Privacy Policy
Peptide Price Comparison – Informational Platform

Effective date: March 2026
This privacy policy applies to the website operated as a non-commercial, informational price comparison platform for peptides. There are no affiliate links, no commercial revenue, no user accounts, and no cookies. Donations are accepted solely to cover maintenance and development costs but do not generate profit.

        ⚡ Key facts at a glance:

        • No affiliate programs, no earnings, no commercial interest.

        • No cookies, no tracking scripts, no analytics tools.

        • No user logins, no registration, no contact forms (unless explicitly stated).

        • Logs contain only timestamp, hashed IP, user agent, and visited page.

        • Logs deleted every month; only aggregated statistics kept.

        • Logs stored on a separate, hardened private server – hosting location is not publicly disclosed for security reasons.

        • Romania-based hosting (1984 Hosting) but no legal obligation to appoint a DPO; we still follow GDPR principles.

1. Controller & Contact

This website is operated by a private individual based outside any corporate structure. There is no company, no legal entity, and no commercial purpose. For any privacy-related inquiries, you can reach the operator at:

📧 privacy [at] peptidecompare [dot] org (placeholder – replace with actual email)
Responses are provided as promptly as possible. Since no personal data is actively collected, most inquiries relate to donation records or deletion requests.

2. No Active Collection of Personal Data

This platform does not collect any personal data through interactive features. Specifically:

❌ No user registration or login system.
❌ No comment sections, forums, or message boards.
❌ No contact forms (unless added later, which would be stated separately).
❌ No cookies, localStorage, sessionStorage, or fingerprinting scripts.
❌ No embedded third-party services (e.g., YouTube, Google Fonts, social media widgets).
❌ No affiliate links, ad networks, or analytics tools (like Google Analytics).

The sole purpose of the website is to provide publicly available information about peptide pricing from various platforms. No data is sold, shared, or used for marketing.

3. Server Logging – What Is Stored, How It Is Protected

When you visit the website, certain technical data is automatically recorded in server logs. This is necessary to ensure security, stability, and to detect potential attacks. The logging mechanism is designed with privacy in mind:

3.1 Data stored in logs

Timestamp – date and time of the request.
Hashed IP address – the original IP address is immediately hashed (using a strong one-way algorithm) so that it cannot be linked back to a specific individual without unreasonable effort. No plain-text IP addresses are stored.
User agent string – browser and operating system information (this data is not combined with other identifiers to build profiles).
Requested URL / page visited – which page was accessed on the site.

No device information beyond the user agent is recorded. No location data, precise geolocation, screen resolution, or battery status is collected.

3.2 Separate hardened server & storage

        🔒 Important security measure: All log files are stored on a separate, dedicated server that has been specifically hardened (firewall, intrusion detection, minimal access, encrypted storage). The hosting infrastructure and its exact location are intentionally not publicly disclosed to reduce attack surfaces and maintain operational security. Access to raw logs is restricted exclusively to the website operator. No third party has access.
    

3.3 Retention period and deletion

Raw log entries (including hashed IPs, user agents, timestamps, and accessed pages) are retained for a maximum of 30 days. On a monthly schedule, all log records are permanently deleted.

Aggregated statistical data (such as total page views per month, most visited comparison categories, etc.) may be kept indefinitely. Such statistics contain no personally identifiable information and cannot be traced back to individual visitors.

3.4 Purpose and legal basis

Processing is based on Art. 6(1)(f) GDPR (legitimate interests). The legitimate interests are:

Maintaining the technical security and integrity of the website.
Detecting and preventing denial-of-service attacks or malicious activities.
Ensuring stable performance and troubleshooting.

Because IP addresses are hashed and logs are purged monthly, the privacy impact is minimal and proportionate.

4. Hosting Provider

This website is hosted by:

1984 Hosting
Headquarters: Romania
The hosting company provides infrastructure and server hardware. They do not have access to the application-level logs described above. A data processing agreement (DPA) is in place in accordance with Art. 28 GDPR. The server is located within the European Economic Area (EEA), ensuring a high level of data protection.

Even though Romanian law does not mandate the appointment of a Data Protection Officer (DPO) for private individuals operating non-commercial sites, we voluntarily comply with GDPR transparency standards. The separate hardened server is privately maintained and not part of a public cloud environment.

5. Donations – Limited Data Processing

The website accepts voluntary donations to cover hosting costs, domain fees, and further development. Donations are not a condition for using the site, and they do not grant any commercial advantage.

When you make a donation through a third-party payment provider (e.g., PayPal, Stripe, or similar), the provider shares certain information with the operator:

Name (as provided by the donor).
Email address used for the transaction.
Donation amount and date.
Optional message if any.

Important: No payment card details, bank account information, or sensitive data are stored by the website operator. All payment processing is handled by the respective payment service under their own privacy policies.

Donor data is retained only as long as required for administrative follow-up (e.g., thanking donors, record-keeping for transparency) or to comply with potential tax obligations. You may request deletion of your donation record at any time by contacting the email above.

Legal basis: processing is necessary for the performance of a voluntary transaction (Art. 6(1)(b) GDPR) and for legitimate interests in maintaining the sustainability of the informational service.

6. No Cookies & No Tracking Technologies

This website does not use cookies – neither session cookies nor persistent cookies. No scripts set any kind of browser storage. There are no trackers, fingerprinting mechanisms, or pixels. Your visit remains anonymous except for the minimal logging described in section 3.

Since no consent banner is required, users are not interrupted by cookie pop-ups. The platform respects Do Not Track signals, although they are not specifically processed because no tracking exists.

7. Data Sharing & Third Parties

Except for the hosting provider (1984 Hosting) and payment processors involved in donations, no data is shared with third parties. The operator does not sell, rent, or trade any information. There is no integration with advertising networks, analytics services, or social media platforms. The website is completely standalone.

In the rare event of a legal obligation (e.g., court order based on applicable law), data could be disclosed only if strictly required and after legal verification. However, given that IPs are hashed and logs are short-lived, such cases are highly unlikely.

8. Your Rights as a Data Subject

Because the website does not collect personal data beyond hashed logs and optional donation records, the practical scope of data subject rights is limited. Nevertheless, the operator respects your rights under the GDPR and similar frameworks. You can exercise the following rights by contacting the email address in Section 1:

Right to access (Art. 15 GDPR) – obtain confirmation whether any personal data concerning you is processed, and request a copy.
Right to rectification (Art. 16 GDPR) – correct inaccurate data.
Right to erasure (“right to be forgotten”) (Art. 17 GDPR) – request deletion of your personal data (e.g., donation records).
Right to restriction of processing (Art. 18 GDPR).
Right to data portability (Art. 20 GDPR).
Right to object (Art. 21 GDPR) – object to processing based on legitimate interests.

Since IP addresses are stored only in hashed form and are deleted monthly, providing specific logs tied to an individual would require you to provide the exact timestamp and hashed value, which is technically not feasible for most users. However, any donation-related data will be handled promptly upon request.

You also have the right to lodge a complaint with a supervisory authority, particularly in your habitual residence, place of work, or the location of the alleged infringement. For users in the EU, the relevant authority can be found via the European Data Protection Board.

📌 Voluntary GDPR compliance note: Even though the website is operated by a private individual outside a formal organization, and hosting is based in Romania (where private non-commercial sites may not be subject to strict DPO obligations), we voluntarily adhere to the core principles of the GDPR: transparency, data minimization, purpose limitation, and accountability. The separate hardened server and hashing of IP addresses reflect our commitment to privacy by design.

9. Security Measures

The operator implements several technical and organizational measures to safeguard any data processed:

All server infrastructure is protected with firewalls, regular security updates, and strict access controls.
The dedicated log server is isolated from the public-facing web server, reducing exposure.
IP addresses are hashed before storage using a cryptographically strong algorithm.
Access to server logs requires SSH key authentication and is restricted to the operator only.
Automatic deletion routines ensure logs do not exceed the 30-day retention period.

While no system can be 100% secure, these measures reduce risks to a reasonable level appropriate for a non-commercial informational platform.

10. Children’s Privacy

This website is not directed toward individuals under the age of 16. The content is intended for adults interested in peptide research and price comparison. The operator does not knowingly collect any information from minors. If you believe a minor has provided donation details or contacted the operator, please reach out so that the information can be removed.

11. International Data Transfers

All servers (hosting and the separate hardened log server) are physically located within the European Economic Area (EEA). No transfers of raw log data or personal data occur outside the EEA. In case a payment processor (for donations) operates outside the EEA, the respective processor’s data transfer safeguards (such as Standard Contractual Clauses) will apply. Donors are encouraged to review the privacy policies of the payment providers before completing a transaction.

12. Changes to This Privacy Policy

This privacy policy may be updated occasionally to reflect technical changes, legal requirements, or operational improvements. Any material changes will be indicated by updating the “Effective date” at the top of this document. We encourage visitors to review this page periodically. Because no user accounts exist, we cannot proactively notify individuals; however, the policy will always remain accessible under the /privacy page.

13. Summary of Processing Activities

For clarity, here is a concise overview of data handling on this platform:

Category	Data collected	Retention
Server logs (routine)	Timestamp, hashed IP, user agent, visited page	Max. 30 days, then deleted. Aggregated stats kept without personal reference.
Donations (optional)	Name, email, donation amount, date (via payment processor)	Retained as needed for administrative/transparency purposes; deletion possible on request.
Cookies / trackers	None	Not applicable

14. Contact for Privacy Concerns

If you have any questions about this privacy policy, the data handling practices, or if you wish to exercise your data protection rights, please reach out via email:

✉️ privacy [at] peptidecompare [dot] org
(Replace with the actual contact address before publishing.)

You may also send a postal request using the contact details provided upon request. To ensure timely handling, please mention “Privacy request” in the subject line.

Privacy PolicyPeptide Price Comparison – Informational Platform