Policies & status

Privacy Policy.

This page explains, in plain language, what personal data Peppies collects across our websites and apps, why we collect it, who helps us process it, and the rights you have over it under the GDPR. We do not sell personal data. We do not run third-party advertising trackers.

Effective date: [DD Month YYYY — set on publication]

Working draft

This document is a working draft provided for the operator; have qualified legal counsel review it before relying on it.

Before publication the operator should also confirm: the registered controller entity details in section 01, the contact addresses in section 13, and the per-provider transfer safeguards in section 07.

01 Controller & scope

Who we are

Peppies is deliberately built as a group of separate services under separate legal entities: the research-supply catalogue (research-use-only products), the blood-testing service (LabBridge), and the software (the app, including My Health Timeline) are run as distinct operations. Blood samples are analysed and reports are issued by independent partner laboratories — not by Peppies. Which entity is responsible for your data depends on which service you use: the entity named on your order confirmation is responsible for that order; the software entity is responsible for your account and timeline; the testing entity coordinates lab orders, while the issuing laboratory remains responsible for producing your report.

Registered controller details — legal entity names, registered addresses, and company numbers — are to be completed by the operator before publication: [controller entity, registered address, company/registration number]. Until then, all privacy questions and requests go to the single contact point in section 13, whichever part of Peppies your question concerns.

This policy covers the Peppies websites and apps, including peppies.eu, and our sister pet site puptides.eu where it links to this policy.

What Peppies is, and is not. Research-supply products are sold for research use only. The app is observational: it stores and displays your results, wearable metrics, and trends, but it does not diagnose, prescribe, or give medical advice, and nothing in it replaces an independent qualified professional. Peppies is for adults aged 18 and over.

02 The full inventory

What we collect

Everything we hold falls into the categories below. Most of it exists only because you created it — an account, an order, a connection you switched on. The health-related categories (wearables, lab reports, provider sharing) are opt-in and run on your explicit consent.

Account

Your email address, name or handle, and password. Passwords are stored hashed — we cannot read them.

Orders

The items, quantities, and prices you ordered, plus your shipping address including country. Payments are handled by our payment processor, Stripe — full card details never touch our servers. Stripe processes the payment and tells us whether it succeeded.

Site analytics

We are rolling out first-party analytics: pageviews, add-to-cart and checkout funnel events, a per-session identifier, and a per-browser device identifier stored in your browser's local storage. Your IP address is resolved to country only — it is truncated, and the raw address is kept only briefly. This measurement is first-party only: no third-party ad trackers, no advertising cookies, no cross-site tracking.

Wearables · opt-in

If you choose to connect Oura, WHOOP, or Google Health via their sign-in (OAuth), we pull daily metrics — sleep, HRV, resting heart rate, readiness, and steps — on our servers, and store the access tokens server-side. You can disconnect at any time, which stops the pull.

Blood-test reports

If you order blood tests through LabBridge, your report is issued by an independent partner laboratory and displayed in the app on your timeline.

Bookings & chat

If you book a clinician or experience provider: your booking details and your chat with that provider. Your health snapshot is shared with a provider only if you switch sharing on — and only with the provider you booked.

Community

For community posts, your email is hashed at capture (a SHA-256 hash of your lowercased email) rather than stored in the clear. We keep your plaintext email only where it is genuinely needed: your account, your orders, and any email updates you explicitly opted into.

03 Purposes

How we use your data

  • To fulfil your orders — take payment via Stripe, ship to your address, and send you order and dispatch emails.
  • To run your account and timeline — sign you in, and show your lab reports, wearable metrics, and trends in My Health Timeline.
  • To operate bookings, chat, and video sessions with the clinician or experience provider you chose — including sharing your health snapshot with your booked provider, but only while your sharing toggle is on.
  • To measure and improve the site — first-party funnel analytics (pageviews, add-to-cart, checkout), aggregated by country.
  • To send marketing email — only if you opted in. Every message includes an unsubscribe link, and withdrawing is one click.
  • To keep the platform secure — detect abuse and fraud, and protect accounts.
  • To meet legal obligations — tax, accounting, and records we are required to keep for completed orders.

We do not use your data for third-party advertising, and we do not sell personal data — to anyone, for anything.

04 GDPR Art. 6 & 9

Lawful bases (GDPR)

For visitors and customers in the EU/EEA, each use of your data rests on one of these bases:

  • Contract — processing your orders and fulfilment: account, items, shipping address, payment confirmation, order emails.
  • Consent — marketing email, connecting a wearable or sharing health data with a booked provider, and non-essential analytics including the local-storage identifiers. Because wearable metrics, lab reports, and health snapshots are health data (a special category under GDPR Article 9), these run on your explicit consent, and you can withdraw it at any time.
  • Legitimate interest — first-party measurement of our own site and keeping the platform secure. You can object to this at any time (section 09).

Withdrawing consent never affects the service you already received, and it never affects the lawfulness of what happened while consent was in place.

05 ePrivacy

Cookies & local-storage identifiers

We keep this minimal, and it is all first-party — nothing here belongs to an advertising network.

Strictly necessary

Local storage that makes the site work: your cart, your sign-in session, and display preferences. These do not need consent because the site cannot function without them.

Analytics · consent

Two first-party identifiers being rolled out with our analytics: a per-session id (ties one visit's pageviews and funnel events together) and a per-browser device id stored in local storage (tells us a return visit apart from a new visitor). These are set only with your consent, and you can withdraw it or clear them at any time via your browser's site-data settings.

Never

No third-party advertising cookies, no cross-site trackers, no fingerprinting, no social-media pixels.

06 Who helps us

Sharing & processors

We share personal data only with the services below, only for the purpose stated, and never for their own advertising. We do not sell personal data.

Stripe

Payment processing. Stripe receives your payment details directly; we never store full card numbers.

Resend

Sends our transactional email (order, dispatch) and — with your opt-in — marketing email.

Partner laboratories

Independent laboratories analyse blood samples and issue your reports. They are independently responsible for the analysis and the report they issue.

Wearable providers

Oura, WHOOP, and Google — only if you connect them. The connection uses their own sign-in; their handling of your data on their side is governed by their own privacy policies.

Zoom

Runs video and audio sessions with your booked clinician or provider.

DigitalOcean

Hosts our servers and databases.

Your booked provider

The clinician or experience provider you booked sees your booking, your chat with them, and — only while your sharing toggle is on — your health snapshot.

Beyond this list, we disclose personal data only if the law genuinely requires it (for example, a valid order from an authority), and we keep such disclosures as narrow as legally possible.

07 Outside the EEA

International transfers

Some of the processors above (for example Stripe, Zoom, Google, WHOOP, Oura, Resend, and DigitalOcean) may process data outside the European Economic Area, including in the United States. Where that happens, we rely on the safeguards recognised by the GDPR — an adequacy decision (for example the EU–US Data Privacy Framework, where a provider is certified under it) or the European Commission's Standard Contractual Clauses in our agreements with the provider.

Operator note (remove before publication): confirm the applicable transfer mechanism for each provider — DPF certification status or SCCs in the signed data-processing agreement — before this section is relied on.

08 Retention

How long we keep things

  • Account data — for as long as your account exists. Delete the account and it goes.
  • Order records — for as long as tax and accounting law requires for completed orders; then they age out.
  • Analytics — the session id lasts one visit; the device id stays in your browser until you clear it or withdraw consent; raw IP addresses are truncated to country and kept only for a short window.
  • Wearable data & tokens — pulled while your connection is on; disconnecting stops the pull, and you can ask us to erase what was collected (section 09).
  • Lab reports, bookings & chat — kept on your timeline while your account exists, and removed with it, subject only to records the law requires us to keep.

When you ask us to erase your data, we delete everything except the minimum the law requires us to retain (for example, invoices for completed orders) — and that remainder is deleted when its legal retention period ends.

09 GDPR Art. 15–21

Your rights & how to use them

Under the GDPR you can, at any time and free of charge:

  • Access — ask what we hold about you and get a copy.
  • Rectify — have anything inaccurate corrected.
  • Erase — have your data deleted, subject only to legally required records.
  • Portability — receive the data you gave us in a machine-readable format, or have it sent to another service.
  • Restrict — pause processing while a dispute or check is resolved.
  • Object — object to processing based on legitimate interest, including our first-party measurement.
  • Withdraw consent — for marketing email, analytics identifiers, wearable connections, or provider sharing — as easily as you gave it.
  • Complain — to your data protection supervisory authority, in the EU member state where you live, work, or where you believe an infringement happened. You can do this without asking us first.

How to exercise them

Some controls are directly in the product: disconnect a wearable, switch off provider sharing, or unsubscribe from any marketing email with the link in its footer. For everything else, email the privacy contact in section 13 from the address on your account, tell us which right you are using, and we will respond within one month as the GDPR requires. If a request is unusually complex we may extend by up to two further months — and we will tell you why within the first month. We may ask a follow-up question to confirm the request really comes from you before acting on health-related data.

10 Strictly 18+

Adults only

Peppies is for adults aged 18 and over. Our research-use-only products, accounts, tests, bookings, and community are not directed at children, and we do not knowingly collect data from anyone under 18. If we learn an account belongs to a minor, we close it and delete the data. If you believe a minor has created an account, contact us (section 13) and we will remove it.

11 Protection

Security

We protect your data with measures proportionate to its sensitivity: connections to our sites are encrypted in transit (TLS); passwords are stored hashed, never in plain text; wearable access tokens are held server-side rather than in your browser; community email addresses are hashed at capture; full card details never reach our systems (they go directly to Stripe); and access to personal data is limited to what operating the service requires. No system is perfectly secure — if a breach ever put your rights at risk, we would notify the supervisory authority and, where required, you, as the GDPR obliges us to.

12 Versioning

Changes to this policy

When our data practices change — for example, when the first-party analytics described in sections 02 and 05 go fully live — we will update this page and change the effective date at the top. For material changes affecting how your data is used, we will tell you more directly (for example by email or an in-app notice) before they take effect, and where a change needs your consent, we will ask for it rather than assume it.

13 Reach us

Contact

Privacy questions and rights requests get a real answer from a person. Write to us and say what you need — access, correction, erasure, an export, an objection, or just an explanation.

Email from the address on your account so we can match the request, and include the word "privacy" in the subject line. We respond within one month.

Operator note: confirm these inboxes are live on the peppies.eu domain before publication.

Privacy & rights requests privacy@peppies.eu
General support support@peppies.eu
Postal address [registered address — to be completed]
Response window within 1 month (GDPR)