Privacy Policy

Silver Peptide ("we", "us", "our") operates the website at https://silverpeptide.com. We are the data controller responsible for your personal data collected through this website.

If you have any questions about this Privacy Policy or how we handle your data, please contact us at: privacy@silverpeptide.com

We collect personal data in the following categories:

Account Information

• Full name
• Email address
• Password (stored as a secure hash — we never see your plain-text password)

Order & Transaction Data

• Products purchased, quantities, and prices
• Order status and history
• Shipping address (if collected at checkout)
• Payment reference identifiers (we do not store full card or bank details)

Technical Data

• IP address
• Browser type and version
• Device type and operating system
• Pages visited and time spent on site
• Referral source

Communications

• Messages sent to us via the contact form
• Email correspondence

We use your personal data only for the following purposes:

• To process and fulfil your orders
• To manage your account and authenticate your identity
• To send order confirmations and shipping updates
• To respond to your enquiries and support requests
• To maintain and improve our website and services
• To detect, prevent, and investigate fraud or misuse
• To comply with applicable laws and regulations

We do not sell your personal data to third parties. We do not use your data for automated profiling or decision-making that has a legal or similarly significant effect on you.

We process your personal data on the following legal bases under the UK GDPR and GDPR:

• Contract performance — to process your order and manage your account
• Legitimate interests — to prevent fraud, improve our service, and send transactional communications
• Legal obligation — where we must retain records for tax or regulatory purposes
• Consent — where you have explicitly opted in (e.g. marketing emails)

We share limited data with the following trusted third parties solely to operate our service:

Payment Processing

Payments are handled by our authorised Open Banking payment provider. When you check out, you are redirected to your bank's secure authentication page to authorise payment. We receive only a payment confirmation reference — we do not access your bank login credentials or store any financial details.

Supabase (Database & Authentication)

Your account data and order records are stored securely on Supabase infrastructure. Supabase is SOC 2 Type II certified and stores data on AWS servers in the region we have selected. See their privacy policy at supabase.com/privacy.

Vercel (Hosting)

Our website is hosted on Vercel. Vercel may process your IP address and request metadata through their edge network. See their privacy policy at vercel.com/legal/privacy-policy.

No other third parties receive your personal data without your explicit consent.

We use strictly necessary cookies only. These include:

• Authentication session cookie — keeps you logged in during your visit
• Cart session data — preserves your cart between pages

We do not use advertising cookies, tracking pixels, Google Analytics, Facebook Pixel, or any third-party behavioural tracking tools.

Because we only use strictly necessary cookies, we are not required to show a cookie consent banner under UK PECR or EU ePrivacy Directive. If we add analytics or marketing cookies in future, we will update this policy and implement a consent mechanism.

We retain your data for the following periods:

• Account data — for as long as your account is active, plus 30 days after deletion request
• Order records — 7 years from the order date (required by HMRC / tax law)
• Contact form messages — 2 years from receipt
• Server logs — 90 days

After these periods, data is securely deleted or anonymised.

Under UK GDPR and GDPR, you have the following rights:

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — ask us to correct inaccurate or incomplete data
• Right to erasure — ask us to delete your data where there is no lawful reason to retain it
• Right to restriction — ask us to limit how we use your data
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interests
• Right to withdraw consent — where processing is based on consent, you may withdraw at any time

To exercise any of these rights, email us at privacy@silverpeptide.com. We will respond within 30 days. We may need to verify your identity before acting on your request.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include:

• HTTPS encryption for all data in transit
• Row-Level Security (RLS) policies on our database — users can only access their own data
• Passwords stored as cryptographic hashes (bcrypt) — never in plain text
• Service role keys kept server-side only — never exposed in the browser
• Admin access restricted by role-based authentication

No system is 100% secure. If you suspect unauthorised access to your account, contact us immediately at privacy@silverpeptide.com.

Our website and products are intended for adults aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18. If you believe a child has submitted personal data to us, please contact us immediately and we will delete it.

Your data may be processed outside the UK or European Economic Area (EEA) by our third-party providers (Supabase, Vercel), all of whom are covered by adequate safeguards (Standard Contractual Clauses, adequacy decisions, or equivalent frameworks). We have satisfied ourselves that each provider meets appropriate data protection standards before engaging them.

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Significant changes will be communicated via email or a prominent notice on the website. We encourage you to review this page periodically.

For any questions, requests, or concerns relating to this Privacy Policy or our data practices: