Privacy Policy

Introduction

Peptides Academy is the trade name under which FNA Enterprise LLC, a Florida limited liability company (Florida fictitious name registration G26000059170), operates this site. In this privacy policy, "FNA Enterprise LLC," "Peptides Academy," "we," "us," or "our" all refer to the same entity. This privacy policy explains how we collect, use, disclose, and safeguard your information when you visit our websites (peptidesacademy.co and peptidesacademy.shop) and use our services.

by accessing or using our platform, you agree to the collection and use of information in accordance with this policy. if you do not agree, please discontinue use of the site.

Information We Collect

account information

when you create an account, we collect your email address, username, and an encrypted password. this information is stored securely through our authentication provider, Supabase.

purchase information

when you purchase a course or bundle, payment processing is handled entirely by Stripe. we do not store credit card numbers, bank account details, or other sensitive financial information on our servers. we receive a confirmation of your purchase and associate it with your account.

mailing list and quiz funnel data

when you interact with our landing page quiz funnel or subscribe to our mailing list, we collect your email address, self-reported knowledge level, and peptide interest area. this information is used to personalize your experience and send relevant educational content.

quiz and exercise data

we collect and store quiz attempts, scores, completion status, and exercise results associated with your account. this data is used to track your learning progress, generate certificates, calculate XP and achievements, and improve our educational content.

AI chatbot data

when you use our AI chatbot feature (powered by Google Gemini via OpenRouter), we process and store the messages you submit. chat messages are rate-limited by IP address to prevent abuse. your chat messages may be used to improve the service. chat messages are processed by third-party AI providers and are subject to their respective privacy policies.

IP address

we collect your IP address for the purposes of chat rate limiting, security monitoring, fraud prevention, and compliance with applicable law. IP addresses are not linked to your personal profile for marketing purposes.

referral data

if you participate in our referral program, we collect referral codes and track referral relationships between users. this data is used to administer the referral program and award applicable benefits.

community sentiment data

we aggregate publicly available data from public Reddit posts and other public forums to compute community sentiment ratings for peptides discussed on our platform. no personally identifiable information (PII) is collected in this process. sentiment data reflects aggregated public opinion and is not derived from user accounts on our platform.

usage data

we use browser localStorage to store your learning progress, quiz scores, theme preferences, and purchase status locally on your device. this data stays on your device and is not transmitted to our servers unless you have an account, in which case progress may be synced.

automatically collected information

when you visit our site, our hosting provider (Cloudflare) may automatically collect standard web server log data, including your IP address, browser type, referring pages, and timestamps. this data is used for security and performance purposes.

How We Use Your Information

we use the information we collect to:

• create and manage your account
• process purchases and grant access to paid content
• track your learning progress, quiz results, and exercise completion
• generate completion certificates
• communicate with you about your account or purchases
• send marketing and educational communications (if you have opted in)
• provide AI chatbot responses to your inquiries
• administer referral programs
• rate-limit chatbot usage and prevent abuse
• analyze website traffic and usage patterns via Google Analytics and Microsoft Clarity
• improve our platform and educational content
• detect and prevent fraud, abuse, or security incidents
• comply with applicable legal obligations

we do not sell your personal information to third parties. we share a limited subset of conversion data with Meta (Facebook/Instagram) for ad-attribution measurement and educational-content retargeting — see "Meta Pixel and Conversions API" in the Third-Party Services section below for the exact data shared, the consent gate, and how to opt out.

Third-Party Services

we use the following third-party services to operate our platform:

Google Analytics

we use Google Analytics (measurement ID: G-J16JDD67M2) to analyze website traffic and usage patterns. Google Analytics sets tracking cookies on your device (including _ga and _gid cookies) that collect information such as your IP address, browser type, pages visited, time spent on pages, and referring URLs. this data is used to understand how visitors interact with our platform so that we can improve our content and user experience. Google may use this data in accordance with Google's privacy policy. you can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.

Microsoft Clarity

we partner with Microsoft Clarity to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay so we can improve our product. website usage data is captured using first-party and third-party cookies and other tracking technologies to determine the popularity of products and online activity. this information is also used for site optimization, fraud and security purposes. Clarity does not collect any text you enter into form fields, and we have masking enabled to suppress sensitive content by default. for more information about how Microsoft collects and uses your data, see the Microsoft Privacy Statement. you can opt out of Microsoft Clarity by declining analytics cookies in our cookie banner, or globally via the Digital Advertising Alliance opt-out page (select Microsoft).

Meta Pixel and Conversions API

we use the Meta Pixel (a small browser script from Meta Platforms, Inc., the parent of Facebook and Instagram) and the Meta Conversions API (server-to-server event reporting) to measure how well our educational ads perform. these tools help us understand which ads led you to our courses so we can spend our advertising budget on what actually works. we do not use these tools to advertise peptide products, dosing, sourcing, treatments, or outcomes — our ads promote peptide-science education only.

data shared with Meta: a hashed (one-way SHA-256 transformed) version of your email address, your IP address, your browser user-agent, the URL you visited, the page-load and any purchase event with its dollar amount and a generic course identifier (e.g., "ghk-cu"), and Meta's own first-party cookies (`_fbp`, `_fbc`) if present. we do not send peptide-content beyond the generic course identifier, health claims, dosing data, lab results, signup-form answers, quiz answers, or any other sensitive information.

consent and gating: the Meta Pixel only loads after you accept cookies in our cookie banner. for visitors located in the European Economic Area, the United Kingdom, or Switzerland, the banner requires explicit opt-in before any Meta script loads. server-side Conversions API events fire only for actions you knowingly initiate (signing up, purchasing) and use the same consent state.

opt out: decline cookies in our banner; clear your browser storage to be re-prompted; or set Meta's Ad Settings to limit ad personalization. for full details on how Meta processes data, see Meta's Privacy Policy and the Meta Pixel privacy notice.

Supabase

provides authentication and database services. your email, username, and account data are stored on Supabase's infrastructure, which is hosted on servers located in the United States. see Supabase's privacy policy for details.

Stripe

handles all payment processing. when you make a purchase, you interact directly with Stripe's secure payment infrastructure. see Stripe's privacy policy for details.

Cloudflare

provides hosting, CDN, and security services. Cloudflare may collect standard web analytics data. content is distributed via Cloudflare's global content delivery network. see Cloudflare's privacy policy for details.

OpenRouter / Google Gemini

our AI chatbot feature uses Google Gemini models accessed through the OpenRouter API. when you submit messages to the chatbot, your messages are transmitted to these third-party AI providers for processing. see OpenRouter's privacy policy and Google's privacy policy for details.

Google Fonts

we load the Inter typeface from Google Fonts. this may result in your browser making requests to Google's servers. see Google's privacy policy for details.

Cookies and Local Storage

cookies

we use the following types of cookies:

• essential cookies: our authentication provider (Supabase) sets session cookies to maintain your login state. these cookies are strictly necessary for the service to function.
• analytics cookies: Google Analytics sets tracking cookies (including _ga, _gid, and related cookies) to collect anonymized usage data about how visitors interact with our platform. the _ga cookie persists for up to 2 years; the _gid cookie persists for 24 hours. Microsoft Clarity sets first-party cookies (including _clck and _clsk) to enable session replay and heatmaps; _clck persists for up to 1 year, _clsk for 1 day.
• consent management: for visitors located in the European Economic Area, the United Kingdom, and Switzerland, we require explicit opt-in consent before loading analytics cookies. for visitors outside those regions, analytics cookies load by default and you may opt out at any time by clearing your browser storage or via the opt-out tools linked above. visitor location is determined by your IP address through Cloudflare.

you can control cookies through your browser settings. disabling essential cookies may prevent you from using certain features of the service. you can opt out of Google Analytics cookies specifically by using the Google Analytics Opt-out Browser Add-on.

local storage

we use browser localStorage to store:

• your theme preference (dark or light mode)
• learning progress and quiz scores
• purchase unlock status
• gamification data (XP, streaks, achievements)
• cookie consent status

this data is stored entirely on your device and can be cleared at any time through your browser settings.

Legal Basis for Processing (GDPR)

if you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data on the following legal bases:

• consent: we process your data based on your consent for marketing communications (including mailing list subscriptions and quiz funnel opt-ins). you may withdraw your consent at any time by clicking "unsubscribe" in any email or contacting us.
• contractual necessity: we process your data as necessary to perform our contract with you, including creating and managing your account, processing purchases, granting access to paid content, tracking learning progress, and generating certificates.
• legitimate interest: we process your data based on our legitimate interests for site analytics (Google Analytics), security monitoring, fraud prevention, rate limiting, service improvement, and aggregating community sentiment data from public sources. our legitimate interests do not override your fundamental rights and freedoms.
• legal obligation: we may process your data to comply with applicable legal obligations, such as tax reporting, responding to lawful requests from public authorities, or complying with court orders.

International Data Transfers

your personal data is stored and processed in the United States. specifically:

• Supabase: our primary database and authentication provider hosts data on servers located in the United States (us-west-1 region).
• Cloudflare: content is distributed via Cloudflare's global content delivery network (CDN), which may cache and serve content from servers located in various countries.
• Stripe: payment processing is handled by Stripe, which processes data in the United States and other jurisdictions.
• Google: Google Analytics data and AI chatbot data (via Google Gemini) are processed by Google in the United States and other jurisdictions.

if you are located outside the United States (including in the EEA, UK, or Switzerland), your personal data will be transferred to and processed in the United States, which may not provide the same level of data protection as your jurisdiction. by using the service, you consent to this transfer. where required by applicable law, we rely on appropriate safeguards for such transfers, including standard contractual clauses adopted by the European Commission.

Your Rights

depending on your location, you may have the following rights regarding your personal data:

• access - request a copy of the personal data we hold about you
• correction - request correction of inaccurate data
• deletion - request deletion of your personal data and account
• portability - request your data in a portable format
• opt-out - opt out of any marketing communications

to exercise any of these rights, contact us at [email protected]. we will respond to your request within 30 days (or such shorter period as may be required by applicable law).

European Residents (GDPR)

if you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following additional rights under the General Data Protection Regulation (GDPR) and equivalent local laws:

• right to object - you may object to our processing of your personal data based on legitimate interests. we will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
• right to restrict processing - you may request that we restrict the processing of your personal data in certain circumstances (e.g., while we verify the accuracy of your data).
• right to withdraw consent - where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of prior processing.
• right to lodge a complaint - you have the right to lodge a complaint with your local data protection supervisory authority.
• right to data portability - you may request to receive your personal data in a structured, commonly used, and machine-readable format.

FNA Enterprise LLC acts as the data controller for the purposes of GDPR. our contact information is: [email protected].

California Residents (CCPA / CPRA)

if you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• right to know: you have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business purpose for collecting it, and the categories of third parties with whom we share it.
• right to delete: you have the right to request the deletion of personal information we have collected about you, subject to certain exceptions permitted by law (such as information needed to complete a transaction or comply with a legal obligation).
• right to correct: you have the right to request that we correct inaccurate personal information we maintain about you.
• right to opt-out of sale or sharing: you have the right to opt out of the "sale" or "sharing" of your personal information. we do not sell or share your personal information as those terms are defined under the CCPA/CPRA.
• right to non-discrimination: we will not discriminate against you for exercising your CCPA/CPRA rights.

categories of personal information collected: identifiers (email, username, IP address), commercial information (purchase records), internet activity (browsing history, interactions with our site), and inferences (quiz results, learning progress).

no sale of personal information: FNA Enterprise LLC does not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration. we have not sold personal information in the preceding 12 months.

to submit a CCPA/CPRA request, contact us at [email protected]. we will verify your identity before processing your request and respond within 45 days.

Data Security

we implement reasonable technical and organizational measures to protect your personal information. all data transmission is encrypted via HTTPS/TLS. authentication is handled through Supabase's secure infrastructure with encrypted password storage.

however, no method of electronic transmission or storage is 100% secure. while we strive to protect your data, we cannot guarantee absolute security.

Data Retention

we retain your personal data for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law. specific retention periods are as follows:

• account information (email, username, password hash): retained for as long as your account is active. upon account deletion request, deleted within 30 days.
• purchase records: retained for 7 years after the transaction date, as required for tax and accounting compliance.
• learning progress, quiz data, and exercise results: retained for as long as your account is active. deleted upon account deletion.
• chat messages: retained for up to 12 months from the date of submission, then automatically purged.
• IP address logs (for rate limiting and security): retained for up to 90 days, then automatically purged.
• Google Analytics data: retained for 14 months in accordance with Google's data retention settings, after which it is automatically deleted.
• referral data: retained for as long as the referral program is active and your account exists.
• mailing list data: retained until you unsubscribe, at which point your email is removed from active mailing lists within 10 business days.
• certificates: retained indefinitely to allow verification, unless you request deletion.

if you request account deletion, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes as described above.

localStorage data on your device persists until you clear it manually or clear your browser data.

Children's Privacy

our platform is not intended for individuals under the age of 18. we do not knowingly collect personal information from children. if you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will delete it.

Changes to This Policy

we may update this privacy policy from time to time. changes will be posted on this page with an updated "last updated" date. continued use of the platform after changes constitutes acceptance of the updated policy.

Contact Us

if you have questions about this privacy policy or our data practices, contact us at:

FNA Enterprise LLC d/b/a Peptides Academy
email: [email protected]