Full access is free for 10 days — all peptide deep-dives, research, and dosing protocols are open to everyone.
PeptideSciences101NH2COOH
PeptideSciences101

Privacy Policy

Last updated: May 31, 2026

This Privacy Policy describes what information PeptideSciences101 collects, how we use it, and your choices.

1. Information we collect

We collect only the minimum information needed to operate the site:

  • Account information you provide when you sign up: first name, last name, email address, date of birth (for the 21+ age confirmation), and a hashed password. Passwords are stored as bcrypt hashes; we never store, log, or transmit them in plain text.
  • Content you submit: forum posts and replies, saved peptides, and custom protocol entries.
  • Email subscriptions: the email address you provide if you subscribe to the newsletter.
  • Session cookies: a single signed JWT cookie (ps101_session) used to keep you signed in. It is HTTP-only, secure in production, and same-site lax.
  • Acknowledgment storage: a localStorage flag (ps101_agreement_v1) recording that you accepted the site terms before browsing.
  • Server logs: standard request logs maintained by our hosting provider (Netlify) for security and operations, including IP address and request metadata. These logs are not sold.

2. How we use information

  • To operate the site and provide member features.
  • To send transactional email (account-related, e.g. password reset) and, if you subscribe, the newsletter.
  • To detect and respond to abuse, fraud, or security incidents.
  • To comply with legal obligations.

We do not sell personal information, and we do not share it with third parties for their independent marketing.

3. Third-party services we use

PeptideSciences101 uses the following service providers, each of which has its own privacy practices:

  • Netlify — hosting and edge serving. Receives request data necessary to deliver pages.
  • Supabase — managed Postgres database used to store account and content data.
  • Resend — transactional email delivery (account and newsletter).
  • Google Analytics — anonymized aggregate site-usage analytics. Google Analytics may set cookies in your browser. You can opt out by installing the Google Analytics Opt-out Browser Add-on or by enabling “Do Not Track” in your browser.
  • Anthropic — the AI assistant at /ask sends your question to Anthropic’s API to generate a reply. Do not submit sensitive personal data to the assistant.

4. Data retention

We retain account and content data for as long as your account is active. If you delete your account or ask us to delete your data, we remove or anonymize personal identifiers, subject to backups and legal retention requirements. Server logs are retained for a limited period per our hosting provider’s default policies.

5. Security

We follow standard practice: HTTPS in transit, bcrypt password hashing, server-side row-level access via service-role credentials, and signed session cookies. New passwords are checked against the public HaveIBeenPwned breach database using k-anonymity (only the first five characters of the password’s SHA-1 hash leave the server) to discourage use of known-compromised passwords. No security measure is perfect; you use the site at your own risk.

6. Your California privacy rights (CCPA / CPRA)

If you are a California resident, you have the right under the California Consumer Privacy Act and California Privacy Rights Act to:

  • Know what personal information we have collected about you.
  • Request deletion of your personal information.
  • Request correction of inaccurate personal information.
  • Opt out of the “sale” or “sharing” of your personal information. We do not sell or share personal information as those terms are defined under the CCPA.
  • Be free from retaliation for exercising these rights.

To exercise these rights, email info@jabsystems.io from the address associated with your account. We will verify your identity before responding and reply within the timeframes required by law.

7. Children

The site is not directed to anyone under 21. We do not knowingly collect personal information from minors. If you believe a minor has provided us information, contact us and we will delete it.

8. International users

The site is operated from the United States. If you access the site from outside the U.S., your information is processed in the U.S., which may have different data-protection laws than your country.

9. Changes to this Policy

We may update this Policy. Material changes will be noted by updating the “Last updated” date.

10. Contact

Privacy questions: info@jabsystems.io.

See also: Terms of Use · Editorial disclaimer.