PeptidesDirect

Privacy Policy

Last updated: February 2026

1. Data Controller

The data controller is Toptimum Ltd, Griva Digeni 51, Athineon Court, Office 202, 8047 Paphos, Cyprus. Contact: info@peptidesdirect.io.

2. Data We Collect

We collect: (a) Account data — name, email address, password (hashed); (b) Order data — shipping/billing address, phone number, order history; (c) Payment data — payment method selected and transaction references (we do NOT store credit card numbers); (d) Technical data — IP address, browser type, device information, cookies; (e) Communication data — emails and contact form messages.

3. Purpose of Processing

We process your data to: fulfil orders and deliver products; process payments; communicate about your orders; provide customer support; comply with legal obligations (tax, accounting); improve our website and services; send order-related notifications.

4. Legal Basis (GDPR Art. 6)

Contract performance (Art. 6(1)(b)): processing orders, shipping, payments. Legal obligation (Art. 6(1)(c)): tax records, invoicing. Legitimate interest (Art. 6(1)(f)): fraud prevention, website improvement. Consent (Art. 6(1)(a)): marketing emails (only with explicit opt-in).

5. Data Sharing

We share data only with: payment processors (NOWPayments for crypto/card payments); shipping carriers (for delivery); email service provider (Resend, for transactional emails); hosting providers (for website operation). All processors are contractually bound to GDPR compliance. We do NOT sell personal data to third parties.

6. Data Retention

Account data is kept until you delete your account. Order data is retained for 10 years (legal requirement for tax/accounting). Technical logs are deleted after 90 days. Marketing consent records are kept for the duration of consent.

7. Your Rights (GDPR)

You have the right to: access your personal data (Art. 15); rectify inaccurate data (Art. 16); erase your data (Art. 17, "right to be forgotten"); restrict processing (Art. 18); data portability (Art. 20); object to processing (Art. 21); withdraw consent at any time (Art. 7(3)). To exercise these rights, email info@peptidesdirect.io. We respond within 30 days.

8. Cookies

We use essential cookies for: session management, shopping cart persistence, authentication, language preference. We do not use advertising or tracking cookies. You can disable cookies in your browser settings, but this may affect website functionality.

9. Data Security

We implement appropriate technical and organizational measures: encrypted data transmission (HTTPS/TLS); secure password hashing; access controls and authentication; regular security reviews. Despite our measures, no internet transmission is 100% secure.

10. Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU member state of your habitual residence. The competent authority in Cyprus is the Commissioner for Personal Data Protection (www.dataprotection.gov.cy).