Cookie policy
Effective 2026-05-26.
1. What are cookies & similar technologies?
Cookies are small text files placed on your device when you visit a website. Similar technologies include local storage, session storage, IndexedDB, web beacons (tracking pixels), and software development kit (SDK) identifiers on mobile.
2. Our approach
We are privacy-first. This website uses only strictly necessary cookies and local storage by default. We never run advertising, never use marketing cookies, never share data with ad networks, and never engage in cross-site or cross-context tracking.
3. Categories we may use
| Category | Purpose | Retention | Your control |
|---|---|---|---|
| Strictly necessary | Site functionality, consent storage, anti-abuse, payment security. | Session — 12 months | Always on (no consent required by law) |
| Functionality | Remember preferences (theme, language). | Up to 12 months | On by default; opt-out via banner |
| Performance / Analytics | Anonymous, aggregated usage analytics. | N/A — not used on this website | Would require opt-in |
| Marketing / Advertising | Personalised ads, retargeting, cross-site tracking. | N/A — never used | Never used |
We do not currently use Google Analytics, Firebase Analytics, Mixpanel, Meta Pixel, TikTok Pixel, or any other advertising / behavioural-analytics SDK.
4. Specific items we set
- peptideia.cookie-consent — local storage entry that records your consent choice. Necessary. ~12 months.
- Session security tokens — set only if you log into an account area (none today). Necessary.
5. Third-party processors
The processors below may receive limited technical data when you use the service:
- Vercel — website hosting and edge functions. May log IP for security and basic request counts.
- Stripe — only if you purchase via the website. Sets a strictly necessary security cookie.
- Sentry — anonymised crash diagnostics. Identifiers cannot be linked back to you.
Each processor is bound by contract and operates under appropriate transfer safeguards (e.g., SCCs / IDTA).
6. Your choices by region
EEA / UK (GDPR + ePrivacy / PECR)
Non-essential cookies are set only with your prior, freely-given, specific, informed consent — collected via the cookie banner. You can withdraw consent at any time by clearing browser data for this site.
California (CCPA / CPRA)
We do not sell or share personal information for cross-context behavioural advertising. We honour Global Privacy Control (GPC) signals as an opt-out request. To exercise rights, email akremagency@gmail.com.
Brazil (LGPD)
We process only cookies with a clear legal basis. Sensitive personal data is not collected via cookies. Contact our DPO equivalent at akremagency@gmail.com.
Canada (PIPEDA / Quebec Law 25), Australia (Privacy Act 1988), Japan (APPI), South Africa (POPIA), South Korea (PIPA), India (DPDP), New Zealand (Privacy Act 2020)
We honour comparable rights of consent, access, correction, and withdrawal. Email the contact above and we will respond within the timeframes your law specifies.
7. Managing cookies in your browser
Most browsers let you block or delete cookies via settings. Note that blocking strictly necessary cookies may break the site.
- Chrome: Settings → Privacy and security → Cookies
- Safari: Settings → Privacy
- Firefox: Settings → Privacy & Security
- Edge: Settings → Cookies and site permissions
- iOS: Settings → Safari → Privacy & Security
- Android: Settings → Privacy → Ads (reset / opt out of personalised ads)
8. Do Not Track & GPC
We honour Global Privacy Control (GPC). We treat the legacy Do Not Track signal as an indication of preference and do not set non-essential cookies regardless.
9. Changes
Material changes will be surfaced through the cookie banner and the effective date above. For substantive changes that would change the legal basis of processing, we will re-request consent.
10. Contact
Email akremagency@gmail.com. See also the privacy policy and the imprint.