Disclosed LabsDisclosed Labs

Privacy Policy

Last updated: April 1, 2026

1. Information We Collect

Information you provide

  • Account data: email address and password when you create an account
  • Order data: email address, shipping address (if provided), and order details when you make a purchase
  • Nomination data: supplier name, peptide name, website URL, and email when you submit a supplier nomination
  • Subscription data: email address when you subscribe to batch updates

Information collected automatically

  • IP address (used for rate limiting and security)
  • Browser type and device information
  • Pages visited and referral source

Payment information

Payment card information is collected and processed directly by Stripe. We never see, store, or have access to your full card number. See Stripe’s Privacy Policy.

2. How We Use Your Information

  • Process and fulfill orders
  • Send order confirmations and shipping updates
  • Notify you when nominated suppliers are tested or batch results are published
  • Provide account access and order history
  • Prevent fraud and enforce rate limits
  • Improve the platform
  • Comply with legal obligations

3. We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties. Period.

4. Third-Party Services

We share data with these services only as needed to operate:

  • Stripe — payment processing (receives email, card info, order amount)
  • Resend — email delivery (receives email addresses for transactional emails)
  • Vercel — hosting (processes web requests)

5. Cookies

We use the following cookies:

  • user-token — session cookie for buyer account authentication (HTTP-only, 30-day expiry)
  • admin-token — session cookie for admin authentication (HTTP-only, 7-day expiry)
  • disclaimer-accepted — stores whether you accepted the research use disclaimer (localStorage, persistent)

We do not use third-party tracking cookies, advertising cookies, or cross-site tracking.

6. Data Retention

Account data is retained for as long as your account is active. Order data is retained indefinitely for legal and tax compliance. You may request deletion of your account data by contacting us.

7. Your Rights

Depending on your location, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Request deletion of your personal information
  • Opt out of marketing communications
  • Request a copy of your data in a portable format

California residents have additional rights under the CCPA/CPRA. To exercise any of these rights, contact us at privacy@disclosedlabs.com.

8. Security

We use reasonable security measures to protect your personal information, including encrypted connections (HTTPS), hashed passwords (bcrypt), HTTP-only session cookies, and rate limiting on authentication endpoints. No system is perfectly secure, but we take data protection seriously.

9. Children

This Site is not intended for anyone under 18 years of age. We do not knowingly collect personal information from minors.

10. Changes

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the Site.

11. Contact

For privacy inquiries, contact us at privacy@disclosedlabs.com.

Text us anytime