Overview
This Privacy Policy explains how Tidal Peptides ("Company," "we," "us," "our") collects, uses, discloses, and protects information about visitors and customers of tidalpeptides.com (the "Service"). By using the Service, you agree to the practices described below.
Information We Collect
We collect three categories of information:
- Information you provide. Account details (name, email, password), shipping and billing addresses, phone number, purchase history, and any messages you send to support.
- Payment information. Payment details are submitted directly to our payment processors (see "Payment Processing"). We do not store full card numbers, full bank account numbers, or wallet private keys on our servers — we receive only a token, the last four digits, and the transaction status.
- Information collected automatically. Device and browser data, IP address, pages visited, referring URL, and cookie identifiers. We use this for site analytics, fraud prevention, and maintaining your cart and login session.
How We Use Information
- To process and ship orders, including order confirmations, tracking notifications, and Certificate of Analysis (COA) delivery.
- To verify identity, prevent fraud, and comply with applicable laws (including age verification and restricted-product controls).
- To respond to support requests and send transactional email.
- To improve the site, debug issues, and analyze aggregate usage.
- To measure the effectiveness of our advertising — including attributing purchases to the ads and campaigns that drove them — and to reduce wasted ad spend.
- To send opt-in marketing email (such as our quarterly bulletin). You can unsubscribe at any time.
Payment Processing
Payments are handled by regulated third-party processors. Each processor receives the payment data necessary to authorize the transaction and returns a token to us. We never see or store full sensitive credentials.
- Credit & debit cards — handled by our card acquirer. The processor receives your card number, expiration, security code, billing address, and amount. We receive a token, the last four digits, the card brand, and the authorization result.
- ACH / eCheck (Green.Money) — Green.Money receives your routing and account number, name, and amount. We receive a payment reference, masked account identifier, and the settlement status. Green.Money's privacy notice governs their handling of your banking data.
- Cryptocurrency (NOWPayments) — NOWPayments generates a deposit address for your selected coin and reports back the on-chain transaction status. We receive the transaction hash, coin, amount, and confirmation status. We do not receive or hold your wallet's private keys.
Each processor is responsible for the security of the data submitted directly to it and operates under its own privacy policy and compliance regime (PCI-DSS for cards, NACHA for ACH, etc.).
Other Service Providers
We share information with vendors who help us operate the business. Each vendor receives only the data needed for their function and is contractually required to keep it confidential.
- Hosting & commerce. Our storefront runs on Medusa.js with cloud hosting providers. Order and customer records are stored in our own database, not a third-party commerce platform.
- Email delivery. Transactional and marketing emails are sent through a regulated email service provider that processes your email address and message metadata.
- Analytics. Aggregated, mostly anonymized site analytics for performance and usage trends. We do not sell or rent this data.
- Advertising & measurement partners. To measure which ads lead to purchases, we share conversion and order information with advertising and analytics partners and with the ad platforms we run campaigns on, both from your browser (via advertising pixels) and from our servers. These partners may use it — often in hashed or pseudonymized form — to attribute a purchase to an ad and to build advertising audiences. We do not sell your personal information for monetary consideration; depending on your state, this sharing may be treated as a "sale" or "share" under applicable privacy law, and you can limit it by disabling marketing cookies or emailing us (see "Your Rights").
- Carriers. Shipping carriers receive the recipient's name, address, and phone number to deliver your order.
- Compliance & tax. Where required by law, we may disclose information to tax authorities (Texas sales tax) or in response to valid legal process.
Cookies & Similar Technologies
We use a small set of first-party cookies to keep you signed in, remember your cart, and prevent fraud. We use limited analytics cookies to understand aggregate site usage. We also use advertising and attribution technologies — including marketing pixels and tags, and we capture campaign parameters such as UTM tags and ad-click identifiers from the links you follow — to measure which ads lead to purchases. You can disable cookies in your browser, but core checkout features will not work without them.
Your Rights
Depending on your jurisdiction, you may have the right to:
- Request a copy of the personal information we hold about you.
- Correct inaccurate information.
- Request deletion of your account and associated data, subject to record-keeping obligations (e.g., tax records).
- Opt out of marketing email.
To exercise any of these rights, email support@tidalpeptides.com from the address on your account. We respond within 30 days.
Data Retention
We keep account and order records for as long as your account is active and for the period required to comply with tax, accounting, and anti-fraud laws (typically seven years for transactional records). Marketing preferences are honored until you change them.
Children
The Service is intended for adult researchers. We do not knowingly collect personal information from anyone under 21. If you believe a minor has provided information to us, contact support@tidalpeptides.com and we will delete it.
International Visitors
We currently ship within the United States only. If you visit the Service from outside the US, your information will be transferred to, stored, and processed in the United States.
Security
We use industry-standard safeguards including TLS encryption in transit, encrypted database backups, and access controls limiting staff access to customer data. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be posted on this page with a new "Last Updated" date. Continued use of the Service after changes constitutes acceptance.
Contact
Privacy questions and rights requests should be directed to:
Tidal Peptides
Email: support@tidalpeptides.com
Related: Terms of Service