Skip to main content
HPLC VerifiedCold-Chain Shipping Available24-48 Hour TurnaroundCoA Per Batch+1 (626) 713-4804 · WhatsApplinktr.ee/NexusLabCorp
HPLC VerifiedCold-Chain Shipping Available24-48 Hour TurnaroundCoA Per Batch+1 (626) 713-4804 · WhatsApplinktr.ee/NexusLabCorp
NOT for human consumptionFor research and laboratory use only
NexusLabs · Peptide Research
Legal

Privacy Policy

Last updated: 2026-06-03

This Privacy Policy describes how NexusLabsCorp LLC, a Florida limited liability company doing business as “NexusLabs” (“we,” “us,” or “our”), collects, uses, and protects information about you when you interact with nexuslabscorp.com. It applies in addition to our Terms of Service.

1. Information you give us

When you create an account or place an order we collect: name, email, username, password (stored only as a strong, industry-standard one-way hash — we never see the original), shipping address, and order history. When you submit a research-peptide request, we collect what you typed in the form.

2. What we collect automatically when you visit

Every visit to a website produces some amount of technical information. We try to keep ours minimal and to be specific about what we do collect. Below is everything that runs on this site, why it’s here, and what it sees.

  • First-party, cookieless analytics — page views, country, referrer, and Web Vitals performance numbers (Largest Contentful Paint, Interaction to Next Paint, etc.). Cookieless. No personal data leaves your browser.
  • Product analytics— anonymous behavioral analytics: which pages you visit in what order, click events on links and buttons, form submissions (event name only — never the form contents). This runs with no analytics cookies and uses no persistent identifier; the session reference lives in your tab’s memory only, so closing the tab erases it.
  • Error monitoring — if something on the site throws an exception, our error-monitoring service receives the error message, stack trace, page URL, browser, and OS. It is configured to exclude personal data — no IP, no cookies, no request bodies — and session-replay is turned off entirely.
  • CDN / network-security layer— basic request metadata: IP address (truncated for analytics, full IP used only for abuse / firewall rule enforcement), user-agent, country, and timing data for caching. This is standard for any site behind a CDN; it doesn’t leave the network edge.
  • Hosting server logs — short-lived logs of requests to dynamic routes (timestamp, path, status code, duration). Used for debugging and rate limiting, and typically retained for up to 30 days.

3. What we explicitly do NOT do

  • No advertising or tracking pixels. We do not run any third-party advertising, social-media, or cross-site tracking pixels of any kind.
  • No cross-site tracking. None of our analytics tools share data with other sites or build a profile of you across the web.
  • No analytics cookies. The only cookies we set are functional ones — keeping you signed in, protecting sign-in forms, and remembering your shipping-carrier choice at checkout. The complete list, with each cookie’s purpose and security properties, is in § 9. Our analytics use no persistent identifier.
  • No selling or renting of personal data. Ever.

4. How we use the information you give us

  • To process and fulfill orders.
  • To verify your age (21+ self-attestation) and account eligibility.
  • To communicate about orders, account changes, password resets, and support.
  • To improve our products, services, and site.
  • To comply with legal obligations.

5. Payment information

Payment is handled by our payment processor(s): a card processor for credit and debit cards, and a separate non-custodial processor for cryptocurrency (non-custodial means we never take custody of your funds or wallet). We do not store your full payment card or crypto wallet credentials on our servers. The processor returns us a token + last-four for receipts only.

6. Sharing

We share information only with service providers necessary to operate the site:

  • Our hosting provider and CDN / network-security layer.
  • Our database provider (encrypted at rest, US region).
  • Our email-delivery provider, for verification, password reset, and order confirmations.
  • Our payment processor(s), for payment authorization.
  • Our shipping and label provider, to generate labels and hand parcels to major US carriers such as USPS, UPS, or FedEx.
  • Our analytics and error-monitoring providers (see § 2).

We also share information when required by law (subpoena, court order, or valid legal process). A current list of the specific service providers that process data on our behalf is available on request by emailing [email protected].

7. Data retention & security

Passwords are hashed with a strong, industry-standard one-way algorithm and never stored or logged in plaintext. Our database is encrypted at rest. The site is served over HTTPS with HSTS preload. Admin access requires a hardware security key (passkey) plus password. Our service providers (the processors of personal data on our behalf) are bound by their respective data-processing agreements and may not use your data for their own purposes.

7a. Data retention schedule

We retain different categories of data for different lengths of time, in line with tax, legal, and operational requirements:

  • Account data (name, email, username, hashed password, addresses) — retained while your account is active. Deleted within 90 days of an account-deletion request, except for records below.
  • Order records (order number, line items, amounts, shipping address, payment method last-four or wallet address) — retained for 7 years from the order date for tax and legal compliance (IRS Publication 583 record- retention guidance).
  • Payment metadata (processor token, transaction ID, last-four) — retained with order records for 7 years. We never store full card numbers or wallet private keys.
  • Research-peptide request form submissions — retained for 2 years.
  • Audit log (admin actions, IP, user-agent) — retained for 7 years.
  • Error logs — short-lived; typically retained for up to 30 days.
  • Server logs — short-lived; typically retained for up to 30 days.
  • Analytics — anonymous and not linked to your identity; retained for approximately 12 months.

8. Your rights

You may request access to, correction of, or deletion of your personal data by emailing [email protected] with the subject line “Data Request.” We will verify your identity (typically by confirming control of the email on the account) and respond within 45 days. For deletion requests, we will delete or anonymize your personal data except for records we are legally required to retain (order records for tax purposes, audit-log entries for compliance, and any records subject to active legal hold).

California residents (CCPA / CPRA). You have the right to know what personal information we collect, how we use it, and with whom we share it; the right to request deletion of your personal information; the right to opt out of the sale or sharing of your personal information — NexusLabsCorp does not sell or share personal information for cross-context behavioral advertising; and the right to non-discrimination for exercising your privacy rights. To exercise these rights, email us at the address above.

Residents of Virginia, Colorado, Connecticut, Texas, Montana, and other states with applicable privacy laws. You have similar rights to access, correct, delete, and obtain a portable copy of your personal data. Contact us at the address above to exercise these rights. We do not engage in targeted advertising or profiling that produces legal or similarly significant effects on you.

EU / EEA / UK residents. NexusLabsCorp LLC does not actively market to EU, EEA, or UK residents and does not ship internationally at this time. If you are an EU/EEA/UK resident and have submitted information to us (for example, by signing up or submitting a peptide request), you have the right to request erasure of your data by emailing us at the address above. Where processing relies on consent, you may withdraw consent at any time.

9. Cookies, in detail

As of 2026-06-03, the only cookies this site sets are:

  • A sign-in session cookie — keeps you logged in so the site recognizes you between page loads. HttpOnly + Secure + SameSite=Lax.
  • A CSRF-protection cookie — protects you from cross-site request forgery on sign-in forms. HttpOnly + Secure.
  • A short-lived passkey-challenge cookie — issued only during passkey sign-in / enrollment to bind the challenge to your browser, and auto-deleted on completion. SameSite=Strict.
  • A shipping-preference cookie (90-day) — stores your last-selected shipping carrier and service so repeat checkouts pre-select the same option. No personal data; not used for tracking or analytics. SameSite=Lax.

Those are the only cookies this site sets. No third-party cookies. No tracking pixels. You can confirm in your browser’s DevTools (Application → Cookies).