Privacy Policy

how we collect, use, and protect your information

last updated: june 19, 2026

Introduction

Peptides Academy is the trade name under which FNA Enterprise LLC, a Florida limited liability company (Florida fictitious name registration G26000059170), operates this site. In this privacy policy, "FNA Enterprise LLC," "Peptides Academy," "we," "us," or "our" all refer to the same entity. This privacy policy explains how we collect, use, disclose, and safeguard your information when you visit our websites (peptidesacademy.co and peptidesacademy.shop) and use our services.

by accessing or using our platform, you agree to the collection and use of information in accordance with this policy. if you do not agree, please discontinue use of the site.

Information We Collect

account information

when you create an account, we collect your email address, username, and an encrypted password. this information is stored securely through our authentication provider, Supabase.

purchase information

when you purchase a course or bundle, payment processing is handled entirely by Stripe. we do not store credit card numbers, bank account details, or other sensitive financial information on our servers. we receive a confirmation of your purchase and associate it with your account.

mailing list and quiz funnel data

when you interact with our landing page quiz funnel or subscribe to our mailing list, we collect your email address, self-reported knowledge level, and peptide interest area. this information is used to personalize your experience and send relevant educational content.

quiz and exercise data

we collect and store quiz attempts, scores, completion status, and exercise results associated with your account. this data is used to track your learning progress, generate certificates, calculate XP and achievements, and improve our educational content.

AI chatbot data

when you use our AI chatbot feature (powered by Google's Gemini API), we process the messages you submit. chat messages are rate-limited by IP address to prevent abuse. your chat messages may be used to operate, secure, and improve the service. chat messages are transmitted to Google as our AI provider for processing and are subject to Google's privacy policy.

IP address

we collect your IP address for the purposes of chat rate limiting, security monitoring, fraud prevention, and compliance with applicable law. separately, if you opt in to advertising cookies, your IP address is included (alongside a hashed email and ad click identifiers) in the conversion data we share with Meta and Reddit for ad-attribution and retargeting, as described in the "Meta Pixel and Conversions API" and "Reddit Pixel and Conversions API" sections below. you can opt out of this sharing at any time using the "your privacy choices" link in the footer of every page.

referral data

if you participate in our referral program, we collect referral codes and track referral relationships between users. this data is used to administer the referral program and award applicable benefits.

community sentiment data

we aggregate publicly available data from public Reddit posts and other public forums to compute community sentiment ratings for peptides discussed on our platform. no personally identifiable information (PII) is collected in this process. sentiment data reflects aggregated public opinion and is not derived from user accounts on our platform.

usage data

we use browser localStorage to store your learning progress, quiz scores, theme preferences, and purchase status locally on your device. this data stays on your device and is not transmitted to our servers unless you have an account, in which case progress may be synced.

automatically collected information

when you visit our site, our hosting provider (Cloudflare) may automatically collect standard web server log data, including your IP address, browser type, referring pages, and timestamps. this data is used for security and performance purposes.

How We Use Your Information

we use the information we collect to:

  • create and manage your account
  • process purchases and grant access to paid content
  • track your learning progress, quiz results, and exercise completion
  • generate completion certificates
  • communicate with you about your account or purchases
  • send marketing and educational communications (if you have opted in)
  • provide AI chatbot responses to your inquiries
  • administer referral programs
  • rate-limit chatbot usage and prevent abuse
  • analyze website traffic and usage patterns via Google Analytics and Microsoft Clarity
  • improve our platform and educational content
  • detect and prevent fraud, abuse, or security incidents
  • comply with applicable legal obligations

we do not sell your personal information for money. however, when you opt in to advertising cookies, we share a limited subset of online-activity and identifier data (including a hashed email, IP address, and ad click identifiers) with Meta (Facebook/Instagram) and Reddit for ad-attribution measurement and educational-content retargeting. because this is disclosure to advertising networks for cross-context behavioral advertising, it qualifies as "sharing" (and may be treated as a "sale") under the California Consumer Privacy Act as amended by the CPRA. see "Meta Pixel and Conversions API" and "Reddit Pixel and Conversions API" in the Third-Party Services section below for the exact data shared, the consent gate, and how to opt out. you can opt out of this sharing at any time using the "your privacy choices" link in the footer of every page (our CCPA/CPRA opt-out mechanism), and we honor Global Privacy Control browser signals as a valid opt-out.

Third-Party Services

we use the following third-party services to operate our platform:

Google Analytics

we use Google Analytics (measurement ID: G-J16JDD67M2) to analyze website traffic and usage patterns. Google Analytics sets tracking cookies on your device (including _ga and _gid cookies) that collect information such as your IP address, browser type, pages visited, time spent on pages, and referring URLs. this data is used to understand how visitors interact with our platform so that we can improve our content and user experience. Google may use this data in accordance with Google's privacy policy. you can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.

Microsoft Clarity

we partner with Microsoft Clarity to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay so we can improve our product. website usage data is captured using first-party and third-party cookies and other tracking technologies to determine the popularity of products and online activity. this information is also used for site optimization, fraud and security purposes. Clarity does not collect any text you enter into form fields, and we have masking enabled to suppress sensitive content by default. for more information about how Microsoft collects and uses your data, see the Microsoft Privacy Statement. you can opt out of Microsoft Clarity by declining analytics cookies in our cookie banner, or globally via the Digital Advertising Alliance opt-out page (select Microsoft).

Meta Pixel and Conversions API

we use the Meta Pixel (a small browser script from Meta Platforms, Inc., the parent of Facebook and Instagram) and the Meta Conversions API (server-to-server event reporting) to measure how well our educational ads perform. these tools help us understand which ads led you to our courses so we can spend our advertising budget on what actually works. we do not use these tools to advertise peptide products, dosing, sourcing, treatments, or outcomes — our ads promote peptide-science education only.

data shared with Meta: a hashed (one-way SHA-256 transformed) version of your email address, your IP address, your browser user-agent, the URL you visited, the page-load and any purchase event with its dollar amount and a generic course identifier (e.g., "ghk-cu"), and Meta's own first-party cookies (`_fbp`, `_fbc`) if present. we do not send peptide-content beyond the generic course identifier, health claims, dosing data, lab results, signup-form answers, quiz answers, or any other sensitive information.

consent and gating: for visitors in the European Economic Area, the United Kingdom, and Switzerland, the Meta Pixel only loads after you affirmatively accept advertising cookies in our cookie banner. for visitors outside those regions the pixel may load by default, and you can opt out at any time via the "your privacy choices" link in our footer. server-side Conversions API events fire only for actions you knowingly initiate (signing up, purchasing) and use the same consent state. if your browser sends a Global Privacy Control signal, the pixel never loads and no Meta sharing occurs.

opt out: you can withdraw consent at any time using the "your privacy choices" link in the footer of every page. opening it lets you turn off analytics and advertising cookies (including the Meta Pixel and Conversions API), which flips your stored consent to declined, revokes Google analytics/ad consent, and stops further pixel loading; this applies even if you previously accepted. you can also decline cookies in our banner, or set Meta's Ad Settings to limit ad personalization. for full details on how Meta processes data, see Meta's Privacy Policy and the Meta Pixel privacy notice.

Reddit Pixel and Conversions API

we use the Reddit Pixel (a small browser script from Reddit, Inc.) and the Reddit Conversions API (server-to-server event reporting) to measure how well our educational ads on Reddit perform, so we can spend our advertising budget on what actually works. we do not use these tools to advertise peptide products, dosing, sourcing, treatments, or outcomes — our ads promote peptide-science education only.

data shared with Reddit: a hashed (one-way SHA-256 transformed) version of your email address, a hashed account identifier, your IP address, your browser user-agent, the Reddit ad click identifier (`rdt_cid` / `_rdt_cid`) if present, and the page-visit and any purchase event with its dollar amount and a generic course identifier (e.g., "ghk-cu"). we do not send peptide-content beyond the generic course identifier, health claims, dosing data, lab results, signup-form answers, quiz answers, or any other sensitive information.

consent and gating: for visitors in the European Economic Area, the United Kingdom, and Switzerland, the Reddit Pixel only loads after you affirmatively accept advertising cookies in our cookie banner. for visitors outside those regions the pixel may load by default, and you can opt out at any time via the "your privacy choices" link in our footer. server-side Conversions API events fire only for actions you knowingly initiate (signing up, purchasing) and use the same consent state. if your browser sends a Global Privacy Control signal, the pixel never loads and no Reddit sharing occurs.

opt out: you can withdraw consent at any time using the "your privacy choices" link in the footer of every page, which turns off the Reddit Pixel and Conversions API along with the other advertising cookies. for details on how Reddit processes data, see Reddit's Privacy Policy.

Supabase

provides authentication and database services. your email, username, and account data are stored on Supabase's infrastructure, which is hosted on servers located in the United States. see Supabase's privacy policy for details.

Stripe

handles all payment processing. when you make a purchase, you interact directly with Stripe's secure payment infrastructure. see Stripe's privacy policy for details.

Cloudflare

provides hosting, CDN, and security services. Cloudflare may collect standard web analytics data. content is distributed via Cloudflare's global content delivery network. see Cloudflare's privacy policy for details.

Resend

we use Resend (Resend, Inc.) as our email delivery service provider to send transactional emails (such as account, purchase, and security notifications) and, where you have opted in, educational and marketing emails. to do this, Resend processes your email address and related email-engagement events (such as deliveries, opens, and clicks). see Resend's privacy policy for details.

Google Gemini

our AI chatbot feature uses Google's Gemini API. when you submit messages to the chatbot, your messages are transmitted directly to Google for processing as our AI provider. see Google's privacy policy for details.

Google Fonts

we load the Inter typeface from Google Fonts. this may result in your browser making requests to Google's servers. see Google's privacy policy for details.

Cookies and Local Storage

cookies

we use the following types of cookies:

  • essential cookies: our authentication provider (Supabase) sets session cookies to maintain your login state. these cookies are strictly necessary for the service to function.
  • analytics cookies: Google Analytics sets tracking cookies (including _ga, _gid, and related cookies) to collect anonymized usage data about how visitors interact with our platform. the _ga cookie persists for up to 2 years; the _gid cookie persists for 24 hours. Microsoft Clarity sets first-party cookies (including _clck and _clsk) to enable session replay and heatmaps; _clck persists for up to 1 year, _clsk for 1 day.
  • advertising cookies and identifiers: when you opt in to advertising cookies, we and our ad partners set identifiers used for ad measurement and cross-context behavioral advertising (retargeting): Meta's `_fbp` and `_fbc` cookies and Reddit's `_rdt_cid` click-id cookie (each persists for up to 90 days), and ad click identifiers passed in the URL (such as `fbclid`, `gclid`, and `rdt_cid`) which we store to attribute ad clicks. these are set only after you affirmatively accept advertising cookies, and never when your browser sends a Global Privacy Control signal.
  • consent management: for visitors located in the European Economic Area, the United Kingdom, and Switzerland, we require explicit opt-in consent before loading any analytics or advertising cookies. for visitors outside those regions, analytics and advertising cookies (including Google Analytics, Microsoft Clarity, and the Meta and Reddit pixels) may load by default under an opt-out model. you may opt out at any time via the "your privacy choices" link in the footer or the opt-out tools linked above, and we honor Global Privacy Control browser signals as a valid opt-out. visitor location is determined by your IP address through Cloudflare.

you can control cookies through your browser settings. disabling essential cookies may prevent you from using certain features of the service. you can opt out of Google Analytics cookies specifically by using the Google Analytics Opt-out Browser Add-on.

local storage

we use browser localStorage to store:

  • your theme preference (dark or light mode)
  • learning progress and quiz scores
  • purchase unlock status
  • gamification data (XP, streaks, achievements)
  • cookie consent status
  • a persistent anonymous visitor identifier (`pa_visitor_id`) used to link your first-party site activity across visits and, if you create an account, to your account
  • marketing attribution data (UTM campaign parameters and ad click identifiers) for the source of your visit

this data is stored entirely on your device and can be cleared at any time through your browser settings.

Legal Basis for Processing (GDPR)

if you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data on the following legal bases:

  • consent: we process your data based on your consent for marketing communications (including mailing list subscriptions and quiz funnel opt-ins). you may withdraw your consent at any time by clicking "unsubscribe" in any email or contacting us.
  • contractual necessity: we process your data as necessary to perform our contract with you, including creating and managing your account, processing purchases, granting access to paid content, tracking learning progress, and generating certificates.
  • legitimate interest: we process your data based on our legitimate interests for site analytics (Google Analytics), security monitoring, fraud prevention, rate limiting, service improvement, and aggregating community sentiment data from public sources. our legitimate interests do not override your fundamental rights and freedoms.
  • legal obligation: we may process your data to comply with applicable legal obligations, such as tax reporting, responding to lawful requests from public authorities, or complying with court orders.

International Data Transfers

your personal data is stored and processed in the United States. specifically:

  • Supabase: our primary database and authentication provider hosts data on servers located in the United States (us-west-1 region).
  • Cloudflare: content is distributed via Cloudflare's global content delivery network (CDN), which may cache and serve content from servers located in various countries.
  • Stripe: payment processing is handled by Stripe, which processes data in the United States and other jurisdictions.
  • Google: Google Analytics data and AI chatbot data (via Google Gemini) are processed by Google in the United States and other jurisdictions.

if you are located outside the United States (including in the EEA, UK, or Switzerland), your personal data will be transferred to and processed in the United States, which may not provide the same level of data protection as your jurisdiction. by using the service, you consent to this transfer. where required by applicable law, we rely on appropriate safeguards for such transfers, including standard contractual clauses adopted by the European Commission.

Your Rights

depending on your location, you may have the following rights regarding your personal data:

  • access - request a copy of the personal data we hold about you
  • correction - request correction of inaccurate data
  • deletion - request deletion of your personal data and account
  • portability - request your data in a portable format
  • opt-out - opt out of any marketing communications

to exercise any of these rights, contact us at contact@peptidesacademy.co. we will respond to your request within 30 days (or such shorter period as may be required by applicable law).

European Residents (GDPR)

if you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following additional rights under the General Data Protection Regulation (GDPR) and equivalent local laws:

  • right to object - you may object to our processing of your personal data based on legitimate interests. we will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
  • right to restrict processing - you may request that we restrict the processing of your personal data in certain circumstances (e.g., while we verify the accuracy of your data).
  • right to withdraw consent - where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of prior processing.
  • right to lodge a complaint - you have the right to lodge a complaint with your local data protection supervisory authority.
  • right to data portability - you may request to receive your personal data in a structured, commonly used, and machine-readable format.

FNA Enterprise LLC acts as the data controller for the purposes of GDPR. our contact information is: contact@peptidesacademy.co.

California Residents (CCPA / CPRA)

if you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • right to know: you have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business purpose for collecting it, and the categories of third parties with whom we share it.
  • right to delete: you have the right to request the deletion of personal information we have collected about you, subject to certain exceptions permitted by law (such as information needed to complete a transaction or comply with a legal obligation).
  • right to correct: you have the right to request that we correct inaccurate personal information we maintain about you.
  • right to opt-out of sale or sharing: you have the right to opt out of the "sale" or "sharing" of your personal information. when you opt in to advertising cookies, we share identifiers and internet-activity information with Meta and Reddit for cross-context behavioral advertising (retargeting and ad-attribution measurement), which is "sharing" (and may be treated as a "sale") as those terms are defined under the CCPA/CPRA. you can exercise your right to opt out at any time using the "your privacy choices" link in the footer of every page — this is our designated CCPA/CPRA opt-out mechanism — and we also honor Global Privacy Control browser signals as a valid opt-out request for the browser sending them.
  • right to non-discrimination: we will not discriminate against you for exercising your CCPA/CPRA rights.

categories of personal information collected: identifiers (email, username, IP address, online and advertising identifiers), commercial information (purchase records), internet activity (browsing history, interactions with our site), and inferences (quiz results, learning progress).

categories shared for cross-context behavioral advertising: when you opt in to advertising cookies, we share identifiers (a hashed email, IP address, and ad click identifiers) and internet-activity information (page visits and conversion events) with advertising networks (Meta and Reddit). we do not share this information with anyone if you decline advertising cookies, exercise the opt-out, or send a Global Privacy Control signal.

no monetary sale of personal information: FNA Enterprise LLC does not sell your personal information to third parties for monetary consideration, and we do not knowingly share or sell the personal information of consumers under 16 years of age. our only "sharing"/"sale" under the CCPA/CPRA is the advertising-cookie disclosure to Meta and Reddit described above, which is consent-gated and can be opted out of at any time.

how to opt out (two or more methods): we provide more than one designated method to opt out of the "sale" or "sharing" of your personal information: (1) the "your privacy choices" opt-out link in the footer of every page; (2) emailing us at contact@peptidesacademy.co; and (3) sending a Global Privacy Control (GPC) browser signal, which we automatically honor as a valid opt-out for the browser sending it. you do not need to create an account to exercise any of these.

request metrics: FNA Enterprise LLC is a small business that does not buy, sell, or share the personal information of 10 million or more California consumers in a calendar year, so we are not required to compile or publish the annual consumer-request metrics described in 11 CCR 7102. we will provide information about requests we received on request where required by law.

to submit a CCPA/CPRA request, contact us at contact@peptidesacademy.co or use the "your privacy choices" link in the footer. we will verify your identity before processing your request and respond within 45 days.

Data Security

we implement reasonable technical and organizational measures to protect your personal information. all data transmission is encrypted via HTTPS/TLS. authentication is handled through Supabase's secure infrastructure with encrypted password storage.

however, no method of electronic transmission or storage is 100% secure. while we strive to protect your data, we cannot guarantee absolute security.

Data Retention

we retain your personal data for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law. specific retention periods are as follows:

  • account information (email, username, password hash): retained for as long as your account is active. upon account deletion request, deleted within 30 days.
  • purchase records: retained for 7 years after the transaction date, as required for tax and accounting compliance.
  • learning progress, quiz data, and exercise results: retained for as long as your account is active. deleted upon account deletion.
  • chat data and logs: chat-related records (such as usage telemetry and the limited message data we retain to operate, secure, and improve the chat feature) are kept for as long as necessary for those purposes, and we delete or de-identify data we no longer need in the ordinary course of business.
  • IP address logs (for rate limiting and security): retained only for as long as necessary for rate limiting, security, fraud prevention, and legal-compliance purposes, after which they are deleted or de-identified in the ordinary course of business.
  • Google Analytics data: retained for 14 months in accordance with Google's data retention settings, after which it is automatically deleted.
  • referral data: retained for as long as the referral program is active and your account exists.
  • mailing list data: retained until you unsubscribe, at which point your email is removed from active mailing lists within 10 business days.
  • certificates: retained indefinitely to allow verification, unless you request deletion.

if you request account deletion, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes as described above.

localStorage data on your device persists until you clear it manually or clear your browser data.

Children's Privacy

our platform is not intended for individuals under the age of 18. we do not knowingly collect personal information from children. if you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will delete it.

Changes to This Policy

we may update this privacy policy from time to time. changes will be posted on this page with an updated "last updated" date. continued use of the platform after changes constitutes acceptance of the updated policy.

Contact Us

if you have questions about this privacy policy or our data practices, contact us at:

FNA Enterprise LLC d/b/a Peptides Academy
email: contact@peptidesacademy.co