P
PeptideGuide

Privacy Policy

Last updated: April 2025

1. Who we are

PeptideGuide UK (“we”, “us”, “our”) operates the website at peptideguide.uk. We are the data controller for the personal data you provide to us. If you have questions about this policy or your data, please contact us at [email protected].

2. What data we collect

We collect the following categories of personal data:

  • Account data: email address, username, and password hash when you create an account.
  • Newsletter data: email address and subscription preferences when you sign up for our newsletter.
  • Payment data: billing name and payment method. Card details are processed by Stripe and are never stored on our servers.
  • Usage data: pages visited, features used, and interaction data collected via analytics tools to improve the service.
  • Technical data: IP address, browser type, device type, and referring URL, collected automatically via server logs and cookies.
  • Communications: messages you send us via email or contact forms.

3. How we use your data

We use your data to:

  • Provide and maintain the PeptideGuide UK service
  • Process payments and manage your membership
  • Send you the newsletter and transactional emails (e.g. receipts, password resets)
  • Improve and personalise the service using aggregated analytics
  • Comply with legal obligations, including fraud prevention and tax reporting
  • Respond to your enquiries and support requests

Our legal bases under UK GDPR are: contract performance (account and payment processing), legitimate interests (analytics and security), consent (newsletter), and legal obligation (tax and fraud compliance).

4. Cookies

We use essential cookies required for the site to function (session management, authentication). We also use analytics cookies to understand how visitors use the site. You can disable non-essential cookies via your browser settings; this will not prevent you from using the site but may affect some features.

5. Third parties

We share data with the following third-party services:

  • Stripe: payment processing. Stripe is PCI-DSS compliant. Their privacy policy is available at stripe.com/privacy.
  • Email service provider: for sending newsletters and transactional emails. We use a provider that does not sell your data.
  • Analytics provider: we use privacy-first analytics that do not use third-party cookies or cross-site tracking.

We do not sell, rent, or trade your personal data to any third party.

6. Data retention

We retain account data for as long as your account is active and for up to 2 years after account deletion for legal and fraud-prevention purposes. Newsletter subscriber data is retained until you unsubscribe. Payment records are retained for 7 years as required by UK tax law.

7. Your rights

Under UK GDPR you have the right to:

  • Access a copy of your personal data
  • Correct inaccurate or incomplete data
  • Request erasure of your data (“right to be forgotten”)
  • Restrict or object to processing
  • Data portability (receive your data in a machine-readable format)
  • Withdraw consent at any time (e.g. unsubscribe from the newsletter)

To exercise any of these rights, email [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the ICO (ico.org.uk).

8. Changes to this policy

We may update this policy from time to time. We will notify registered users of material changes by email. The “last updated” date at the top of this page indicates when the policy was last revised. Continued use of the site after changes constitutes acceptance of the revised policy.