Privacy Policy

We collect only the data necessary to operate our research-supply business:

Account & identity data:

• ›Full name
• ›Email address
• ›Country of residence
• ›Company or institutional affiliation (optional)
• ›Job role or research function (optional)
• ›Stated intended research use
• ›Account status (pending, approved, rejected)

Order data:

• ›Products ordered, quantities, and pricing at time of order
• ›Order status and history
• ›Shipping address and contact details
• ›RUO acknowledgement and timestamp

Inquiry data:

• ›Information submitted through the structured contact form, including subject, message, and any compliance acknowledgements

Technical data:

• ›IP address
• ›Browser type and operating system
• ›Session identifiers and authentication tokens
• ›Pages visited and basic interaction data (if analytics is enabled)

We do not knowingly collect data from individuals under 21 years of age. We do not collect special categories of data (health, biometrics, political opinions, etc.).

• ›Account creation, identity verification, and approval review
• ›Processing and fulfilling orders
• ›Maintaining customer relationship management (CRM) records, including lead, customer, order, and inquiry history
• ›Documenting RUO acknowledgements for compliance purposes
• ›Communicating with you regarding your account, orders, or inquiries
• ›Detecting, preventing, and investigating fraud, abuse, or non-compliant use
• ›Meeting legal, regulatory, tax, and record-keeping obligations
• ›Improving the website, security, and user experience

We do not sell your personal data. We do not use your data for targeted advertising or third-party marketing.

We process your personal data on the following bases:

• ›Performance of a contract — to fulfil your orders and operate your account
• ›Compliance with legal obligations — recordkeeping, tax, and regulatory obligations
• ›Legitimate interests — fraud prevention, security, and service improvement
• ›Consent — for non-essential cookies and optional communications, where applicable

We share personal data only with carefully selected third parties acting as service providers, and only to the extent necessary to operate our business:

• ›Hosting and backend infrastructure providers (managed cloud platform) used to store accounts, orders, and CRM data
• ›Payment processors used to verify and reconcile payments
• ›Shipping and logistics carriers used to deliver products
• ›Professional advisors (legal, accounting) where strictly required
• ›Government authorities, courts, or regulators when legally compelled or to protect our legal rights

All processors are contractually required to handle your data securely and only for the purposes we specify.

Our services are operated from the United States. If you access the website from another jurisdiction, your data will be transferred to and processed in the United States, which may have different data protection laws than your country of residence.

We retain personal data for as long as necessary to fulfil the purposes described in this Policy, comply with our legal and regulatory obligations, resolve disputes, and enforce our agreements. Order and RUO compliance records are typically retained for a minimum of seven (7) years.

Subject to applicable law, you may have the right to:

• ›Access the personal data we hold about you
• ›Request correction of inaccurate or incomplete data
• ›Request deletion of your data, subject to our legal retention obligations
• ›Object to or restrict certain processing activities
• ›Withdraw consent where processing is based on consent
• ›Request a portable copy of data you provided

To exercise any of these rights, please use our contact form. We may need to verify your identity before responding.

We use cookies and similar technologies to authenticate users, maintain sessions, and operate essential site functionality. Please refer to our Cookies Policy for full details and your choices.

We implement reasonable administrative, technical, and physical safeguards designed to protect personal data, including:

• ›Encrypted connections (HTTPS) for all data in transit
• ›Role-based access controls and row-level security on backend databases
• ›Server-side validation of orders, pricing, and account status
• ›Restricted access to administrative systems

No system is perfectly secure. We cannot guarantee absolute security of personal data and you transmit information at your own risk.

The website is not directed to anyone under 21 years of age. We do not knowingly collect data from minors. If we become aware that we have collected such data, we will delete it.

We may update this Policy from time to time. The “Effective Date” at the top reflects the most recent revision. Continued use of the website after changes are posted constitutes acceptance of the updated Policy.

For any privacy-related question or request, please use our structured contact form. We do not maintain a public direct email channel for privacy matters; the form ensures all requests are tracked and actioned.