Skip to content
Home

Privacy Policy

Last updated: April 11, 2026

PepAssure (“we”, “our”, or “us”) is committed to protecting your privacy. This policy explains what information we collect, how we use it, and your rights.

1. Information We Collect

Account information: When you create an account, we collect your email address and any optional profile information you provide (display name, vendor details, etc.).

Vendor claims: If you claim a vendor listing, we collect the vendor name, website URL, contact email, and any supporting documentation (COAs, lab reports).

Usage data: We log basic analytics such as page views, referrers, and device type. We do not use fingerprinting or cross-site tracking.

Payment data: Subscription payments are processed by Stripe. We never store your full card details on our servers — only the last 4 digits and expiry for display purposes.

2. How We Use Your Data

  • Authenticate you and provide access to the dashboard, account, and admin features
  • Verify vendor claims and generate Peptide Verification Scores
  • Send transactional emails (account notifications, COA status, billing)
  • Send product updates if you've opted in via your account notification preferences
  • Diagnose bugs and improve the platform
  • Prevent abuse, spam, and fraudulent activity

3. Data Sharing

We do not sell your personal data. We share data only with:

  • Service providers: Supabase (authentication + database), Stripe (payments), Vercel (hosting)
  • Legal compliance: When required by law, court order, or to prevent harm
  • Aggregated analytics: Non-personally-identifiable aggregate data may be published in industry reports

4. Public Information

Vendor listings, PVS scores, and submitted reviews are public by design — that's how the platform provides value to researchers. When you claim a vendor listing, the vendor name, website, and score breakdown become part of the public vendor directory. Your personal account email is never displayed publicly.

5. Your Rights

You can at any time:

  • Access and export your account data from your account settings
  • Update or correct your profile information
  • Delete your account (permanently removes all personal data)
  • Opt out of marketing emails via notification preferences
  • Request a copy of any data we hold about you by emailing privacy@pepassure.com

6. Cookies

We use essential cookies for authentication sessions. We do not use third-party advertising cookies, tracking pixels, or analytics cookies that identify you personally. Your browser settings can block cookies, but this will prevent you from signing in.

7. Data Retention

Account data is retained while your account is active. If you delete your account, personal data is removed within 30 days except where retention is required by law (e.g., financial records). Public vendor data and aggregated analytics remain on the platform.

8. Security

We use industry-standard security practices: encrypted connections (TLS), encrypted storage, row-level security on the database, and scoped access tokens. No system is 100% secure — if we detect a breach that affects your data, we will notify you promptly.

9. International Users

PepAssure is operated from the United States. By using our service, you consent to the transfer of your data to the US. We comply with GDPR for EU users and provide the data-access and deletion rights required by applicable laws.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be announced via email to account holders and highlighted at the top of this page. Continued use of the platform after changes constitutes acceptance of the updated policy.

Contact

Questions about this policy? Email privacy@pepassure.com or use our contact form.