Privacy Policy

Effective Date: November 15, 2025
Last Updated: November 21, 2025

---

1. INTRODUCTION

PepLynx Biotech (“PepLynx,” “we,” “us,” or “our”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you:

• Visit our website at peplynx.com (the “Site”);
  
• Create an account or place orders;
  
• Receive SMS or email communications from us; or
  
• Otherwise interact with our online services (collectively, the “Services”).
  

By accessing or using the Services, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with any part of this Privacy Policy, please do not use the Services.

PepLynx sells research-use–only products. Our products are not intended for human or veterinary use, diagnosis, treatment, or any medical purpose.

2. INFORMATION WE COLLECT

We collect information to operate our business, fulfill orders, maintain security, and improve the Services. We do not ask you to provide medical records, health diagnoses, or clinical treatment data.

2.1 Information You Provide Directly

You may provide information to us when you:

• Create an account;
  
• Place an order;
  
• Subscribe to marketing communications;
  
• Enroll in SMS/text programs;
  
• Contact customer support; or
  
• Participate in surveys, reviews, or promotions.
  

This can include:

• Account & Contact Information
  
  • Name
    
  • Email address
    
  • Phone number
    
  • Billing and shipping address
    
  • Account username and password
    
• Order & Payment Information
  
  • Products ordered and transaction history
    
  • Billing details
    
  • Partial payment card information (e.g., last four digits)
    
  • Tax ID or business information (for institutional customers, if provided)
    
• We do not store full credit or debit card numbers on our systems. These are processed securely by third-party payment processors.
  
• Communications & Support Information
  
  • Information you include in emails, contact forms, or chat messages
    
  • Customer service notes and support history
    
  • Responses to surveys or feedback forms
    
• User-Generated Content
  
  • Product reviews and ratings
    
  • Comments you submit through the Site
    
  • Any content you choose to share with us (for example, testimonials)
    
• Professional / Organization Information (Optional)
  
  • Institution or company affiliation
    
  • Role/title (e.g., researcher, purchaser, lab manager)
    
  • Research interests or product categories you indicate
    

We do not require or encourage you to submit medical histories, diagnoses, or treatment information to use our Services.

2.2 Information Collected Automatically

When you access or use the Services, we automatically collect certain technical and usage information, such as:

• IP address and approximate location;
  
• Browser type and version;
  
• Device type, operating system, and unique identifiers;
  
• Pages viewed, links clicked, and time spent on the Site;
  
• Referring and exit pages;
  
• Date and time of visits;
  
• Search queries on our Site;
  
• Log file information used for security, fraud prevention, and analytics.
  

We collect this information using cookies, log files, pixels, scripts, and similar tracking technologies.

2.3 Information from Third-Party Sources

We may receive information about you from:

• Payment processors (e.g., confirmation of payment, fraud flags);
  
• Shipping and logistics partners (e.g., delivery status);
  
• Analytics and advertising partners (e.g., aggregated demographic or interest data);
  
• Marketing partners where you have interacted with our brand on third-party platforms;
  
• Public sources, such as business registries or professional directories.
  

We do not obtain your medical charts, clinical lab records, or similar health documents from third parties.

2.4 Sensitive Personal Information

We generally do not seek to collect sensitive personal information (such as government ID numbers, health diagnoses, or biometric data) in connection with the Services.

However, we may process limited “sensitive” categories in certain contexts, such as:

• Encrypted account credentials (passwords);
  
• Payment-related information handled by our PCI-compliant payment processors;
  
• In limited cases, identity verification details if required to prevent fraud or comply with law.
  

We do not use any sensitive information we hold to infer health conditions, provide medical advice, or market clinical services.

3. HOW WE USE YOUR INFORMATION

We use the information we collect for legitimate business purposes, including to provide, secure, and improve the Services.

3.1 Providing and Improving Services

We use your information to:

• Create, maintain, and secure your account;
  
• Process and fulfill orders for research products;
  
• Communicate with you about orders, shipments, and account activity;
  
• Provide customer service and technical support;
  
• Maintain the functionality and security of the Site;
  
• Improve and customize the Services based on usage patterns and feedback;
  
• Develop new products, features, and offerings relevant to research customers.
  

3.2 Marketing and Communications

We may use your information to:

• Send promotional emails regarding products, offers, or updates;
  
• Provide recommendations or notices about products your organization may be interested in;
  
• Administer promotions or surveys you choose to participate in;
  
• Deliver educational or product-related content.
  

You may opt out of marketing communications at any time (see Section 6.3).

3.3 Business Operations

We process information as necessary to:

• Operate our ecommerce and logistics workflows;
  
• Authenticate users and secure accounts;
  
• Detect, prevent, and respond to fraud, abuse, or security incidents;
  
• Enforce our Terms of Use and other policies;
  
• Conduct audits, compliance reviews, and risk management;
  
• Maintain business and accounting records;
  
• Support business transactions such as reorganizations or asset transfers.
  

3.4 Analytics and Performance

We use analytics tools to:

• Understand how users interact with the Site;
  
• Measure performance of pages and features;
  
• Evaluate the effectiveness of marketing campaigns;
  
• Conduct A/B testing and user experience experiments;
  
• Generate aggregated statistics and trends.
  

Data used for analytics is often aggregated or de-identified when feasible.

4. HOW WE SHARE YOUR INFORMATION

We do not sell or rent your personal information to third parties for their independent marketing. We share information only as described below.

4.1 Service Providers and Vendors

We share information with trusted third parties who perform services on our behalf, including:

• Payment processors and financial institutions;
  
• Shipping, warehousing, and logistics providers;
  
• Web hosting and cloud infrastructure providers;
  
• Email and SMS communication platforms;
  
• Customer support platforms;
  
• Analytics providers and advertising technology partners;
  
• IT security, monitoring, and maintenance vendors.
  

These service providers are authorized to use your information only as necessary to perform services for PepLynx and are contractually obligated to protect your information.

4.2 Business Transfers

If PepLynx is involved in a merger, acquisition, asset sale, financing, or similar transaction, your information may be transferred as part of that transaction. We will take reasonable steps to ensure the recipient continues to handle your information in a manner consistent with this Privacy Policy or provide notice if practices will change.

4.3 Legal Requirements and Protection

We may disclose information when we believe in good faith that such disclosure is reasonably necessary to:

• Comply with applicable law, regulation, legal process, or government request;
  
• Protect the rights, property, or safety of PepLynx, our users, or the public;
  
• Detect, prevent, or address fraud, security issues, or technical problems;
  
• Enforce our Terms of Use and other agreements;
  
• Respond to claims or resolve disputes.
  

4.4 With Your Direction or Consent

We may share information with third parties when you ask us to or expressly consent, such as:

• When you participate in joint promotions or co-branded initiatives;
  
• When you request we share information with a specific partner or platform;
  
• When you post public reviews or other content that can be viewed by others.
  

4.5 Aggregated and De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you, for purposes such as research, analytics, and business intelligence.

5. COOKIES AND TRACKING TECHNOLOGIES

5.1 What Are Cookies?

Cookies are small text files stored on your device by websites you visit. They help websites remember preferences, recognize returning users, and operate core features.

We also use similar technologies such as pixels, tags, and local storage.

5.2 Types of Cookies We Use

We may use:

• Essential Cookies – Required for basic Site functionality (e.g., login, cart, checkout, security).
  
• Performance & Analytics Cookies – Help us understand how users navigate and use the Site to improve performance and usability.
  
• Functionality Cookies – Remember your preferences, such as language, region, or saved settings.
  
• Advertising & Marketing Cookies – Enable us and our partners to deliver and measure relevant ads and remarketing campaigns.
  

5.3 Third-Party Cookies

Third parties may set cookies or use tracking technologies on our Site, including:

• Analytics providers (e.g., to measure traffic and behavior);
  
• Advertising networks (e.g., to provide interest-based ads);
  
• Social media platforms (e.g., sharing tools and plug-ins).
  

These third parties have their own privacy policies governing their use of information.

5.4 SMS & Cart Tracking

We may use cookies or similar technologies to:

• Recognize when items are added to your cart;
  
• Detect when a cart is abandoned;
  
• Determine whether to send cart reminder messages, including via SMS if you have opted in.
  

Text messaging originator opt-in data and consent information is not shared with third parties except for vendors who provide SMS delivery or aggregation services necessary to operate the text messaging program.

5.5 Managing Cookies

You can control cookies through your browser settings, including blocking or deleting cookies. Note that disabling certain cookies may affect the functionality of the Site (e.g., you may not be able to log in or complete a purchase).

6. YOUR PRIVACY RIGHTS AND CHOICES

Your rights may vary based on your location, but we strive to honor reasonable requests globally.

6.1 Access and Correction

You may request:

• Access to personal information we hold about you;
  
• Corrections to inaccurate or incomplete information.
  

You can often update your information directly in your account settings. For other requests, contact us at support@peplynx.com.

6.2 Deletion

You may request that we delete your personal information, subject to legal and business exceptions (for example, to complete transactions, comply with law, prevent fraud, or maintain required records).

6.3 Marketing Communications Opt-Out

You may opt out of:

• Promotional emails by using the “unsubscribe” link in such emails or contacting us;
  
• SMS marketing by replying STOP or using provided opt-out instructions.
  

Even if you opt out of marketing, we may still send non-promotional messages such as order confirmations, security alerts, and service notifications.

6.4 Data Portability

Where required by law, you may request a copy of certain personal information in a structured, machine-readable format.

6.5 Object to Processing & Withdraw Consent

Where we rely on legitimate interests or consent, you may:

• Object to certain processing;
  
• Withdraw consent at any time (without affecting prior lawful processing).
  

6.6 Response and Verification

We may need to verify your identity before responding to certain requests. We aim to respond within legally required timeframes and will inform you if additional time is needed.

7. CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”).

7.1 Categories of Personal Information Collected

In the past 12 months, we may have collected:

• Identifiers (e.g., name, email, postal address, IP address);
  
• Customer records (e.g., account information, billing and shipping information);
  
• Commercial information (e.g., products purchased, browsing and shopping history);
  
• Internet or other electronic network activity (e.g., Site usage, analytics data);
  
• Geolocation data (approximate, derived from IP address);
  
• Inferences drawn from the above (e.g., product preferences or segments).
  

We do not collect biometric templates or clinical health records in connection with the Services.

7.2 Sources of Personal Information

We collect personal information from:

• You, directly;
  
• Automatic collection tools (cookies, logs, analytics);
  
• Service providers (payments, shipping, advertising, etc.);
  
• Public sources and business partners.
  

7.3 Business and Commercial Purposes

We use and disclose personal information for the business purposes described in Sections 3 and 4, including:

• Providing and improving the Services;
  
• Processing transactions;
  
• Detecting and preventing fraud;
  
• Marketing and advertising;
  
• Compliance and legal obligations;
  
• Internal analytics and research.
  

7.4 Categories of Third Parties

We may disclose personal information to:

• Service providers and contractors;
  
• Analytics and marketing partners;
  
• Professional advisors;
  
• Government or law enforcement agencies when required;
  
• Parties involved in business transfers.
  

7.5 Sale and Sharing of Personal Information

We do not sell personal information in exchange for money.

However, certain disclosures to advertising or analytics partners for cross-context behavioral advertising may be considered a “share” under California law. These disclosures may involve:

• Online identifiers (cookies, device IDs);
  
• Internet or other network activity information;
  
• Inferences about interests drawn from browsing behavior.
  

You may opt out of such “sharing” as described below.

We do not sell or share sensitive personal information.

7.6 Retention

We retain personal information as described in Section 13, based on legal obligations and legitimate business needs.

7.7 California Consumer Rights

Subject to certain exceptions, California residents have the right to:

• Know: Request details about the categories and specific pieces of personal information collected, used, disclosed, sold, or shared in the past 12 months;
  
• Delete: Request deletion of personal information we collected from you;
  
• Correct: Request correction of inaccurate personal information;
  
• Opt Out: Direct us not to sell or share personal information (for cross-context behavioral advertising);
  
• Limit Use of Sensitive Personal Information: Limit use of sensitive personal information to certain purposes (we already limit such use);
  
• Non-Discrimination: Exercise these rights without receiving discriminatory treatment.
  

7.8 How to Exercise California Rights

You may:

• Email us at support@peplynx.com with “CCPA Request” in the subject line;
  
• Use any applicable privacy web forms we make available (e.g., a “Do Not Sell or Share My Personal Information” link on the Site).
  

We will verify your identity reasonably in relation to the type of request and the sensitivity of the information. You may designate an authorized agent to make requests on your behalf, subject to verification of both your identity and the agent’s authority.

7.9 “Shine the Light”

California Civil Code §1798.83 permits California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. We do not share personal information with third parties for their own direct marketing without your consent. You may still contact us at support@peplynx.com with “Shine the Light Request” in the subject line.

8. NEVADA PRIVACY RIGHTS

Nevada residents may submit a request directing us not to sell certain “covered information” as defined by Nevada law. We do not sell covered information as defined under Nevada law, but you may submit a request by emailing support@peplynx.com with “Nevada Do Not Sell” in the subject line.

9. VIRGINIA, COLORADO, CONNECTICUT, AND UTAH PRIVACY RIGHTS

Residents of Virginia, Colorado, Connecticut, and Utah may have additional rights, including:

• Access to personal data;
  
• Correction of inaccuracies;
  
• Deletion of personal data;
  
• Data portability;
  
• The right to opt out of:
  
  • Targeted advertising;
    
  • Sale of personal data;
    
  • Certain profiling activities.
    

You may exercise these rights by emailing support@peplynx.com with “Privacy Request – [Your State]” in the subject line. We may provide an appeals process if your request is denied, as required by applicable law.

10. DATA SECURITY

10.1 Security Measures

We implement reasonable technical, administrative, and physical safeguards designed to protect personal information, including:

• HTTPS/SSL encryption for data in transit;
  
• Restricted access to systems containing personal information;
  
• Use of reputable hosting and infrastructure providers;
  
• Access controls and authentication for administrative accounts;
  
• Routine monitoring and logging.
  

10.2 Payment Security

Payment card information is processed by PCI-DSS–compliant payment processors. We do not store full payment card numbers or security codes on our systems.

10.3 Security Limitations

No method of transmission or storage is completely secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and promptly notifying us of any suspected unauthorized use.

10.4 Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you and applicable authorities in accordance with applicable law.

11. CHILDREN’S PRIVACY

The Services are intended for adults engaged in lawful research or purchasing on behalf of organizations. Our products are not for human or veterinary use.

We do not knowingly collect personal information from individuals under 18. If we learn that we have collected personal information from a minor, we will delete it promptly. If you believe a minor has provided information to us, please contact support@peplynx.com with “Child Privacy Concern” in the subject line.

12. INTERNATIONAL DATA TRANSFERS

Our Services are primarily operated in the United States. If you access the Services from outside the U.S., your information may be transferred to and processed in the U.S., where data protection laws may differ from those in your jurisdiction.

By using the Services, you acknowledge and consent to this transfer, subject to any applicable legal protections and safeguards.

For EEA/UK/Swiss users, we rely on appropriate legal mechanisms (such as Standard Contractual Clauses) where required to protect personal data transferred to the U.S.

13. DATA RETENTION

We retain personal information for as long as reasonably necessary to:

• Provide the Services and fulfill orders;
  
• Maintain and secure accounts;
  
• Meet legal, tax, and regulatory obligations;
  
• Resolve disputes and enforce agreements;
  
• Support legitimate business operations (e.g., analytics and planning).
  

Retention periods vary by data type and legal requirements. When information is no longer needed, we will delete it or de-identify it where feasible.

14. THIRD-PARTY LINKS AND SERVICES

The Services may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices, security, or content of those third parties.

We encourage you to review the privacy policies of any third-party sites or services you visit.

15. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect:

• Changes in our business or Services;
  
• Changes in applicable laws or regulations;
  
• Improvements to clarity or completeness.
  

We will update the “Last Updated” date at the top of this Privacy Policy and may provide additional notice (e.g., email, Site banner) for material changes. Your continued use of the Services after changes become effective constitutes your acceptance of the revised Privacy Policy.

16. DO NOT TRACK SIGNALS

Some browsers offer a “Do Not Track” (“DNT”) setting. There is currently no universally accepted standard for responding to DNT signals, and we do not respond to DNT signals at this time. You can manage tracking technologies through your browser settings and other tools described in this Privacy Policy.

17. ACCESSIBILITY

We are committed to making this Privacy Policy accessible. If you have difficulty reviewing it due to a disability or require it in an alternative format, please contact support@peplynx.com with “Accessibility Assistance” in the subject line, and we will work with you to provide appropriate accommodations.

18. CONTACT US

If you have questions or concerns about this Privacy Policy or our privacy practices, please contact us:

PepLynx Biotech
Email: support@peplynx.com
Website: peplynx.com

For state- or region-specific privacy requests, you may also use the subject lines below:

• “CCPA Privacy Request” (California)
  
• “Privacy Request – [Your State]” (Virginia, Colorado, Connecticut, Utah, Nevada)
  
• “GDPR Privacy Request” (EEA/UK/Swiss residents)
  

We aim to respond to privacy-related inquiries within a reasonable period and within any timelines required by applicable law.

19. EFFECTIVE DATE AND ACKNOWLEDGMENT

This Privacy Policy is effective as of October 23, 2025. By using the Services after this date, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.