Privacy Policy
Last updated: 1 January 2026
1. Who We Are
Amidexin Ltd operates the website at amidexin.com. We are a UK-registered company supplying research-grade peptides for laboratory use. For any privacy-related enquiries please contact us at [email protected].
2. Data We Collect
- Account data — your name, email address, and hashed password when you register.
- Order data — shipping address, billing address, order contents, and payment method used.
- Communication data — messages you send us via the contact form or forum.
- Forum data — posts, threads, and profile information you choose to make public.
- Technical data — IP address, browser type, and pages visited for security and fraud prevention purposes only.
- Cookie data — session tokens required for authentication and your cookie preference. We do not use third-party advertising cookies.
3. How We Use Your Data
- To process and fulfil your orders.
- To provide your account and forum access.
- To send order confirmation and shipping notification emails.
- To respond to support requests.
- To detect and prevent fraud and abuse.
- To comply with our legal obligations.
We do not sell your personal data to third parties. We do not use your data for advertising or profiling.
4. Legal Basis (GDPR)
- Contract — processing necessary to fulfil your order.
- Legitimate interests — security monitoring, fraud prevention, and service improvement.
- Legal obligation — retaining transaction records as required by UK law.
- Consent — optional marketing communications (you may withdraw at any time).
5. Cookies
We use the following cookies:
| Cookie | Purpose | Type | Expiry |
|---|---|---|---|
| token | Authentication session | Essential | 1 hour |
| refreshToken | Session renewal | Essential | 30 days |
| cookie-consent | Your cookie preference | Essential | 1 year |
We do not currently use any analytics or advertising cookies. If this changes we will update this policy and request fresh consent.
6. Data Retention
Order records are retained for 7 years to comply with UK tax and accounting requirements. Account data is retained until you request deletion or your account has been inactive for 3 years. Forum posts may be retained even after account deletion to preserve thread integrity, but will be anonymised on request.
7. Your Rights
Under UK GDPR you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate data.
- Erasure — ask us to delete your data where we have no legal obligation to retain it.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interests.
- Restriction — ask us to limit how we use your data.
To exercise any of these rights, email [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).
8. Third Parties
- Payment processors (PayPal, crypto processors) — receive only what is required to process your payment. We do not store card numbers.
- Postal carriers — receive your name and shipping address to deliver your order.
- Cloudflare — acts as our CDN and DDoS protection layer and processes request metadata per their privacy policy.
9. Security
All data is transmitted over TLS (HTTPS). Passwords are stored as bcrypt hashes and are never retrievable in plaintext. Authentication tokens are stored in HttpOnly cookies, inaccessible to JavaScript. We conduct regular security reviews and promptly address any vulnerabilities identified.
10. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated by email to registered users and by a notice on the website at least 14 days before taking effect.