PeptidesDNA
Order DNA Kit →

Privacy Policy

Last updated: May 25, 2026

1. What we collect

Account information: Name, email address, password (hashed). Collected when you create an account.

Payment information: Processed securely by Stripe. We do not store credit card numbers.

Genetic data: When you upload a raw genetic data file (from 23andMe, AncestryDNA, MyHeritage, or similar providers), we extract specific genetic markers (SNPs) relevant to peptide matching. The raw file is stored securely and can be deleted at any time from your dashboard. Extracted markers and your generated report are stored as part of your account data.

Analytics: We collect anonymized usage data (pages visited, device type, general location) via Vercel Analytics to improve our service.

2. How we use genetic data

Your genetic data is processed solely to generate your personalized peptide match report. Specifically, we:

  • Extract relevant SNP genotypes from your uploaded raw data file
  • Score peptide compounds against your genetic markers
  • Generate your personalized report (scores, dosing considerations, interactions, protocol suggestions)
  • Store extracted markers and your report in your account for your access

We do NOT:

  • Sell, rent, or share your genetic data with third parties
  • Provide your genetic data to insurance companies or employers
  • Use your genetic data for research without your separate, explicit, optional consent
  • Share your genetic data with advertisers or data brokers
  • Transfer your genetic data to countries of concern as defined by the DOJ Bulk Data Rule

3. Consent for genetic data processing

Before uploading genetic data, you provide explicit consent for its processing through separate consent checkboxes. This consent covers:

  • Primary processing: Analyzing your genetic data to generate your report
  • Data storage: Storing extracted genetic markers as part of your account
  • Research use (optional): Using de-identified data to improve our analysis algorithms — this is a separate, optional consent that you can withdraw at any time

You can withdraw consent at any time by deleting your genetic data from your dashboard settings. Withdrawal of consent does not affect the lawfulness of processing performed before withdrawal.

4. Data storage and security

Your data is stored on Supabase infrastructure (US-hosted) with industry-standard security measures including encryption at rest and in transit (TLS/SSL). Access to genetic data is restricted through row-level security policies — only you can access your own data through the application.

We implement access controls to limit which personnel can access the database infrastructure. No security system is 100% secure, and we cannot guarantee absolute security of your data.

5. Third-party services

We use the following service providers:

  • Supabase: Database and file storage (US-hosted)
  • Vercel: Website hosting and analytics (US-hosted)
  • Stripe: Payment processing
  • Resend: Transactional emails

Each provider processes data only as necessary to provide their service and is bound by their own privacy and security commitments. Your raw genetic data file and extracted markers are stored in Supabase only.

6. Your rights

You have the right to:

  • Access: View all data we store about you (available from your dashboard and via data export)
  • Delete: Permanently delete your genetic data, reports, or your entire account at any time from dashboard settings
  • Export: Download all your data as a JSON file from your profile settings
  • Withdraw consent: Revoke consent for genetic data processing at any time
  • Correct: Update your account information from your profile

California residents: You have additional rights under the California Genetic Information Privacy Act (GIPA) and the California Consumer Privacy Act (CCPA), including the right to know what genetic data we collect, how it is used, and to whom it is disclosed. You may also request that we limit the use of your sensitive personal information. To file a complaint, contact the California Attorney General at oag.ca.gov.

EU/UK residents: You have additional rights under GDPR/UK GDPR, including the right to data portability, the right to restrict processing, and the right to lodge a complaint with a supervisory authority. Our legal basis for processing genetic data is your explicit consent (GDPR Article 9(2)(a)).

7. Data retention

We retain your genetic data and reports for as long as your account is active. When you delete your genetic data or account, all associated data is permanently removed from our systems. We do not retain copies of deleted data.

8. Children

PeptidesDNA is intended for adults 18 and older. We do not knowingly collect genetic data or personal information from anyone under 18.

9. Changes to this policy

We may update this policy periodically. Material changes will be communicated via email or prominent notice on this page. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Regulatory status

PeptidesDNA is a genetic interpretation service, not a healthcare provider. This service has not been evaluated by the FDA. PeptidesDNA is not a HIPAA-covered entity. We handle your genetic data according to applicable genetic privacy laws including the California Genetic Information Privacy Act (GIPA), the California Consumer Privacy Act (CCPA), and the EU General Data Protection Regulation (GDPR) where applicable.

11. Contact

For privacy inquiries or to exercise your rights: hello@peptidesdna.com

Get Your DNA Kit — $299