Effective Date: April 15, 2026
Last Updated: April 15, 2026
Newbridge Peptides (“we,” “us,” or “our”) is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, store, disclose, and safeguard your data when you visit our website, place an order, or interact with our services. We comply with the Payment Card Industry Data Security Standard (PCI DSS), applicable U.S. federal and state privacy laws, and industry best practices for data protection.
By accessing or using our website, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please discontinue use of our website and services immediately.
We may collect the following categories of information:
1.1 Personal Identification Information
Full name, email address, phone number, billing address, and shipping address provided during account registration, checkout, or customer support interactions.
1.2 Payment and Financial Data
Credit card numbers, debit card numbers, expiration dates, CVV/CVC codes, and billing details. All payment card data is processed and handled in strict compliance with PCI DSS requirements. We do not store full credit card numbers, CVV/CVC codes, or magnetic stripe data on our servers after transaction authorization. Payment processing is handled by PCI DSS-certified third-party payment processors.
1.3 Account and Transaction Data
Order history, purchase records, account preferences, customer service correspondence, and communication records.
1.4 Technical and Usage Data
IP addresses, browser type, operating system, device identifiers, referring URLs, pages visited, time spent on pages, click patterns, and other analytical data collected automatically through cookies and similar technologies.
1.5 Communications Data
Information you provide when you contact us via email, phone, live chat, or contact forms, including the content of your messages and any attachments.
We use the information we collect for the following purposes:
2.1 Order Fulfillment and Service Delivery
To process and fulfill your orders, manage shipping and delivery, send order confirmations and tracking information, and provide customer support.
2.2 Payment Processing
To securely process payment transactions through PCI DSS-compliant payment gateways, verify billing information, and prevent fraudulent transactions.
2.3 Account Management
To create and manage your customer account, maintain your order history, and personalize your shopping experience.
2.4 Communication
To respond to inquiries, send service-related notifications, provide product updates, and deliver marketing communications (with your consent, where required by law).
2.5 Security and Fraud Prevention
To detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities in compliance with PCI DSS requirements.
2.6 Legal Compliance
To comply with applicable laws, regulations, legal processes, and enforceable governmental requests.
2.7 Business Operations and Improvement
To analyze website usage, improve our products and services, optimize our website performance, and conduct internal business analytics.
We take the security of your payment card information extremely seriously. In accordance with PCI DSS, we maintain the following safeguards:
3.1 Secure Network and Systems
We install and maintain network security controls, including firewalls and security configurations, to protect cardholder data. All system components are protected with regularly updated security patches and anti-malware solutions.
3.2 Cardholder Data Protection
We do not store sensitive authentication data (full track data, CVV/CVC codes, or PINs) after transaction authorization. Where cardholder data storage is required, it is encrypted using industry-standard encryption protocols (AES-256 or equivalent). Cardholder data is masked when displayed, showing only the last four digits of the card number.
3.3 Encryption in Transit
All payment card data transmitted across open, public networks is encrypted using TLS 1.2 or higher. Our website operates exclusively over HTTPS to ensure all data transmission between your browser and our servers is encrypted.
3.4 Access Control
Access to cardholder data is restricted to authorized personnel on a need-to-know basis. Each person with computer access is assigned a unique identification credential. Physical access to systems storing cardholder data is restricted and monitored.
3.5 Monitoring and Testing
We regularly monitor and test our networks, track and log all access to network resources and cardholder data, and conduct regular security assessments and penetration testing.
3.6 Information Security Policy
We maintain a comprehensive information security policy that is reviewed annually and communicated to all relevant personnel. All employees undergo regular security awareness training.
3.7 Third-Party Payment Processors
We use PCI DSS-compliant third-party payment processors to handle card transactions. These processors are validated as PCI DSS-compliant service providers and are contractually obligated to maintain appropriate security measures.
4.1 Storage Location
Your personal data is stored on secure servers located within the United States. All storage systems are protected by industry-standard physical, technical, and administrative safeguards.
4.2 Retention Periods
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:
Account information is retained for the duration of your active account and up to 3 years after account closure. Transaction records are retained for up to 7 years as required by tax and financial regulations. Payment card data (truncated/masked only) is retained for the duration necessary to process the transaction and handle disputes, typically no longer than 18 months. Marketing preferences are retained until you withdraw consent or unsubscribe. Technical log data is retained for up to 12 months for security monitoring and analysis.
4.3 Data Disposal
When personal data is no longer required, it is securely destroyed using methods appropriate to the data type, including secure deletion of electronic records and cross-cut shredding of physical documents, in accordance with PCI DSS requirements for media destruction.
We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following circumstances:
5.1 Service Providers
We share data with trusted third-party service providers who assist us in operating our website, processing payments, fulfilling orders, delivering shipments, and conducting business operations. These providers are contractually bound to use your data only for the purposes we specify and to maintain appropriate security measures.
5.2 Payment Processors
Payment card data is shared with our PCI DSS-compliant payment processors solely for the purpose of processing your transactions.
5.3 Legal Requirements
We may disclose your information when required by law, subpoena, court order, or other legal process, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
5.4 Business Transfers
In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.
5.5 With Your Consent
We may share your information for other purposes with your explicit consent.
Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and personalize content. The types of cookies we use include:
Essential Cookies: Required for the basic functionality of our website, such as shopping cart management and secure checkout. These cannot be disabled.
Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymous usage data. We use services such as Google Analytics for this purpose.
Marketing Cookies: Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns.
You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.
Depending on your jurisdiction, you may have the following rights regarding your personal information:
Right to Access: You may request a copy of the personal data we hold about you.
Right to Correction: You may request that we correct inaccurate or incomplete personal data.
Right to Deletion: You may request the deletion of your personal data, subject to certain legal exceptions and retention requirements.
Right to Opt Out: You may opt out of receiving marketing communications at any time by using the unsubscribe link in our emails or by contacting us directly.
Right to Data Portability: Where applicable, you may request a portable copy of your data in a commonly used, machine-readable format.
Right to Restrict Processing: You may request that we limit our processing of your personal data under certain circumstances.
To exercise any of these rights, please contact us using the information provided in Section 12 below. We will respond to your request within 30 days or as required by applicable law.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we collect and how it is used, the right to request deletion of your personal information, the right to opt out of the sale or sharing of your personal information (we do not sell personal information), and the right to non-discrimination for exercising your privacy rights. To submit a verifiable consumer request, please contact us using the information in Section 12.
Our website and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a minor, we will take immediate steps to delete such information. If you believe a child has provided us with personal data, please contact us immediately.
Our website may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.
We reserve the right to update or modify this Privacy Policy at any time. Changes will be effective immediately upon posting the revised policy on our website with an updated “Last Updated” date. We encourage you to review this policy periodically. Your continued use of our website after any changes constitutes your acceptance of the updated policy. For material changes, we will make reasonable efforts to notify you via email or a prominent notice on our website.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Newbridge Peptides
Email: privacy@newbridgepeptides.com
Website: www.newbridgepeptides.com
For payment card data-related inquiries or to report a suspected security incident, please contact us immediately at the email address above with the subject line “Security Concern.”
In the event of a data breach involving your personal information, we will notify affected individuals and relevant authorities in accordance with applicable breach notification laws and PCI DSS incident response requirements. Notification will be provided without unreasonable delay and no later than required by law.
If you are accessing our website from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States. By using our website, you consent to this transfer. We will take appropriate measures to ensure that your personal data is treated securely and in accordance with this Privacy Policy.
We employ a comprehensive set of security measures to protect your data, including SSL/TLS encryption for all data in transit, AES-256 encryption for sensitive data at rest, regular vulnerability scanning and penetration testing, multi-factor authentication for administrative access, intrusion detection and prevention systems, regular security audits and compliance assessments, employee security awareness training programs, and documented incident response procedures. While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining the highest standards of data protection in compliance with PCI DSS.
IMPORTANT: Research Use Only
By entering this website, you acknowledge that all products sold by Newbridge Peptides are intended strictly for research purposes only. They are not for human or animal consumption, medical use, or any use not permitted by applicable law.
