Technologies

We use cookies and similar tracking technologies to collect and store information. These include:

  • Essential Cookies: Required for basic functionality, including authentication and session management
  • Local Storage: Used to store interface preferences when implemented
  • Analytics Cookies: Help us understand how visitors interact with our Services (if implemented)

You can control cookies through your browser settings. Note that disabling certain cookies may limit functionality of the Services.

3.4 Information from Third Parties

We may receive information from third-party authentication providers if you choose to sign in using a social or enterprise login (such as Google or other OAuth providers). This typically includes your name, email address, and profile picture as permitted by your settings with that provider.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and Maintain Services: To operate, maintain, and improve the Services, including creating and managing your account
  • Personalization: To remember your preferences, saved items, and provide a personalized experience
  • Communication: To respond to your inquiries, send service-related notices, and provide customer support
  • Security: To detect, prevent, and address fraud, unauthorized access, and other illegal activities
  • Analytics: To analyze usage patterns and improve our Services
  • Legal Compliance: To comply with legal obligations and respond to lawful requests from authorities
  • Enforce Terms: To enforce our Terms of Service and other policies

5. Legal Bases for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the Services you requested, including account creation and management
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving the Services, ensuring security, and preventing fraud, where these interests are not overridden by your rights
  • Consent: Processing based on your explicit consent, which you may withdraw at any time
  • Legal Obligation: Processing necessary to comply with applicable laws and regulations

6. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: With third-party vendors who perform services on our behalf (e.g., hosting, authentication, analytics), subject to confidentiality obligations
  • Public Content:User-generated content such as reviews and protocols may be visible to other users as part of the Services' functionality
  • Legal Requirements: When required by law, subpoena, court order, or governmental request
  • Protection of Rights: To protect our rights, privacy, safety, or property, or that of our users or the public
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, where your information may be transferred as a business asset
  • With Your Consent: When you have given explicit consent to share information for a specific purpose

Current Service Providers: We use Supabase for authentication and database services. Supabase processes data in accordance with their privacy policy and applicable data protection agreements.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

  • Account Data: Retained while your account is active, plus up to 30 days after account deletion request to complete the deletion process
  • User-Generated Content: Reviews and protocols are retained until you delete them or request account deletion. Note that some content may be retained in anonymized form for platform integrity
  • Log Data: Retained for up to 12 months for security and analytics purposes
  • Research Access Setup: Retained while your account is active, plus up to 30 days after account deletion request
  • Support Communications: Retained for up to 3 years after resolution for quality assurance and legal purposes

We may retain certain data longer if required by law or to resolve disputes and enforce agreements.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from your jurisdiction.

When we transfer personal data from the EEA, UK, or Switzerland to other countries, we implement appropriate safeguards such as:

  • Standard Contractual Clauses approved by the European Commission
  • Data processing agreements with service providers that include adequate data protection commitments
  • Transfers to countries recognized as providing adequate protection

9. Your Privacy Rights

9.1 All Users

Regardless of your location, you have the right to:

  • Access your personal data we hold about you
  • Correct inaccurate or incomplete personal data
  • Delete your account and associated personal data
  • Withdraw consent for processing based on consent at any time
  • Object to processing of your personal data in certain circumstances

9.2 European Users (GDPR)

If you are in the EEA or UK, you additionally have the right to:

  • Data Portability: Receive your personal data in a structured, commonly used, machine-readable format
  • Restriction: Request restriction of processing under certain conditions
  • Object to Profiling: Object to automated decision-making and profiling
  • Lodge a Complaint: File a complaint with your local data protection authority

9.3 California Residents (CCPA/CPRA)

California residents have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, purposes, and third parties with whom we share it
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out of Sale/Sharing: We do not sell personal information. If we share personal information for cross-context behavioral advertising, you have the right to opt out
  • Right to Limit Use of Sensitive Personal Information: Request that we limit our use of sensitive personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

We honor Global Privacy Control (GPC) signals as a valid opt-out request. When we detect a GPC signal, we will treat it as a request to opt out of the sale or sharing of your personal information for that browser or device.

9.4 Other U.S. State Privacy Laws

Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws have similar rights to access, correct, delete, and opt out of certain processing. We apply these rights consistently to all U.S. users who request them.

9.5 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@peptideportal.com. We will respond to verifiable requests within the timeframes required by applicable law (generally within 30-45 days). You may designate an authorized agent to make a request on your behalf.

We may need to verify your identity before processing your request. We will not charge a fee for processing your request unless it is manifestly unfounded or excessive.

10. California-Specific Disclosures

The following disclosures are provided pursuant to California law:

Categories of Personal Information Collected

  • Identifiers (email address, display name, IP address, device identifiers)
  • Internet or electronic network activity (browsing history, interactions with the Services)
  • Professional information (broad professional context and research workflow selections)
  • Inferences drawn from the above categories

Sale or Sharing of Personal Information

We do not sell personal information as defined under the CCPA/CPRA. We do not share personal information for cross-context behavioral advertising purposes.

Sensitive Personal Information

We do not intentionally collect sensitive personal information as defined under the CPRA (such as Social Security numbers, precise geolocation, racial/ethnic origin, health information, etc.). If you provide such information voluntarily in user-generated content, you do so at your own discretion.

Financial Incentives

We do not offer financial incentives for providing personal information.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS/SSL protocols
  • Encryption of data at rest
  • Secure authentication mechanisms
  • Regular security assessments and monitoring
  • Access controls limiting data access to authorized personnel
  • Incident response procedures

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.

12. Children's Privacy

The Services are intended for professional and adult users and are not directed at children under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

If you believe we have inadvertently collected information from a child under 18, please contact us immediately at privacy@peptideportal.com.

13. Do Not Track Signals

We honor Global Privacy Control (GPC) signals as valid opt-out requests under applicable law. With respect to older “Do Not Track” (DNT) browser signals, there is currently no industry consensus on how to respond to DNT signals; therefore, we do not currently respond to DNT signals. We will update this policy if a standard for responding to DNT signals is established.

14. Third-Party Websites and Services

The Services may contain links to third-party websites, including vendor websites, research publications, and other external resources. This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

We are not responsible for the privacy practices, content, or security of third-party websites or services.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will update the “Last Updated” date at the top of this policy when changes are made.

For material changes, we will provide notice through the Services or by other means (such as email, if you have provided one) before the changes take effect. We encourage you to review this Privacy Policy periodically.

Your continued use of the Services after any modifications to this Privacy Policy constitutes your acceptance of the revised policy.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Peptide Portal
Email: privacy@peptideportal.com
For legal inquiries: legal@peptideportal.com

For EEA/UK residents: You have the right to lodge a complaint with your local supervisory authority if you believe your data protection rights have been violated.

Back to portalTerms of Service