Privacy Policy — PeptiLux

Introduction

PeptiLux ("we", "us", "our") is committed to protecting the personal data of everyone who visits or purchases from our website at peptilux.eu. This Privacy Policy explains what data we collect, how we use it, and the rights you have under the General Data Protection Regulation (GDPR) and applicable European data protection law.

By using our website or placing an order, you acknowledge that you have read and understood this policy. If you have questions, contact us at support@peptilux.eu.

Data We Collect

We collect only the data necessary to operate our service. The table below summarises what we collect and why.

Data	Purpose	Legal basis
Name, email address	Account creation, order confirmation emails, customer support	Contract performance
Shipping address, phone number	Order fulfilment and delivery	Contract performance
Crypto payment reference (wallet address, invoice ID)	Payment processing and order verification via Apirone	Contract performance
Order history, product selections	Account management, repeat purchase facilitation	Contract performance / Legitimate interest
Anonymous page views, click events	Website analytics to improve user experience (Umami)	Legitimate interest (no personal identifiers stored)
IP address (transient, server logs)	Security, fraud prevention, server error diagnosis	Legitimate interest

We do not collect, store, or process payment card numbers. All crypto payment processing is handled by Apirone, a third-party payment processor. We receive only a confirmation status and a payment reference — no private wallet keys or sensitive financial credentials.

How We Use Your Data

Your personal data is used exclusively for the following purposes:

Processing and fulfilling your research compound orders
Sending order confirmation and shipping notification emails via Resend
Providing customer support and responding to enquiries
Complying with legal obligations (e.g., record-keeping for tax and regulatory purposes)
Detecting and preventing fraud or abuse of our platform
Improving our website through aggregated, anonymous analytics

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

Third-Party Services

We use a small number of trusted third-party services to operate PeptiLux. Each processes data only to the extent necessary for their service:

Apirone — crypto payment processing. Your payment address and invoice status are processed by Apirone. Their privacy policy applies to data processed on their platform.
Resend — transactional email delivery. Your name and email address are passed to Resend solely to deliver order confirmation and shipping emails.
Umami Analytics — anonymous, cookie-free website analytics hosted on our own infrastructure. No personal identifiers, no cross-site tracking, no data shared with third parties.
Hetzner / VPS hosting — our backend server and database are hosted on a dedicated server within the European Economic Area (EEA).

No data is transferred outside the EEA except where a third-party service requires it, in which case adequate safeguards (Standard Contractual Clauses or equivalent) are in place.

Cookies

PeptiLux uses only essential cookies required for the website to function — specifically, an authentication session token stored in your browser when you log in to your account. We do not use advertising cookies or third-party tracking cookies.

Our analytics are powered by Umami, which operates in a cookie-free mode by default and does not track you across sites. For full details, see our Cookie Policy.

Data Retention

We retain your personal data for as long as necessary to fulfil the purposes described in this policy:

Account data — retained for the lifetime of your account. You may request deletion at any time.
Order records — retained for a minimum of 7 years to comply with tax and accounting obligations.
Email communications — retained for up to 2 years for customer support continuity.
Server logs — automatically purged after 30 days.
Analytics data — anonymous and aggregated; no retention limit applies as no personal data is stored.

Your Rights Under GDPR

If you are located in the European Economic Area, you have the following rights regarding your personal data:

Right of Access Request a copy of the personal data we hold about you.

Right to Rectification Ask us to correct inaccurate or incomplete data.

Right to Erasure Request deletion of your data, subject to legal retention obligations.

Right to Restriction Ask us to limit processing of your data in certain circumstances.

Right to Portability Receive your data in a structured, machine-readable format.

Right to Object Object to processing based on legitimate interests.

To exercise any of these rights, email us at support@peptilux.eu with the subject line "GDPR Request". We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include encrypted connections (TLS/HTTPS), password hashing, access controls, and regular security reviews. No method of transmission over the internet is 100% secure; if you have concerns about the security of your data, contact us immediately.

Children's Privacy

Our website and products are strictly intended for adults aged 18 and over. We do not knowingly collect personal data from individuals under 18. If we become aware that a minor has provided personal data, we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Where changes are material, we will notify registered customers by email.

Contact

For any privacy-related questions or requests, please contact us at support@peptilux.eu.