Skip to content

Free US shipping over $500

Privacy Policy

This policy explains what information we collect, how we use it, who we share it with, and the choices you have.

Last updated April 24, 2026

Summary

  • We collect only what we need to ship orders and run the site.
  • We never sell your information.
  • We use a small number of trusted service providers to operate the site, all bound by data-processing agreements.
  • Analytics and non-essential cookies are strictly opt-in — you choose in the consent banner the first time you visit.
  • You can request a copy of your data or have it deleted at any time.

Information we collect

You give us

  • Account — name, email, and password hash (we never see your plaintext password).
  • Orders — shipping address, items purchased, order notes.
  • Support — anything you send us through the contact form or by email.

Collected automatically

  • Usage — pages viewed, product clicks, aggregate session data. Used to improve the site.
  • Device — browser type, OS, approximate location derived from IP (city-level, not precise).
  • Cookies— see the dedicated section below. We don't run third-party ad trackers or build cross-site ad profiles.

Cookies

We use a small, named set of cookies. Nothing is set for advertising purposes. The consent banner on your first visit is where you control the optional ones.

Strictly necessary (always on)

  • pxm_age_gate_accepted— records that you confirmed you are 21+ and accepted the research-use-only terms. Stored for one year so you aren't prompted on every visit. Without it the site is unusable, so this one cannot be declined.
  • Session / authentication cookies — keep you signed in. Expire when you log out or after a period of inactivity.
  • Cart cookie — so the items in your cart persist between visits. Holds product IDs and quantities only, no personal data.
  • Attribution cookie — a first-party record of the referral source (e.g. the campaign link you clicked to arrive) so we can credit partners and diagnose broken funnels. First-party only, never shared with ad networks.

Optional (opt-in via the consent banner)

  • pxm_cookie_consent— remembers your Accept / Reject choice from the banner so we don't ask again for a year. Set regardless of which option you pick (even “Reject”), so it counts as strictly necessary once a choice exists.
  • Analytics — aggregated, anonymized page-view metrics. Loaded onlyif you click “Accept,” and reports are never tied to your account or order history.

You can change your mind any time by clearing the pxm_cookie_consent cookie in your browser — the banner will reappear on your next visit.

How we use it

  • Process and ship orders, provide COAs, answer support requests.
  • Send transactional email (order confirmation, shipping, cart recovery) and — if you opt in — the newsletter.
  • Detect fraud and abuse.
  • Improve the product catalog and site experience. Analytics is aggregated — we don't build individual ad profiles.

Who we share it with

We share only what is necessary for a specific service, and only with providers bound by data-processing agreements:

  • Payment processors— to charge your selected payment method. Card details are entered directly on the processor's PCI-compliant page; we never see or store your full card number. For alternative checkout methods, only your order number, total, and shipping address are shared.
  • Email delivery provider — to send order confirmations, shipping updates, and (if you opt in) the newsletter.
  • Hosting and infrastructure providers — to operate the site, store the database, authenticate logins, and serve the opt-in anonymized analytics described above.
  • Shipping carriers (USPS, UPS, DHL) — to deliver your order.

We will also disclose information if compelled by lawful process, but we will push back on overbroad requests and notify you where legally permitted.

Retention

Order records are retained for seven years to comply with tax and consumer-protection law. Support correspondence is retained for three years. If you delete your account, we anonymize personal identifiers against those records rather than deleting the financial history outright.

Your choices

  • Access / export — email peptidexm@gmail.com and we will send you a copy of your data within 30 days.
  • Correction — update your account details at any time from your profile.
  • Deletion— ask us to delete your account; we'll remove what we can and anonymize the rest.
  • Marketing opt-out — every newsletter includes a one-click unsubscribe.

Regional rights

If you are in California, the EEA, or the UK, you have additional rights under the CCPA, GDPR, and UK GDPR — including the right to object to processing, the right to data portability, and the right to lodge a complaint with your supervisory authority. To exercise any of these rights, email us and reference the right you're invoking.

Children

PeptideXM is intended for qualified researchers over 21 years of age. We do not knowingly collect information from anyone under 21. If you believe a minor has submitted information, email us and we'll delete it.

Security

We use HTTPS everywhere, hash passwords with bcrypt, restrict database access with row-level security, and limit production access on a need-to-know basis. No system is perfectly secure — if we ever suffer a breach affecting your data, we'll notify you promptly per applicable law.

Changes

We may update this policy from time to time. Material changes will be announced by email and by a notice on the site at least 30 days before taking effect.

Contact

Questions about this policy? Email peptidexm@gmail.com.