Privacy Policy

EffectiveTODO — set on publication Last updated2026-05-10 (draft) OperatorTODO — confirm legal entity (Bio Vault LLC?) Contacthello@bio-vault.tech

This Privacy Policy explains how PeptiChill (the "Service," operated by TODO: legal entity name, "we," "us," or "our") collects, uses, and protects information when you visit bio-vault.tech, join our Founders List, or interact with our reconstitution calculator. It applies to information collected through the website only and does not cover information collected through other channels.

We try to keep this policy short and direct. If anything is unclear, please email us at hello@bio-vault.tech.

1. Information We Collect

1.1 Information you provide directly

When you join our Founders List, we collect:

Your email address
The use case you select (travel, gym/wellness routine, work/daily carry, road trips, or other)

This information is submitted through our waitlist form and processed by Netlify Forms, the form-handling feature of our website host (Netlify, Inc.). Submissions are stored in the Netlify dashboard and accessible only to authorized PeptiChill operators.

1.2 Information collected automatically

When you visit the site, our analytics provider records aggregate, non-personally-identifying usage data such as page views, referring URLs, browser type, country-level location, and screen size. We use Plausible Analytics, a privacy-focused analytics service that does not use cookies, does not store IP addresses, and does not collect any personally identifying information. Plausible is GDPR, CCPA, and PECR compliant by design.

We do not run advertising pixels (Meta, Google Ads, TikTok, etc.) and we do not run cross-site tracking scripts.

1.3 Information we do NOT collect

We do not collect names unless you choose to provide one
We do not collect phone numbers
We do not collect health, medical, or biometric information of any kind
We do not collect financial information (we are pre-launch and not currently processing payments)
We do not collect peptide-specific or personally identifying use information through the reconstitution calculator (the calculator runs entirely in your browser; nothing you enter is transmitted to us)

2. How We Use Information

We use the information you provide to:

Send you Founders List updates, launch announcements, and early-access information
Tailor product communications based on the use case you selected
Improve the website and understand which content is most useful
Respond to inquiries you send to us by email

We do not sell your information. We do not rent or trade mailing lists. We do not share your email with affiliates, advertising partners, or data brokers.

3. Data Processors and Third Parties

To operate the site, we share information with the following service providers, each of whom processes data on our behalf under their own privacy commitments:

Netlify, Inc. — website hosting and form processing (Netlify Forms). Submitted form data is stored in the Netlify dashboard. Netlify privacy policy.
Plausible Insights OÜ — privacy-friendly aggregate analytics. Plausible does not use cookies, does not store IP addresses, and does not collect personally identifying information. Plausible privacy policy.

4. Cookies and Tracking

The site does not use tracking cookies. Our analytics provider (Plausible) does not set cookies. We use a small number of strictly-necessary local storage entries to remember preferences (for example, the calculator may remember your last input values). These entries are stored only in your browser and are not transmitted to us.

TODO: revisit if any third-party scripts (YouTube embeds, Stripe, ad pixels, etc.) are added later — those would require a cookie consent banner and EU-specific compliance review.

5. Your Rights

Depending on where you live, you may have rights regarding the personal information we hold about you:

Access: Request a copy of the information we have about you.
Correction: Ask us to correct information that is inaccurate.
Deletion: Ask us to delete your information. Removing yourself from the Founders List can be done by clicking the unsubscribe link in any email we send, or by emailing us directly.
Portability: Request your information in a common machine-readable format.
Objection: Object to certain uses of your information.

To exercise any of these rights, email hello@bio-vault.tech. We will respond within 30 days.

TODO — Jurisdiction-specific clauses Once legal counsel reviews, this section needs explicit GDPR (EU/UK), CCPA/CPRA (California), VCDPA (Virginia), and similar state-law-specific addenda. Confirm whether the service is intentionally available to EU residents — if yes, GDPR Article 13 disclosures (legal basis, retention period, controller identity, data subject rights, supervisory authority contact) must be added in full.

6. Data Retention

We retain Founders List information for as long as you remain on the list. If you unsubscribe or request deletion, we remove your information within 30 days, except for the minimum records required to demonstrate compliance with this policy (which are retained for up to one additional year).

Aggregate analytics data (which cannot be tied back to individual visitors) may be retained indefinitely.

7. Security

We use commercially reasonable measures to protect information from unauthorized access. The site is served over HTTPS. Form data is transmitted to our processor over encrypted channels. We do not store payment data. We do not store passwords (we currently have no user accounts).

No method of transmission over the internet is fully secure. We cannot guarantee absolute security.

8. Children's Privacy

The site is not directed to children under 18 and we do not knowingly collect information from anyone under 18. If you believe a minor has provided us with information, please email hello@bio-vault.tech and we will delete it.

9. International Visitors

The Service is operated from the United States. By using the site, visitors outside the United States understand and consent to the transfer of their information to the United States, where data protection laws may differ from those in their jurisdiction.

TODO: legal review needed if EU/UK traffic is meaningful — consider adding EU representative, Standard Contractual Clauses, and explicit transfer mechanism disclosures.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent change. Material changes will be communicated to Founders List members by email. Continued use of the site after a change constitutes acceptance of the updated policy.

11. Contact

For privacy questions, requests, or concerns, contact us at hello@bio-vault.tech.

TODO: add registered business address once legal entity is confirmed.

Final review required before publication This document is a working draft. Before it goes live, the following must be completed:

Resolve every TODO marker above
Confirm legal entity name and registered address
Confirm jurisdiction-specific clauses (GDPR / CCPA / state laws)
Confirm final list of data processors (form processor + analytics + ESP)
Set effective date and remove draft banner
Have qualified legal counsel review and approve final text