EULAPrivacy Policy
Peptagen Biosciences

Legal

Privacy Policy

Effective date: May 26, 2026

This Privacy Policy explains how Peptagen Biosciences (“Peptagen”, “we”, “us”, “our”) collects, uses, shares, and protects information when you visit our website, request access to our platform, or use our online ordering services (collectively, the “Services”).

Our Services are designed for business customers (healthcare professionals, clinics, and similar organizations) and are not directed to consumers. If you are using the Services on behalf of an organization, you confirm that you have authority to accept this Privacy Policy on its behalf.

1. Information We Collect

1.1 Information you provide

  • Account & contact information — name, email address, phone number, job title, and password (stored as a salted hash, never in plaintext).
  • Business information — company name, business type, EIN/TIN, authorized signatory, license type, and business and shipping addresses.
  • Compliance documents — uploaded copies of professional licenses, insurance certificates, and non-circumvention / non-disclosure agreements (NCNDA).
  • Order & transaction information — products ordered, quantities, purchase order numbers, invoices, and shipping and delivery records.
  • Payment information — payment method details (such as card or bank account information) submitted to our third-party payment processor (Intuit QuickBooks Payments). This information is collected and stored by the processor; we receive only a tokenized reference, payment status, and a masked identifier (such as the last four digits) and do not retain raw card numbers, full account numbers, or routing numbers in our systems.
  • Communications — the contents of messages you send us through the contact form, email, or in-app support.

1.2 Information we collect automatically

  • Technical information — IP address, browser type and version, device identifiers, language preferences, and pages viewed.
  • Usage information — actions taken in the platform (orders placed, documents uploaded, settings changed) along with timestamps and identifiers, used for troubleshooting, audit, and security.
  • Cookies and similar technologies — see Section 7.

1.3 Information from third parties

  • QuickBooks Online (Intuit)— if you (or one of our suppliers) connects a QuickBooks Online company to the Services, we receive customer, vendor, item, and invoice records from that company through Intuit’s OAuth-authorized APIs.
  • Identity, credential, and fraud-prevention checks — in some cases we may verify the documents you submit with public registries or licensing databases.

2. How We Use Information

We use the information we collect to:

  • Provide, operate, and improve the Services, including processing your orders and invoices.
  • Verify your eligibility, identity, and credentials before approving an account.
  • Authenticate you, prevent unauthorized access, and detect, investigate, and respond to security incidents.
  • Communicate with you about your account, orders, payments, and changes to the Services.
  • Comply with applicable laws, regulations, court orders, and lawful requests from public authorities.
  • Establish, exercise, or defend legal claims.
  • Generate aggregated or de-identified analytics about how the Services are used.

3. Legal Bases (where applicable)

Where the laws of your jurisdiction require a legal basis to process personal information, we rely on one or more of the following: performance of our contract with you; compliance with our legal obligations; our legitimate interests in operating and improving the Services; and where required, your consent.

4. How We Share Information

We do not sell personal information. We share it only as described below:

4.1 Service providers (subprocessors)

We use a small set of vetted vendors to operate the Services. Each is contractually required to use the information only to provide services to us and to protect it appropriately.

  • Amazon Web Services — cloud hosting, database (Aurora Postgres), file storage (S3), and email-delivery infrastructure.
  • Resend — transactional email delivery (notifications, password resets, invoices).
  • Intuit / QuickBooks Online — accounting, invoicing, and supplier-record synchronization when an administrator has authorized the integration.
  • Intuit / QuickBooks Payments— processing of card and bank-account payments, including tokenization and storage of payment instruments on Intuit’s systems.

4.2 Suppliers fulfilling your orders

To fulfill your orders we share order-specific information (such as line items, quantities, ship-to address, and contact details) with the supplier responsible for shipping the product to you.

4.3 Legal and safety

We may disclose information when we believe in good faith that disclosure is necessary to comply with law, respond to lawful requests, enforce our agreements, protect our or others’ rights, property, or safety, or detect and prevent fraud or abuse.

4.4 Business transfers

If we are involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction, subject to standard confidentiality protections.

5. Data Retention

We retain personal information for as long as necessary to provide the Services, comply with our legal obligations (including tax, accounting, and regulatory requirements), resolve disputes, and enforce our agreements. Some records (such as invoices and order history) may be retained for several years to satisfy recordkeeping rules even after your account is closed.

6. Security

We use administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (TLS), encryption at rest for our databases and file storage, role-based access controls, audit logging, and least-privilege credentials for internal systems. No system can guarantee perfect security; we encourage you to use a strong, unique password and to notify us immediately if you suspect unauthorized access.

7. Cookies and Similar Technologies

We use a small number of strictly-necessary cookies and similar technologies to keep you signed in, remember preferences, and protect against cross-site request forgery. We do not currently use cookies for behavioral advertising. You can configure your browser to refuse cookies, but some parts of the Services will not function properly without them.

8. Your Rights and Choices

Depending on where you reside, you may have rights to access, correct, delete, or port the personal information we hold about you, or to object to or restrict certain processing. To exercise these rights, contact us using the details in Section 12. We may ask you to verify your identity before responding.

You may close your account at any time by contacting us. If we are required to retain certain records by law (for example, tax or regulatory records), those records will remain in our archives for the required period and will be deleted at the end of it.

9. Children

The Services are not directed to children under 18 and we do not knowingly collect personal information from them. If you believe a child has provided personal information to us, please contact us so we can delete it.

10. International Data Transfers

Our infrastructure is operated in the United States. If you access the Services from outside the United States, your information will be transferred to, processed, and stored in the United States, which may have data-protection laws different from those of your country of residence.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Effective date” above and, for material changes, notify you through the Services or by email. Your continued use of the Services after an update constitutes acceptance of the revised Policy.

12. Contact Us

For privacy-related questions, requests, or complaints, contact us at support@peptagenbiosciences.com or through our contact form.