Privacy Policy

1. Introduction

PeptideVerify Ltd ("we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our peptide testing and verification services.

We are registered in England & Wales (Company No. 12345678) and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Important Note: PeptideVerify provides analytical testing services only. We do not endorse, sponsor, or have any affiliation with companies or products submitted for testing. Our role is strictly limited to providing independent analytical testing and verification.

2. Information We Collect

2.1 Account Information

• Name and company name
• Email address
• Phone number
• Billing and shipping address
• Password (encrypted)

2.2 Order and Sample Data

• Peptide sample information (expected peptide name, molecular weight, formula)
• Sample source and batch numbers
• Service type selected (HPLC, LC-MS, etc.)
• Order reference numbers and payment information
• Test results and analytical data

2.3 Technical Information

• IP address and browser information
• Cookies and session data
• Usage analytics and access logs
• Device and operating system information

2.4 Payment Information

Payment processing is handled by Stripe. We do not store full credit card details on our servers. Stripe's privacy policy can be found at https://stripe.com/privacy.

3. How We Use Your Information

We use your personal data for the following purposes:

• Service Delivery: Processing orders, conducting tests, generating certificates
• Communication: Sending order confirmations, test results, and service updates
• Payment Processing: Managing payments and invoicing through Stripe
• Quality Assurance: Maintaining test records and quality standards
• Legal Compliance: Meeting regulatory requirements and legal obligations
• Service Improvement: Analyzing usage patterns to improve our platform
• Security: Protecting against fraud and unauthorized access

4. Legal Basis for Processing

Under UK GDPR, we process your data based on:

• Contract Performance: Processing data necessary to provide our testing services
• Legitimate Interests: Improving services, preventing fraud, and maintaining security
• Legal Obligation: Complying with laboratory standards and record-keeping requirements
• Consent: Marketing communications (where you have opted in)

5. Data Sharing and Third Parties

As a bridging service connecting clients with testing laboratories, we may share your data with:

• GLP-Compliant Laboratory Partners: Independent labs that conduct peptide testing on our behalf (under strict confidentiality agreements)
• Payment Processors: Stripe for secure payment processing
• Email Service Providers: For sending order confirmations and notifications
• Cloud Hosting: Secure servers for data storage and platform hosting
• Legal Authorities: When required by law or to protect our rights

We never sell your personal data to third parties.

6. Data Retention

We retain your data for the following periods:

• Account Data: Until account deletion or 3 years of inactivity
• Order Records: 7 years (for regulatory compliance)
• Test Results: 7 years (for quality assurance and traceability)
• Certificates: Indefinitely (for public verification)
• Payment Records: 7 years (for tax and accounting purposes)

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (subject to legal obligations)
• Right to Restriction: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Opt out of marketing communications at any time

To exercise any of these rights, contact us at privacy@peptideverify.co.uk.

8. Cookies and Tracking

We use cookies to:

• Maintain your login session
• Remember your preferences (theme, language)
• Analyze website usage and performance
• Prevent fraudulent activity

You can control cookies through your browser settings. Disabling cookies may affect platform functionality.

9. Data Security

We implement industry-standard security measures including:

• SSL/TLS encryption for data transmission
• Encrypted password storage (bcrypt hashing)
• Regular security audits and penetration testing
• Access controls and authentication mechanisms
• Secure database hosting with regular backups
• Employee confidentiality agreements

10. International Data Transfers

Your data is primarily stored in the United Kingdom. If we transfer data internationally, we ensure adequate safeguards are in place, including:

• EU Standard Contractual Clauses
• Adequacy decisions by the UK government
• Appropriate technical and organizational measures

11. Children's Privacy

Our services are intended for research professionals and businesses. We do not knowingly collect data from individuals under 18 years of age.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through our platform. The "Last Updated" date at the top of this page indicates when the policy was last revised.

13. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

14. Complaints

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):