Privacy Policy

Last updated: February 2026

Information We Collect

When you create an account or place an order, we collect your name, email address, shipping address, and phone number. We also collect technical information such as IP addresses, browser type, and usage data for security and analytics purposes.

How We Use Your Information

We use your information to process orders, communicate about your account, improve our services, and protect against fraud. We use security audit logging to monitor for unauthorized access attempts.

Password Security

Your password is hashed using BCrypt with a high cost factor. We never store plaintext passwords. Our system supports two-factor authentication (TOTP) for additional security.

Data Protection

All data is transmitted over HTTPS with TLS encryption. Session tokens are cryptographically random and stored as SHA-256 hashes. We implement rate limiting, account lockout, and comprehensive audit logging to protect your account.

Cookies

We use essential cookies for authentication and session management. Our cookies are marked HttpOnly, Secure, and SameSite=Strict. We do not use tracking cookies or share data with advertisers.

Data Retention

Account data is retained as long as your account is active. Order records are retained for 7 years for legal compliance. Security audit logs are retained for 90 days. You may request account deletion by contacting us.

Third Parties

We do not sell your personal information. We may share data with payment processors to complete transactions and with shipping carriers to deliver orders. All third parties are bound by confidentiality agreements.

Your Rights

You have the right to access, correct, or delete your personal information. You may also request a copy of all data we hold about you. Contact us at privacy@peptalabs.com to exercise these rights.

Contact

Questions about this policy? Email privacy@peptalabs.com or visit our contact page.