Peptidology

Legal

Privacy Policy

Last updated June 7, 2026

This Privacy Policy explains how Peptidology (“Peptidology,” “we,” “us,” or “our”) collects, uses, discloses, transfers, retains, and protects personal information when you use the website at https://peptidology.io and related services (the “Service”), and describes your rights and choices. This Policy is designed to address privacy laws worldwide, including the EU General Data Protection Regulation (“GDPR”), the UK GDPR and Data Protection Act, the California Consumer Privacy Act as amended by the CPRA (“CCPA/CPRA”), and other applicable laws. By using the Service, you acknowledge this Policy.

1. Controller and contact

For the purposes of the GDPR and similar laws, Peptidology is the “controller” of your personal information. You can reach us at privacy@peptidology.io, [Registered business address]. If we are required to designate an EU or UK representative, their details are: [EU representative, if appointed under GDPR Art. 27]; [UK representative, if appointed under UK GDPR].

2. Information we collect

Information you provide

  • Account data: when you sign in with Google or a one-time email link, we receive and store your email address, display name, and avatar (if provided). Authentication is handled by our processor, Supabase.
  • Community data: questions, answers, comments, votes, reputation, and related metadata. Published community content is public and displayed with your display name.
  • Communications: if you subscribe to our newsletter or opt into notifications, we store your email and preferences; if you contact us, we keep the content of your message.

Information collected automatically

  • Usage and device data: with your consent (where required), we collect analytics such as pages viewed, approximate location derived from IP, browser and device type, referring pages, and interactions.
  • Log and security data: our hosting provider (Vercel) and infrastructure process IP addresses and request logs to deliver, secure, and troubleshoot the Service. This processing is necessary for operation and security.
  • Cookies and similar technologies: see our Cookie Policy. Strictly necessary cookies (your authentication session and your consent choice) are always active; analytics cookies load only with consent.

We do not intentionally collect special-category/sensitive data and ask that you not submit it. We do not knowingly collect data from anyone under 18.

3. How we use information and legal bases

We use personal information to operate the Service and, under the GDPR, rely on the following legal bases:

  • Performance of a contract (GDPR Art. 6(1)(b)): to create and manage your account, provide community features, and respond to you.
  • Legitimate interests (Art. 6(1)(f)): to secure and improve the Service, prevent abuse and fraud, moderate content, and maintain logs — balanced against your rights.
  • Consent (Art. 6(1)(a)): for analytics cookies and marketing emails. You may withdraw consent at any time without affecting prior processing.
  • Legal obligation (Art. 6(1)(c)): to comply with applicable law and respond to lawful requests.

4. How we disclose information

We do not sell your personal information for money. We disclose it to:

  • Service providers (processors) who process data on our behalf under contract, including Supabase (database, authentication), Vercel (hosting), Resend (email delivery), and, subject to consent, PostHog and Google Analytics (analytics).
  • Public display: community content you publish is visible to others alongside your display name.
  • Legal and safety: to comply with law, enforce our terms, or protect the rights, property, or safety of Peptidology, our users, or the public.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.

5. International data transfers

We operate globally and may process and store personal information in countries other than your own, including the United States, which may not provide the same level of protection as your jurisdiction. Where we transfer personal data out of the EEA, the UK, or Switzerland, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (and the UK International Data Transfer Addendum), or other lawful transfer mechanisms. You may request more information or a copy of the relevant safeguards using the contact details above.

6. Data retention

We retain personal information for as long as necessary to provide the Service and for legitimate and lawful purposes, such as complying with legal obligations, resolving disputes, and enforcing agreements. Account and community data are retained while your account is active; when you delete your account, we delete or anonymize personal data within a reasonable period, except where retention is required by law or for legitimate interests (e.g., security logs, moderation records). Published community content may be retained in anonymized form to preserve thread integrity.

7. Security

We implement technical and organizational measures designed to protect personal information, including access controls, encryption in transit, and row-level security in our database. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Your rights (EEA, UK, Switzerland)

Subject to applicable law, you have the right to: access your personal data; rectify inaccurate data; erase data (“right to be forgotten”); restrict or object to processing (including profiling and processing based on legitimate interests); data portability; and withdraw consent at any time. You also have the right to lodge a complaint with your local supervisory authority (data protection authority). To exercise these rights, contact privacy@peptidology.io. We will respond within the time required by law and may need to verify your identity.

9. Your rights (California — CCPA/CPRA)

California residents have the right to: know and access the categories and specific pieces of personal information we collect, use, and disclose; delete personal information; correct inaccurate personal information; and opt out of the “sale” or “sharing” of personal information and limit the use of sensitive personal information. We do not sell your personal information and do not “share” it for cross-context behavioral advertising as those terms are defined under the CPRA. We will not discriminate against you for exercising your rights. You may submit a request via privacy@peptidology.io, and you may use an authorized agent to submit requests on your behalf. We will verify requests as required by law.

10. Your rights (other U.S. states)

Residents of states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and others) may have rights to access, correct, delete, and obtain a portable copy of personal data, and to opt out of targeted advertising, sale, and certain profiling. We extend these rights consistent with applicable law; contact us to exercise them.

11. Your rights (other jurisdictions)

Depending on where you live, you may have additional rights under laws such as Canada’s PIPEDA, Brazil’s LGPD, Australia’s Privacy Act, and others. We honor applicable rights to access, correct, and delete your personal information; contact us using the details above.

12. Cookies and consent management

On your first visit, a banner lets you accept or reject non-essential (analytics) cookies. If you decline, no analytics scripts load. You can change your choice at any time by clearing this site’s cookies, which will cause the banner to reappear. See the Cookie Policy for details and categories.

13. Automated decision-making

We do not engage in automated decision-making that produces legal or similarly significant effects about you. Reputation and content ordering are based on simple, transparent community signals (votes and accepted answers).

14. “Do Not Track” and Global Privacy Control

Because no common industry standard for “Do Not Track” signals exists, we do not respond to them. Where required by law, we honor recognized opt-out preference signals such as the Global Privacy Control (GPC).

15. Children’s privacy

The Service is intended only for adults (18+) and is not directed to children. We do not knowingly collect personal information from individuals under 18 (or under the age of digital consent in their jurisdiction). If you believe a minor has provided us personal information, contact us and we will delete it.

16. Third-party links

The Service links to third-party sites and resources that we do not control. This Policy does not apply to those sites; review their privacy policies separately.

17. Changes to this Policy

We may update this Policy from time to time. The “Last updated” date reflects the latest revision, and material changes will be highlighted by updating that date and, where appropriate, by additional notice. Your continued use after changes become effective constitutes acceptance.

18. Contact

For privacy questions or to exercise your rights, contact us at privacy@peptidology.io, [Registered business address].