Privacy Policy
Effective date: May 7, 2026. Last updated: May 7, 2026.
Who We Are
Peptpedia (peptpedia.org) is an educational research encyclopedia operated by Novo Solutions. We provide peer-reviewed summaries of peptide research for informational purposes only. We do not sell, prescribe, or distribute any peptides or pharmaceutical products.
Data Controller: Novo Solutions
Contact Email: info@novo.solutions
For any privacy-related questions, data access requests, or deletion requests, contact us at the email address above. We respond to all privacy requests within 30 days.
Information We Collect
We collect the minimum information necessary to operate our educational website and communicate with subscribers. Below is an exhaustive list of every category of data we collect.
A. Automatically Collected Data (All Visitors)
When you visit any page on Peptpedia, the following is collected automatically:
- Analytics Data (via Google Analytics 4): Pages viewed, time on site, scroll depth, navigation patterns, referral source, and general geographic region (country/city level). This data is aggregated and does not personally identify you. Google Analytics uses cookies to distinguish unique visitors.
- Technical Data (via server logs): IP address, browser type and version, operating system, device type, screen resolution, and referring URL. Server logs are maintained by our hosting provider (Vercel) and are retained for up to 30 days.
B. Data You Provide Voluntarily
We only collect personal information that you actively choose to provide:
- Email Newsletter Subscription: When you subscribe to our research updates, we collect your email address along with consent metadata (described in detail below).
We do not collect names, phone numbers, physical addresses, payment information, health data, or any other personally identifiable information beyond what is listed above.
Email Newsletter Subscription
When you subscribe to receive peptide research updates, we record the following at the exact moment of subscription:
| Data Field | Purpose | Retention |
|---|---|---|
| Email address | Send research updates | Until you unsubscribe or request deletion |
| IP address | Proof of consent (GDPR), rate limiting | Until you request deletion |
| Browser user agent | Consent verification | Until you request deletion |
| Page URL | Record where consent was given | Until you request deletion |
| Timestamp | Record when consent was given | Until you request deletion |
| Consent text | Record exact terms agreed to | Until you request deletion |
Legal basis for processing (GDPR Article 6(1)(a)): Your explicit, freely given consent via the opt-in checkbox. You may withdraw consent at any time by contacting info@novo.solutions. Withdrawing consent does not affect the lawfulness of processing performed before withdrawal.
Storage location: Your subscription data is stored in a Neon Serverless Postgres database hosted in the United States (AWS us-east-1 region). All connections are encrypted via TLS/SSL. The database is accessed only through authenticated, parameterized queries.
How We Use Your Information
We use the information we collect for the following specific purposes and no others:
- Email address: To send you peptide research updates when new studies, comparisons, or research profiles are published. We will never send promotional content for third-party products.
- Analytics data: To understand which content is most valuable to our readers, identify technical issues, and improve the site experience.
- Technical/server data: To maintain website security, prevent abuse, and ensure site availability.
- Consent metadata (IP, timestamp, user agent, consent text): Solely to demonstrate GDPR compliance if we are ever required to prove that consent was given.
We do not use your data for: profiling, automated decision-making, advertising targeting, sale to third parties, or any purpose beyond what is listed above.
Cookies and Local Storage
Cookies
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| _ga | Google Analytics | Distinguish unique visitors | 2 years |
| _ga_* | Google Analytics | Maintain session state | 2 years |
Local Storage (Browser)
We store the following non-personal data in your browser's local storage:
| Key | Purpose | Contains PII? |
|---|---|---|
| theme | Remember your light/dark mode preference | No |
| peptpedia_subscribed | Prevent showing the signup modal after subscribing | No |
| peptpedia_modal_dismissed_at | Remember when you closed the signup modal | No |
| peptpedia_visit_count | Count page visits to determine when to show the signup modal | No |
No personal information is stored in local storage. You can clear this data at any time through your browser settings. Blocking local storage will not affect the core functionality of the website.
You can configure your browser to reject cookies or clear them at any time. Blocking Google Analytics cookies will prevent usage tracking but will not affect your ability to read content on the site.
Third-Party Services
We use a limited number of third-party services. Each is listed below with what data they receive and a link to their privacy policy.
| Service | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Google Analytics 4 | Website analytics | Anonymous usage data, IP (anonymized) | View |
| Vercel | Website hosting | Server logs (IP, user agent) | View |
| Neon (database) | Email subscription storage | Subscriber data (see table above) | View |
We do not sell, rent, or trade your personal information to any third party. The services listed above process data only as necessary to provide their stated function.
Data Security
We implement the following technical measures to protect your data:
- Encryption in transit: All connections to Peptpedia use HTTPS (TLS 1.2+). HTTP Strict Transport Security (HSTS) is enabled.
- Encryption at rest: Our database provider (Neon) encrypts all stored data at rest using AES-256.
- Parameterized queries: All database interactions use parameterized queries to prevent SQL injection attacks.
- Rate limiting: Our API endpoints enforce IP-based rate limiting to prevent abuse.
- Access control: Database credentials are stored as encrypted environment variables and are never exposed in source code or client-side assets.
- Security headers: We enforce HSTS, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, and Permissions-Policy headers on all responses.
While we take reasonable precautions, no method of electronic storage or transmission is 100% secure. If you discover a security vulnerability, please report it to info@novo.solutions.
Data Retention
- Email subscription data: Retained until you request deletion or unsubscribe. Upon receiving a deletion request, we will permanently remove all associated data within 30 days.
- Server logs (Vercel): Automatically deleted after 30 days by our hosting provider.
- Google Analytics data: Retained for 14 months per Google's default retention settings.
- Rate limiting logs: Automatically purged within 2 hours. These logs contain only IP addresses and timestamps, no email addresses or personal data.
International Data Transfers
Peptpedia is operated from the United States. If you access our site from outside the United States, your data will be transferred to and processed in the United States.
Our service providers (Vercel, Neon, Google) maintain compliance with applicable data transfer frameworks. By using this website and providing your data, you acknowledge this transfer. If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your data is protected under the service providers' Standard Contractual Clauses (SCCs) and Data Processing Agreements (DPAs).
Your Rights
Depending on your location, you may have some or all of the following rights regarding your personal data:
For All Users
- Access: Request a copy of all personal data we hold about you.
- Deletion: Request permanent deletion of your data from our systems.
- Correction: Request correction of inaccurate data.
- Withdraw Consent: Withdraw your newsletter consent at any time without affecting the lawfulness of prior processing.
Additional Rights Under GDPR (EEA/UK Residents)
- Restriction: Request that we restrict processing of your data in certain circumstances.
- Data Portability: Receive your data in a structured, machine-readable format (CSV or JSON).
- Object: Object to processing based on legitimate interests.
- Complaint: Lodge a complaint with your local Data Protection Authority. A list of EU DPAs is available at edpb.europa.eu.
Additional Rights Under CCPA/CPRA (California Residents)
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected.
- Right to Delete: Request deletion of personal information.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
- No Sale of Data: We do not sell or share your personal information for cross-context behavioral advertising. A "Do Not Sell" opt-out is not required because we do not engage in this practice.
To exercise any of these rights, contact info@novo.solutions with the subject line "Privacy Request." We will verify your identity and respond within 30 days (45 days for complex CCPA requests, with notice).
Children's Privacy
Peptpedia is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal data, contact us at info@novo.solutions and we will promptly delete it.
Health Information Disclaimer
Peptpedia provides educational summaries of published peptide research. The content on this site is not medical advice, does not establish a doctor-patient relationship, and should not be used as a substitute for professional medical consultation. We do not collect, store, or process any personal health information (PHI) from our visitors.
Do Not Track Signals
Some browsers transmit a "Do Not Track" (DNT) signal. There is currently no industry standard for how websites should respond to DNT signals. Our site uses Google Analytics for aggregated traffic analysis; if you wish to opt out of tracking, you may install the Google Analytics Opt-out Browser Add-on or configure your browser to block third-party cookies.
Changes to This Policy
We may update this privacy policy to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page. If we make changes that significantly affect how we handle personal data we have already collected, we will make reasonable efforts to notify affected users (for example, via email to subscribers).
We encourage you to review this policy periodically. Your continued use of Peptpedia after changes are posted constitutes acceptance of the updated policy.