Skip to main content

Legal

Privacy Policy

Last updated May 2026. Questions? Contact us.

This Privacy Policy describes how Cytal Research (“Cytal,” “we,” “us”) collects, uses, and shares information when you visit cytalpeptides.com, create an account, complete Research Verification, redeem an access code, or submit a procurement inquiry.

1. Information we collect

Information you provide

  • Account. Email address, optional name, and (for email/password accounts) a salted bcrypt hash of your password. We never store your password in plain text.
  • Google sign-in. If you sign in with Google, we receive your email address, name, and profile picture URL via OAuth. We do not receive your Google password.
  • Research Verification. Date of birth, field of research, organization or institution name (where applicable), and your three RUO attestations.
  • Procurement inquiries. Email address, business / contact information, account context, and the catalog records or materials you ask us to review.
  • Contact form. Whatever you write us.

Information collected automatically

  • Verification audit metadata. When you submit Research Verification we record the timestamp, your IP address, and User-Agent string for compliance audit purposes.
  • Access-code usage. When you redeem an access code we record the timestamp, approximate location, device and browser inferred from your User-Agent, and session duration.
  • Analytics (optional). If you don't opt out, we use Google Analytics to understand aggregate site traffic. GA uses cookies and may collect a hashed identifier; we do not use it for ad targeting.
  • Server logs. Standard request logs (IP, User-Agent, referrer, status) retained for security and debugging.

2. How we use information

  • To authenticate you and to maintain your session.
  • To verify that you qualify as a research-use buyer and to keep an audit trail of that verification, as part of our Research-Use-Only compliance program.
  • To review procurement inquiries, coordinate documentation, and communicate with you about next steps.
  • To respond to support requests sent through the contact form.
  • To detect and prevent fraud, abuse, and unauthorized access. This includes per-IP rate limiting on sensitive endpoints.
  • To improve the site and the catalog.

3. How we share information

We do not sell or rent personal information. We share information only with the service providers we depend on to operate the site, each under contractual obligations to handle it confidentially:

  • Vercel (hosting and edge runtime), Neon / Vercel Postgres (managed database), Resend (transactional email), and Google (OAuth sign-in, Analytics).
  • Payment processors (when checkout is enabled) will receive only the information necessary to process your transaction.
  • We may disclose information when required by law or to protect the rights, property, or safety of Cytal Research, our users, or others.

4. Cookies

We use cookies for three purposes:

  • Authentication — a session cookie issued by NextAuth (and a separate cookie for the legacy admin panel). HTTP-only, Secure in production, SameSite Lax.
  • Access-code session — when you redeem an access code, your browser stores a local access session that expires when the code expires.
  • Analytics — Google Analytics cookies, if enabled.

5. Data retention

Account records are retained while your account is active and for a reasonable period afterward (currently 24 months) so we can comply with audit and recordkeeping obligations. Research Verification records and the associated audit log are retained as long as the account exists; even after deletion we may retain a redacted record of the fact and date of verification for compliance purposes.

6. Your choices

  • You can update or correct your account information by contacting us.
  • You can request account deletion at any time. We'll honor it within 30 days, subject to the retention obligations above.
  • You can disable Analytics by using a tracking blocker or by declining the GA cookie when prompted.

7. Children

Cytal Research's products and accounts are not intended for individuals under 21. Research Verification requires an attestation that you are 21 or older.

8. Security

We use TLS in transit, bcrypt password hashing, principle-of-least- privilege database access, and rate limiting on sensitive endpoints. No system is perfect; if you believe your account has been compromised, contact us immediately.

9. Changes

We may update this policy. Material changes will be reflected in the “Last updated” stamp at the top of the page; we may also email account holders for significant changes.

10. Contact

Questions, concerns, or deletion requests: /contact.

This document is provided for transparency. It does not constitute legal advice. Cytal Research reserves the right to update these terms; the version here at the time of your most recent transaction governs that transaction.