MyPepInfo Educational Reference

Privacy Policy

Last updated: May 5, 2026

1. Who we are

MyPepInfo (the “Site”) is an educational reference resource on peptide research, intended for licensed clinicians, researchers, and the general public. We do not provide medical advice, sell products, or operate as a healthcare provider. This Privacy Policy explains what limited information the Site collects when you use it.

2. Information we collect

We collect only the information you voluntarily provide and a minimal amount of technical data necessary to operate the Site:

  • Contact form submissions: name, email address, subject category, and message. Submitted via the contact page when you choose to send us a message.
  • Server logs: standard web-server logs (IP address, user agent, requested URL, timestamp) retained for up to 30 days for security, abuse prevention, and traffic diagnostics. We hash IP addresses for rate-limit counters before storing them in cache.
  • Functional cookies: a session cookie set only when you sign in to the Site administration area. Public visitors do not receive a session cookie.

The Site does not run third-party analytics, advertising trackers, social-share pixels, or fingerprinting libraries. We do not collect health information, financial information, or precise geolocation.

3. How we use this information

  • To respond to your contact-form inquiry.
  • To detect and prevent abuse (rate limiting, brute-force login protection).
  • To diagnose technical issues with the Site.

We do not use your information for marketing, profiling, or automated decision-making.

4. How long we keep it

  • Contact form submissions: up to 90 days, then deleted unless required to resolve an open inquiry.
  • Server logs: up to 30 days.
  • Rate-limit cache entries: minutes to one day, depending on counter type.

5. Third parties who process data on our behalf

We use the following service providers, each of which processes data only for the Site’s operation:

  • Cloudflare, Inc. – DNS, content delivery, and web application firewall. May process IP addresses and request metadata as a transit provider.
  • Akamai (Linode) LLC – server hosting in the United States.
  • Email delivery provider – used to relay transactional email arising from a contact form submission. The provider receives the message body, sender name, and email address. The chosen provider name is published in this section once configured.

We do not sell, rent, or share your personal information with third parties for advertising or any other commercial purpose.

6. Your rights

Depending on where you live, you may have the following rights regarding your personal information:

California (CCPA / CPRA)

  • Right to know what personal information we collect, use, disclose, and retain.
  • Right to request deletion of your personal information.
  • Right to correct inaccurate personal information.
  • Right to opt out of the sale or sharing of personal information. We do not sell or share personal information.
  • Right to limit use of sensitive personal information. We do not collect sensitive personal information.
  • Right to non-discrimination for exercising these rights.

Other U.S. states

Residents of Virginia, Colorado, Connecticut, Utah, and other states with consumer-privacy statutes have parallel rights of access, correction, deletion, and portability. The mechanism to exercise them is the same.

European Economic Area / United Kingdom (GDPR / UK GDPR)

  • Right of access to your personal data.
  • Right to rectification.
  • Right to erasure (“right to be forgotten”).
  • Right to data portability.
  • Right to restrict or object to processing.
  • Right to lodge a complaint with your local supervisory authority.

7. How to exercise your rights

Send your request to [email protected] with the subject line “Privacy request”. Please include enough detail for us to verify your identity (typically the email address you used when contacting us). We will acknowledge your request within ten business days and respond substantively within forty-five days, as required by the California Consumer Privacy Act, with one possible forty-five-day extension where reasonably necessary.

You may designate an authorized agent to act on your behalf. We may ask the agent for proof of authorization.

8. Children

The Site is intended for adults. We do not knowingly collect personal information from anyone under sixteen. If you believe a minor has submitted information, please contact us so we can delete it.

9. Security

We use HTTPS site-wide, server-side hardening, and standard credential protection. No system is completely secure. If you become aware of a security issue, please email [email protected] with the subject line “Security disclosure”.

10. International transfers

The Site is hosted in the United States. If you access the Site from outside the U.S., your information will be transferred to and processed in the U.S., which may have different data-protection laws than your country.

11. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page reflects the most recent revision. Material changes will be announced with prominent notice on the homepage for at least thirty days.

12. Contact

Questions or requests regarding this Privacy Policy: [email protected].