Privacy Policy

1. Overview

This Privacy Policy describes how Peerless Peptides (“we,” “us,” or “our”) collects, uses, shares, and protects information when you visit peerlesspeptides.com, place an order, contact us, or otherwise interact with our services (collectively, the “Site”). This policy applies to all visitors and customers in the United States. We sell research chemicals exclusively for laboratory and in-vitro research purposes; not for human consumption.

By using the Site, you agree to the practices described below. If you do not agree with any part of this policy, please do not use the Site.

2. Information We Collect

We collect information in three ways: information you provide directly, information we collect automatically when you use the Site, and information collected through cookies and similar technologies.

Information you provide to us

• Order information. Your name, billing address, shipping address, email address, telephone number, and the products you order. Payment-card details are entered directly into our payment processor and are never stored on our servers; we receive only a tokenized identifier sufficient to associate the payment with your order.
• Researcher qualification. Date of birth (used to verify you are at least 21 years of age) and your stated research field, captured once per browser. Your attestation that you are a qualified researcher and that the products will be used solely for in-vitro research purposes is recorded with a timestamp at checkout.
• Communications. If you contact us by email or through any web form, we collect the content of your message, your email address, and any other information you choose to include.
• Newsletter sign-ups. If you subscribe to email updates, we collect your email address and the date you subscribed.

Information collected automatically

When you visit the Site we automatically collect certain technical information:

• IP address (truncated for analytics purposes)
• Browser type, version, and user-agent string
• Operating system and device type (mobile, tablet, desktop)
• Pages viewed, time spent on each page, and referrer URL
• Server logs (HTTP requests, response codes, timestamps) retained for security and abuse-prevention purposes

Cookies and similar technologies

We use a small number of cookies and similar technologies, organized into three categories:

• Strictly necessary. Required for core functionality such as your shopping cart, checkout session, and bot-protection challenges (Cloudflare Turnstile). These cannot be disabled without breaking parts of the Site.
• Analytics. We use Google Analytics 4 in cookieless mode (no _ga or _gid cookies are set on your device) and Microsoft Clarity for session-level UX research. Clarity may set a small number of cookies; we instruct Clarity to mask all input fields by default and to honor Global Privacy Control signals.
• Functional.Your interface preferences (for example, a remembered selection or recently-viewed product) may be stored in your browser’s local storage. This data does not leave your device.

We do not use advertising cookies and we do not run third-party retargeting pixels. Because we do not set cookies that require consent under U.S. or EU law (our analytics is cookieless or GPC-respecting, and the remaining cookies are strictly necessary for cart, checkout, and bot protection), we do not display a cookie-consent banner.

3. How We Use Your Information

• Order fulfillment. Processing your order, charging your payment method, arranging shipment with our fulfillment partner, and providing post-purchase support.
• Eligibility verification. Confirming you meet the age (21+) and research-use-only requirements that govern access to our products.
• Communication. Sending transactional emails (order confirmation, shipping updates, return authorization), responding to your inquiries, and, unless you opt out, sending occasional marketing emails or research-content updates.
• Site improvement. Analyzing aggregate visit patterns to fix UX issues, improve page performance, and prioritize content investments.
• Security and fraud prevention. Detecting and preventing fraudulent transactions, abuse of the Site, and threats to our infrastructure or customers.
• Legal compliance. Complying with applicable law, responding to lawful legal process (subpoena, court order, search warrant), and enforcing our Terms of Service.

We do not sell your personal information. We do not share your personal information with advertising platforms for cross-context behavioral advertising.

4. How We Share Your Information

We share personal information only in the following circumstances:

• Service providers. We engage third-party companies to perform business operations on our behalf (hosting, payment processing, fulfillment, analytics, email delivery, bot protection). These providers are contractually limited to using your information for the purpose for which we share it.
• Legal and compliance. We may disclose information to comply with applicable law, to respond to lawful legal process, to protect our rights and property, to investigate suspected fraud or security incidents, or to protect the safety of any person.
• Business transfers. If Peerless Peptides is involved in a merger, acquisition, asset sale, financing, or bankruptcy, your information may be transferred as part of that transaction. We will provide notice (for example, by email or via a prominent notice on the Site) before personal information becomes subject to a different privacy policy.
• With your consent. In any other case, we will share your information only with your explicit consent.

5. Third-Party Services We Use

For transparency, we describe the categories of third parties that may receive personal information as part of normal site operation. Each provider operates under its own privacy policy.

• Hosting and content delivery. Our hosting provider and content-delivery network receive request metadata (IP address, user-agent, URL) so the Site can be served and protected against abuse.
• Bot protection. Our bot-protection service receives request metadata and challenge tokens to distinguish human visitors from automated traffic at checkout and on form submissions.
• Analytics. We use Google Analytics 4 in cookieless mode and Microsoft Clarity for session-level UX research with input fields masked by default. Both receive page-view and session metadata; neither receives your contact information.
• Payment processing. The payment processor you select at checkout (credit- and debit-card processor, Cash App, or a cryptocurrency processor for Bitcoin Lightning Network payments) receives the information needed to complete the transaction. Cardholder data is submitted directly to the processor; we receive only a transaction token.
• Order management and fulfillment. Our e-commerce platform, fulfillment partner, and shipment-label provider receive your shipping address, order contents, and customer email in order to pick, pack, ship, and track your order.
• Email delivery. Our transactional and (with consent) marketing email provider receives recipient email addresses and message content to deliver the messages you opted in to receive.

We review each provider’s practices before integrating it and require contractual data-processing protections where applicable.

6. Data Retention

We retain personal information for as long as needed to provide our services and to satisfy our legal, accounting, and reporting obligations. Specific retention periods:

• Order and customer records: seven (7) years from the order date, consistent with sales-tax record-retention rules and accounting standards.
• Researcher attestation records: retained for the same period as the associated order records.
• Email communications: three (3) years from the last contact, or until you request deletion.
• Marketing email subscriptions: retained until you unsubscribe. We then keep a suppression record for two (2) years to honor your opt-out across future campaigns.
• Analytics data: Google Analytics data is retained for fourteen (14) months at the property level. Clarity session data is retained for one (1) year.
• Server logs: ninety (90) days, then aggregated or deleted.

When retention periods expire, we delete or anonymize the information so it can no longer be associated with you.

7. Security

We implement administrative, technical, and physical safeguards designed to protect your information against unauthorized access, loss, misuse, or alteration. These include:

• TLS 1.3 encryption for all data transmitted between your browser and our Site
• Encrypted storage of order records and customer data at rest
• Tokenized payment processing; we never store full credit-card numbers
• Access controls limiting employee and contractor access to personal information on a need-to-know basis
• Bot protection (Cloudflare Turnstile) at checkout and on account-creation forms
• Regular software patching of underlying platform components and dependencies

No method of internet transmission or electronic storage is one hundred percent secure. While we use commercially reasonable efforts to protect your information, we cannot guarantee absolute security.

8. Your Privacy Rights

Rights available to all U.S. residents

You may request the following at any time by contacting us at privacy@peerlesspeptides.com:

• Access— request a copy of the personal information we hold about you
• Correction— request that we correct inaccurate or incomplete information
• Deletion— request that we delete personal information we hold about you, subject to legal retention obligations
• Portability— receive a copy of your information in a portable, machine-readable format
• Opt-out of marketing communications— unsubscribe from marketing emails at any time using the link in any email

Additional rights for California residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

• The right to know the categories and specific pieces of personal information we have collected, the sources of that information, the business purposes for collection, and the categories of third parties with whom we share it
• The right to delete personal information, subject to legal exceptions
• The right to correct inaccurate personal information
• The right to opt out of the sale or sharing of personal information for cross-context behavioral advertising. We do not sell personal information and we do not share personal information for cross-context behavioral advertising.
• The right to limit the use of sensitive personal information. The only category of sensitive personal information we collect is your date of birth, used solely for age verification at checkout. We do not use it for any secondary purpose.
• The right to non-discrimination for exercising any of these rights

To submit a California Privacy Rights request, email privacy@peerlesspeptides.com with “California Privacy Request” in the subject line. We will verify your identity using information already in our records. You may designate an authorized agent to act on your behalf with appropriate written authorization.

Residents of other states

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Tennessee, Delaware, New Jersey, New Hampshire, Maryland, Minnesota, and other states with comprehensive privacy laws have similar access, correction, deletion, portability, and opt-out rights. Submit requests to the same email address.

Global Privacy Control (GPC)

We honor the Global Privacy Control browser signal. If your browser sends GPC, we treat it as a valid opt-out of the sale or sharing of personal information and as a request to limit the use of sensitive personal information. We also disable Microsoft Clarity session-recording for your visit and instruct Google Analytics to operate in fully cookieless mode.

Response timelines

We acknowledge requests within ten (10) business days and respond substantively within forty-five (45) days. We may extend the response period by an additional forty-five (45) days when reasonably necessary; we will notify you of the extension and the reason.

9. Marketing Communications

We offer marketing emails with news, offers, and research-content updates. The option to receive them is presented at checkout and is selected by default; you can clear it before placing your order if you prefer not to receive them. Every marketing email also contains an unsubscribe link, and you can opt out at any time using that link or by emailing privacy@peerlesspeptides.com. We do not send marketing emails to anyone who has opted out.

We do not currently send SMS marketing messages. If we add SMS in the future, opt-in will be explicit and you will be able to opt out by replying STOP, consistent with TCPA requirements.

10. Age Requirement

You must be at least twenty-one (21) years of age to register an account or place an order. We verify age via the date-of-birth attestation collected at checkout. Misrepresenting your age violates our Terms of Service and may result in order cancellation and account termination.

11. Children’s Privacy

The Site is not intended for any user under the age of twenty-one (21). Access and purchase are gated by the age and qualified- researcher attestation collected at checkout, and we do not knowingly transact with anyone younger. As an additional safeguard required by U.S. law, we do not knowingly collect personal information from anyone under the age of sixteen (16). If we learn that we have collected personal information from a child under sixteen without verified parental consent, we will delete it promptly. If you believe a child has provided us with personal information, please contact privacy@peerlesspeptides.com.

12. Do Not Track

Some browsers transmit a “Do Not Track” (DNT) signal. The DNT standard has not been finalized and we do not currently respond to DNT signals. We do honor the Global Privacy Control signal, as described in Section 8.

13. Third-Party Links

The Site may contain links to third-party websites such as PubMed, university faculty pages, or peer-reviewed research publications. We are not responsible for the privacy practices or content of these websites. We encourage you to review the privacy policy of each website you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you by email or via a notice on the Site before the changes take effect. Continued use of the Site after the effective date of the updated policy constitutes acceptance of the changes.