Privacy policy

LApeptidelabs is an independent supplier of research peptides operating from Los Angeles, California, USA. Our products are sold exclusively for in-vitro laboratory research. We are the data controller for the personal information described in this policy.

Contact for privacy matters: privacy@lapeptidelabs.com

We collect only what we need to operate the site, fulfill orders, and meet legal obligations.

Information you give us

• Account: email address, password (stored only as a bcrypt hash — never in plain text), optional display name.
• Order: shipping address (recipient name, street, city, state, postal code, country), optional phone, optional order notes.
• Payment: the cryptocurrency, network, and on-chain transaction hash you submit for an order. We do not collect credit card numbers. We do not have or store private keys for your wallet.
• Support: any message you send us via email or a contact form, including order numbers you reference.
• Age & researcher attestation: a cookie recording that you confirmed you are 18+ and acquiring products for laboratory research.

Information collected automatically

• Device & request data: IP address, user-agent string, approximate country derived from IP, referring URL, the pages you view, and timestamps.
• First-party cookies: a session identifier (so we can keep you signed in), a visitor identifier (so we can attribute repeat visits to the same browser), the age-gate cookie, and a cart cookie.
• On-chain data: when you submit a transaction hash for an order, we query public blockchain explorers (e.g., Etherscan, Tronscan, Blockchair, mempool.space) to verify the payment. We store the transaction hash, the receiving wallet, the confirmed amount, and confirmation count alongside your order. The blockchain itself is public; we do not control or remove on-chain records.

Information from third parties

• Email engagement: when we send you order or marketing emails through our email provider (Resend), we receive delivery, open, and click events tied to the message we sent you.
• Carrier tracking: when an order ships, the shipping carrier provides tracking events (in transit, delivered) which we store with the order.

We do not knowingly collect data from anyone under 18. The age-gate and checkout flow require you to confirm you are at least 18 and a qualified researcher. If you believe we have inadvertently collected information from a minor, contact us and we will delete it.

• Provide the service: create your account, process and ship orders, verify on-chain payments, send order status updates, and answer support requests.
• Security & fraud prevention: detect abusive behavior, prevent duplicate or fraudulent orders, rate-limit abusive traffic, and protect our systems and users.
• Legal compliance: keep records required by tax, accounting, and consumer-protection laws; respond to lawful requests from courts or regulators.
• Site improvement: aggregate analytics on which pages and products perform — first-party only, no third-party advertising trackers.
• Marketing emails (opt-in only): if you sign up, send product news, batch releases, and offers. You can opt out at any time from a link in every marketing email.

We do not use your information for automated decision-making with legal or similarly significant effects. We do not sell your information.

• Performance of a contract — to process and ship orders you place.
• Legitimate interests — to secure the site, prevent fraud, and improve our products and service. You can object at any time.
• Consent — for optional marketing emails and non-essential cookies. You can withdraw at any time.
• Legal obligation — to retain records required by tax and consumer laws.

We share personal information only with vendors that help us run the service, and only what they need:

• Hosting & database: Vercel Inc. (United States) — hosts the site and stores the database.
• Email: Resend (United States) — sends transactional and marketing emails on our behalf.
• Shipping carriers: e.g., USPS, UPS, FedEx — receive recipient name, address, and contact info to deliver your order.
• Fulfillment partner: when contracted, our supplier/fulfillment partner receives the order line items, recipient name, and shipping address to pack and dispatch the order.
• Blockchain explorers: public APIs (Etherscan, Tronscan, Blockchair, mempool.space, Helius). We send only the transaction hash; no personal data.
• Professional advisers: lawyers, accountants, and auditors, under confidentiality, when needed.
• Law enforcement: only when legally compelled (subpoena, court order) or when necessary to protect rights, property, or safety.

We do not sell, rent, or trade personal information. We do not share it with advertising networks. We do not use third-party marketing or re-targeting pixels.

Our servers and many of our vendors are located in the United States. If you access the site from outside the US, your information will be transferred to and processed in the US. Where required, we rely on Standard Contractual Clauses or equivalent safeguards for transfers of personal data from the EEA, UK, or Switzerland.

• Account data: while your account is active. You can request deletion at any time (see §9).
• Order, payment, and shipping records: 7 years, to meet tax, accounting, and consumer-protection requirements.
• Support correspondence: 3 years from the last message.
• Cookies: see the cookie table below; most are session or short-lived.
• Server logs: typically 30–90 days, longer when investigating abuse.

We use only first-party cookies. We do not use third-party advertising or social-media tracking cookies.

You can delete cookies any time in your browser. Doing so will sign you out and clear your cart.

Depending on where you live, you may have some or all of these rights:

• Access — get a copy of the personal information we hold about you.
• Correction — fix inaccurate or incomplete information.
• Deletion — ask us to delete your account and associated data, subject to records we must keep by law (e.g., tax records for completed orders).
• Portability — receive your data in a machine-readable format.
• Restriction or objection — object to processing based on legitimate interests, or restrict processing while a dispute is resolved.
• Withdraw consent — for processing based on consent (e.g., marketing).
• Lodge a complaint — with your local data-protection authority. In the EEA/UK that is your national supervisory authority; in California, the California Privacy Protection Agency.

To exercise any right, email privacy@lapeptidelabs.com from the address on file. We respond within 30 days. We do not discriminate against you for exercising any privacy right.

California (CCPA/CPRA)

California residents have the right to know what categories of personal information we collect and disclose, to delete personal information, to correct inaccurate personal information, and to opt out of "sale" or "sharing." We do not sell or share personal information for cross-context behavioral advertising. You can submit requests to the email above; we may need to verify your identity before fulfilling them.

• Passwords are stored only as bcrypt hashes — we cannot recover them, only reset.
• All traffic is served over TLS (HTTPS).
• Database is hosted on Vercel Postgres with managed encryption at rest and in transit.
• Access to admin tools requires authenticated, audited sessions; every admin write is logged.
• We do not store credit card numbers or wallet private keys.

No system is perfectly secure. If you suspect a security issue, emailprivacy@lapeptidelabs.comwith details — we appreciate responsible disclosure.

We may update this policy from time to time. If we make material changes we will update the "effective" date at the top and, when appropriate, notify you by email or with an in-site notice. Continued use after a change means you accept the updated policy.

Questions, requests, or complaints: privacy@lapeptidelabs.com

LApeptidelabs · Los Angeles, California, USA