Privacy Policy
This privacy policy is a preliminary scaffold under GDPR Art. 13 and 14. The final text will be reviewed by counsel before public indexing.
1. Controller
The operator of Evidence Peptides is responsible for data processing on this website. Address, authorised representatives and contact details are listed in the imprint.
2. What we process
When you visit the public platform (Phase 1: lexicon, studies, tools, blog), we process only technically necessary data — IP address, browser type, timestamp — for a maximum of 14 days. Tracking cookies are not set without your explicit consent. If you decline the cookie banner, the platform runs without analytics.
3. Companion app (Phase 2)
When you use the companion app (sign-in via Clerk, data processing in Frankfurt), we treat the data you enter as special categories under GDPR Art. 9 (health data). The legal basis is your explicit consent under Art. 9 (2) (a). Health-related fields (protocol, well-being, lab values, body metrics) are encrypted application-side with AES-256-GCM before being written to the database. The key is held outside the database.
4. Newsletter
If you sign up for the newsletter, we store your email address via the dispatch service Buttondown (US provider, DPA and Standard Contractual Clauses under GDPR Art. 46). You receive a confirmation email (double opt-in). You can unsubscribe at any time via the link at the end of each newsletter.
5. External services
The public platform includes external links to PubMed, regulatory websites (FDA, EMA, BfArM), specialist journals and manufacturer documentation. When you click them, you are redirected to the respective external site — their own privacy policies then apply.
6. Your rights
Under GDPR you have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20) and objection (Art. 21). The companion app provides export and account deletion under 'Profile → Data'. For other requests, contact us at the address in the imprint.
7. Right to lodge a complaint
You have the right to lodge a complaint with a data protection supervisory authority — typically the authority in the federal state of the controller or of your residence.
8. Changes
This statement may be adapted to legal or technical changes. The currently published version applies — earlier versions are available on request.