Privacy Policy

Effective Date: September 1, 2025

1. Introduction

Cosmic Peptides ("Company," "we," "us," or "our") operates the website cosmicpeptides.com (the "Site"). This Privacy Policy describes how we collect, use, disclose, and protect information that we receive from users of our Site and services.

U.S. Operations: We operate exclusively within the United States and ship only to U.S. addresses. While we comply with applicable U.S. privacy laws, we also respect widely recognized data privacy principles to protect your information.

By accessing or using our Site, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, you must not access or use the Site.

Important Notice: Our products are intended strictly for in vitro research use only by qualified professionals. They are not intended for human consumption, therapeutic use, or any diagnostic purpose. We do not collect, use, or disclose any information for purposes related to human health, medical treatment, or clinical applications.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide to us when you:

  • Create an account or register for our services
  • Place an order or make a purchase
  • Contact us via email, phone, or contact forms
  • Subscribe to our mailing list or newsletters
  • Participate in surveys, promotions, or contests
  • Submit reviews, testimonials, or other user-generated content
  • Apply for institutional or wholesale accounts

This information may include:

  • Personal identifiers: name, email address, phone number, mailing address, billing address, shipping address
  • Account credentials: username, password (stored in encrypted form)
  • Professional information: institution name, research affiliation, laboratory address, professional title, research area
  • Payment information: credit card number, billing address, and related payment details (processed securely through third-party payment processors; we do not store complete credit card information on our servers)
  • Purchase history and order information
  • Communications: correspondence you send to us, including customer service inquiries and technical support requests
  • Institutional verification documents: professional credentials, institutional affiliations, research permits, or licenses as required for account verification

2.2 Information Collected Automatically

When you access or use our Site, we automatically collect certain information about your device and browsing behavior, including:

  • Device information: IP address, browser type and version, operating system, device identifiers, screen resolution
  • Usage data: pages visited, time spent on pages, links clicked, referral URLs, search terms entered on our Site
  • Location data: general geographic location based on IP address (city, state, country)
  • Log data: access times, error logs, and other system activity
  • Cookies and similar technologies: information collected through cookies, web beacons, pixel tags, and similar tracking technologies (see Section 5 below)

2.3 Information from Third Parties

We may receive information about you from third-party sources, including:

  • Payment processors and financial institutions for transaction verification and fraud prevention
  • Shipping carriers for delivery tracking and fulfillment
  • Marketing and analytics service providers
  • Data enrichment services that supplement the information we collect with publicly available information
  • Institutional verification services that confirm professional credentials and affiliations

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery and Account Management

  • Process, fulfill, and ship orders
  • Create and manage user accounts
  • Verify professional credentials and institutional affiliations for qualified purchasers
  • Provide customer support and respond to inquiries
  • Send order confirmations, shipping notifications, and transactional communications
  • Maintain records of purchases for Certificate of Analysis (COA) distribution and traceability

3.2 Business Operations

  • Process payments and prevent fraudulent transactions
  • Maintain internal records and conduct audits
  • Analyze business performance and market trends
  • Develop, test, and improve our products and services
  • Conduct quality control and ensure product integrity
  • Manage inventory and supply chain operations

3.3 Marketing and Communications

  • Send promotional emails, newsletters, and marketing communications (only with your consent where required by law)
  • Inform you about new products, services, or research applications
  • Conduct surveys and solicit feedback
  • Administer contests, promotions, and special offers

3.4 Legal Compliance and Protection

  • Comply with applicable laws, regulations, and legal obligations
  • Enforce our Terms of Service and other agreements
  • Protect against fraud, unauthorized transactions, and other illegal activity
  • Respond to legal requests from law enforcement or governmental authorities
  • Establish, exercise, or defend legal claims
  • Maintain regulatory compliance records, including end-user verification and restricted substance tracking

3.5 Analytics and Improvement

  • Analyze Site usage patterns and user behavior
  • Improve Site functionality, user experience, and performance
  • Conduct A/B testing and experimentation
  • Generate aggregate statistical data and analytics

4. Legal Basis for Processing

We collect and process your personal information based on the following legal grounds:

  • Performance of Contract: To fulfill our contractual obligations to you, including processing and shipping orders, managing your account, and providing customer support
  • Legitimate Business Interests: To operate our business, prevent fraud, improve our services, ensure security, and maintain regulatory compliance, provided these interests do not override your privacy rights
  • Consent: When you have explicitly consented to specific processing activities, such as receiving marketing communications (you may withdraw consent at any time)
  • Legal Compliance: To comply with applicable federal and state laws, including tax obligations, record-keeping requirements, and regulatory compliance for research chemicals

5. Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your browsing behavior and preferences.

5.1 Types of Cookies We Use

  • Essential Cookies: Necessary for the Site to function properly, including session management, shopping cart functionality, and security features. These cookies cannot be disabled without severely affecting Site functionality.
  • Performance Cookies: Collect information about how you use our Site, such as which pages you visit most often and whether you receive error messages. This data is aggregated and anonymous.
  • Functionality Cookies: Remember your preferences and choices (e.g., language, region) to provide enhanced, personalized features.
  • Targeting/Advertising Cookies: Track your browsing habits to deliver targeted advertisements and measure advertising campaign effectiveness. These cookies may be set by third-party advertising networks.
  • Analytics Cookies: Help us understand Site traffic patterns, user behavior, and Site performance through services such as Google Analytics.

5.2 Managing Cookies

Most web browsers allow you to control cookies through browser settings. You can configure your browser to refuse all cookies or alert you when a cookie is being sent. However, disabling cookies may limit your ability to use certain features of the Site.

For more information about managing cookies, visit: www.allaboutcookies.org

5.3 Third-Party Analytics

We use third-party analytics services, including Google Analytics, to collect and analyze usage data. These services may use cookies and similar technologies to collect information about your use of the Site and other websites. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout

6. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following circumstances:

6.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

  • Payment processors (e.g., Shopify Payments, Stripe, PayPal)
  • Domestic shipping and logistics providers (e.g., USPS, FedEx, UPS)
  • Email service providers and marketing platforms
  • Cloud hosting and data storage providers
  • Customer relationship management (CRM) systems
  • Analytics and data analysis services
  • Fraud detection and prevention services
  • IT support and security providers

These service providers are contractually obligated to use your information only as necessary to perform services on our behalf and to protect the confidentiality and security of your information.

6.2 Business Transfers

If we are involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

6.3 Legal Requirements and Protection

We may disclose your information if required by law or in good faith belief that such disclosure is necessary to:

  • Comply with legal obligations, court orders, subpoenas, or other legal processes
  • Respond to lawful requests from government authorities, law enforcement, or regulatory agencies
  • Enforce our Terms of Service, policies, or other agreements
  • Protect the rights, property, or safety of Cosmic Peptides, our users, or the public
  • Detect, prevent, or investigate fraud, security breaches, or other illegal activity
  • Comply with regulations governing controlled substances, research chemicals, or export controls

6.4 Aggregate and De-Identified Data

We may share aggregate, de-identified, or anonymized data that cannot reasonably be used to identify you. This data may be used for research, analytics, marketing, or other business purposes.

6.5 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Specific retention periods include:

  • Account Information: Retained for the duration of your account and for a reasonable period thereafter to comply with legal obligations and resolve disputes
  • Transaction Records: Retained for at least seven (7) years to comply with tax, accounting, and regulatory requirements
  • Certificates of Analysis (COAs): Retained indefinitely to maintain traceability and product integrity records
  • Marketing Communications: Retained until you unsubscribe or request deletion
  • Support Communications: Retained for three (3) years for quality assurance and training purposes
  • Legal and Compliance Records: Retained as required by applicable laws and regulations

When we no longer need your information, we will securely delete or anonymize it in accordance with our data retention and destruction policies.

8. Data Security

We implement reasonable administrative, technical, and physical security measures designed to protect your information from unauthorized access, disclosure, alteration, or destruction. These measures include:

  • Encryption of data in transit using SSL/TLS protocols
  • Encryption of sensitive data at rest
  • Secure password storage using industry-standard hashing algorithms
  • Regular security audits and vulnerability assessments
  • Access controls and authentication mechanisms
  • Employee training on data protection and security practices
  • Secure disposal of physical and electronic records
  • Regular backups and disaster recovery procedures

However, no method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account.

9. Your Rights and Choices

9.1 Access and Correction

You have the right to access, review, and update your personal information. You may do so by logging into your account or contacting us at privacy@cosmicpeptides.com.

9.2 Marketing Communications

You may opt out of receiving promotional emails by clicking the "unsubscribe" link in any marketing email or by contacting us. Please note that even if you opt out of marketing communications, we will still send you transactional messages related to your account and orders.

9.3 Cookie Preferences

You can manage your cookie preferences through your browser settings as described in Section 5 above.

9.4 Data Subject Rights

You have the following rights regarding your personal information:

  • Right to Access: Request a copy of the personal information we hold about you
  • Right to Correction: Request correction of inaccurate or incomplete personal information
  • Right to Deletion: Request deletion of your personal information, subject to legal retention requirements
  • Right to Restrict Processing: Request that we limit how we use your information in certain circumstances
  • Right to Data Portability: Request a copy of your information in a structured, commonly used format
  • Right to Object: Object to our processing of your information for direct marketing purposes
  • Right to Withdraw Consent: Withdraw consent for processing activities that require your consent

To exercise these rights, please contact us at privacy@cosmicpeptides.com. We will respond to your request within thirty (30) days. Please note that certain legal obligations may require us to retain specific information even after you request deletion.

9.5 Additional Rights for California Residents

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources of that information, the purposes for collection, and the categories of third parties with whom we share information
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions
  • Right to Opt-Out of Sale: We do not sell personal information as defined by the CCPA
  • Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your CCPA rights

To exercise these rights, please contact us at privacy@cosmicpeptides.com or call us at [PHONE NUMBER]. We may require verification of your identity before processing your request.

9.6 Do Not Track Signals

Some web browsers have "Do Not Track" features that send signals to websites requesting that they not track the user's browsing activity. At this time, we do not respond to Do Not Track signals.

10. Data Storage and Processing

Your information is collected, stored, and processed in the United States. We use reputable third-party service providers who may store or process data on our behalf, including cloud hosting providers, payment processors, and analytics services. All service providers are contractually required to maintain appropriate security measures and use your information only as necessary to provide services to us.

By using our Site and services, you consent to the collection, storage, and processing of your information in the United States in accordance with this Privacy Policy.

11. Children's Privacy

Our Site and services are not directed to individuals under the age of eighteen (18). We do not knowingly collect personal information from children. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately at legal@cosmicpeptides.com, and we will take steps to delete such information.

12. Third-Party Links

Our Site may contain links to third-party websites, services, or resources that are not owned or controlled by Cosmic Peptides. This Privacy Policy does not apply to third-party websites. We are not responsible for the privacy practices or content of third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated Privacy Policy on this page with a new "Effective Date"
  • Sending an email notification to the address associated with your account
  • Displaying a prominent notice on our Site

Your continued use of the Site after the effective date of the updated Privacy Policy constitutes your acceptance of the revised terms. We encourage you to review this Privacy Policy periodically.

14. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Cosmic Peptides
Email: legal@cosmicpeptides.com
Mailing Address: 10730 Potranco Rd Ste 122, San Antonio, TX 78251

15. Regulatory Compliance Notice

Cosmic Peptides sells research chemicals and peptides intended strictly for in vitro research use by qualified professionals. Our products are not intended for human consumption, therapeutic use, diagnostic purposes, or veterinary applications. By using our Site and services, you acknowledge and agree that:

  • You are a qualified researcher or represent a legitimate research institution
  • You will use our products solely for lawful research purposes in accordance with applicable laws and regulations
  • You will not use our products for any unauthorized or illegal purpose, including but not limited to human consumption or administration
  • You are responsible for compliance with all applicable federal, state, and local laws and regulations governing the purchase, possession, and use of research chemicals
  • You understand that misuse of research chemicals may result in serious legal consequences, including criminal prosecution

We reserve the right to refuse service, cancel orders, or terminate accounts if we have reason to believe that products will be used for unauthorized purposes or in violation of applicable laws.

16. Data Breach Notification

While we implement robust security measures to protect your personal information as described in Section 8 of this Privacy Policy, we recognize that no security system is completely impenetrable. In the event of a data breach that compromises your personal information, we are committed to responding promptly and transparently.

16.1 Notification Procedures

If we discover or are notified of a security breach that results in unauthorized access to, acquisition of, or disclosure of personal information, we will:

  • Investigate Promptly: Immediately investigate the scope, nature, and impact of the breach to determine what information was compromised and which users were affected
  • Contain the Breach: Take immediate steps to contain the breach, prevent further unauthorized access, and mitigate harm to affected individuals
  • Notify Affected Users: Notify affected users via email at the address associated with their account within seventy-two (72) hours of discovering the breach, or as soon as reasonably practicable after completing our initial investigation
  • Provide Detailed Information: Include in our notification the date of the breach, types of information compromised, steps we are taking to address the breach, and recommended actions you can take to protect yourself
  • Regulatory Notification: Comply with all applicable state and federal data breach notification laws, including notifying relevant authorities as required
  • Ongoing Updates: Provide additional information and updates as our investigation progresses and additional facts become available

16.2 Information Included in Breach Notifications

Our breach notifications will include, to the extent known at the time of notification:

  • A description of the incident, including the date or date range when the breach occurred and when it was discovered
  • The types of personal information that were or are reasonably believed to have been compromised (e.g., name, email address, payment information, account credentials, institutional affiliations)
  • Steps we have taken or plan to take to address the breach and prevent future incidents
  • Contact information for questions and additional information
  • Recommendations for steps you can take to protect yourself from potential harm, such as changing passwords, monitoring account activity, or placing fraud alerts on credit reports
  • Information about identity protection services we may offer, if applicable

16.3 User Responsibilities After a Breach

If you receive a data breach notification from us, we recommend that you take the following steps:

  • Change Your Password: Immediately change your account password for our Site and for any other accounts where you use the same or similar passwords
  • Monitor Account Activity: Regularly review your account activity for any unauthorized transactions or suspicious behavior
  • Review Financial Statements: Monitor your credit card and bank statements for unauthorized charges
  • Enable Two-Factor Authentication: If available, enable two-factor authentication for your account and other sensitive accounts
  • Be Vigilant for Phishing: Be cautious of phishing emails or fraudulent communications attempting to exploit the breach. We will never ask you to provide sensitive information via email
  • Consider Credit Monitoring: Depending on the nature of the breach, consider enrolling in credit monitoring services or placing a fraud alert on your credit report

16.4 Limitation of Liability for Data Breaches

TO THE MAXIMUM EXTENT PERMITTED BY LAW, COSMIC PEPTIDES SHALL NOT BE LIABLE FOR ANY DAMAGES ARISING FROM UNAUTHORIZED ACCESS TO YOUR PERSONAL INFORMATION RESULTING FROM SECURITY BREACHES, CYBERATTACKS, OR OTHER MALICIOUS ACTS BY THIRD PARTIES, PROVIDED THAT WE HAVE IMPLEMENTED REASONABLE SECURITY MEASURES AS DESCRIBED IN THIS PRIVACY POLICY.

While we take data security seriously and will comply with all applicable breach notification laws, we cannot guarantee that unauthorized access will never occur. You acknowledge and agree that you use our services at your own risk and that we have no liability for damages resulting from data breaches beyond our reasonable control, except as required by applicable law.

16.5 Reporting Suspected Breaches

If you suspect that your account has been compromised or that your personal information has been accessed without authorization, please contact us immediately at:

Email: security@cosmicpeptides.com
Subject Line: URGENT - Security Incident Report

Include as much detail as possible about the suspected incident, including any evidence of unauthorized access, unusual account activity, or suspicious communications you have received.