Independent HPLC reports bundled · Free shipping over $150
Vesta

Draft template — not legal advice. These pages are a starting structure. Have qualified counsel review and adapt before relying on them in production. Last revised by counsel: [pending review].

Privacy policy

Last updated: 2026-06-30 · draft

This policy explains what information Vesta Peptides collects, how we use it, and what choices you have. We try to collect only what we need to ship your order and reply to you.

1. What we collect

When you place an order or contact us we collect: your name, email, phone (if provided), shipping address, institution (if provided), order contents, and payment metadata supplied by the payment processor you use (we do not see or store full bank account or card numbers ourselves). When you browse the site we collect standard server logs: IP address, browser user-agent, and pages visited.

2. What we use it for

We use the data above to: fulfil and ship your order, reply to your messages, send batch HPLC certificates and order status updates, comply with customs declarations and tax reporting, prevent fraud and abuse, and improve the site. We do not sell your personal data to third parties, ever.

3. Third parties we share with

We share the minimum data needed with: the payment processor you choose at checkout (Paynote for ACH, CoinPayments for crypto, etc.), DHL Express (shipping & customs), Postmark (transactional email), and Cloudflare (DDoS protection and CDN). Each is bound by its own privacy policy and contract terms with us.

4. Cookies and analytics

We use a single first-party session cookie to keep your cart and login state working. We use Plausible for privacy-respecting aggregate analytics; Plausible does not set tracking cookies or fingerprint visitors. We do not use Google Analytics, Facebook Pixel, or comparable cross-site trackers.

5. Retention

Order records and customs paperwork: retained for seven years to satisfy US import recordkeeping requirements. Contact form submissions: retained for two years. Account profiles: retained until you delete the account, then purged within 30 days except where law requires longer retention.

6. Your rights

You can ask us to access, correct, export, or delete your personal data. EU/UK residents have the additional rights granted by GDPR; California residents have the additional rights granted by CCPA/CPRA. To exercise any right, email privacy@vestapeptides.com from the address on your account. We will respond within 30 days.

7. Security

We transport data over TLS 1.3, store at-rest data encrypted via AES-256, and limit production database access to two named engineers. We do not retain payment card or bank account numbers on our systems; tokens issued by the payment processors are stored instead.

8. International transfers

Vesta operates from Guangzhou, China and Atlanta, Georgia, USA. Personal data you submit will be processed in both jurisdictions to fulfil your order and provide support. Where required by law (GDPR, UK GDPR), we use Standard Contractual Clauses for cross-border transfers.

9. Children

The site is not directed to anyone under 21. We do not knowingly collect data from minors. If you believe a minor has provided us data, contact us and we will delete it.

10. Changes to this policy

We may revise this policy. The “last updated” date at the top reflects the latest change. Material changes will be notified to registered account holders by email.

11. Contact