Privacy Policy · Aflu Performance Peptides

The short version. We collect only what we need to run the business: your contact and shipping information, your order history, and basic analytics. We do not sell your personal information. We share it only with the vendors we need to fulfill your order (payment processor, shipping carriers, email provider, fulfillment partners). You can request access to or deletion of your data at any time at team@aflu.com.

Table of Contents

Who we are
Information we collect
How we use information
Legal bases (GDPR)
How we share information
Cookies & analytics
Data retention
Data security
Your rights (GDPR)
California rights (CCPA)
Children's privacy
International users
Third-party links
Changes to this Policy
Contact

1. Who we are

This Privacy Policy is issued by DB Marketing LLC, a Utah limited liability company ("Aflu," "we," "us," or "our"). It describes how we handle personal information collected through aflu.com (the "Site") and our related services.

This Policy is incorporated into our Terms of Service and should be read alongside our Research Use Disclaimer.

2. Information we collect

2.1 Information you provide directly

Contact & account information: name, email address, phone number (if provided), business or organization name (if provided).
Order & shipping information: billing address, shipping address, order contents, order history.
Payment information: handled by our payment processor (Stripe). We do not store full credit-card numbers on our servers; we receive only a token, the last four digits, and the card brand.
Communications: messages you send us via email, contact forms, or support requests.
Compliance certifications: the choices and acknowledgments you make on the compliance gate (e.g., 21+ confirmation, research-use certification, individual vs. business identification).
Newsletter / waitlist signups: email address and any preferences you provide.

2.2 Information collected automatically

Device & usage data: IP address, browser type, operating system, device type, referring URL, pages viewed, links clicked, time on page, approximate location (derived from IP).
Cookies & similar technologies: see Section 6 below.

2.3 Information from third parties

Payment processor: transaction confirmation, fraud-prevention signals.
Fulfillment partners / Suppliers: shipment tracking, delivery confirmation, and (where applicable) replacement-claim records.
Analytics providers: aggregated traffic data.

3. How we use information

We use the information described above to:

Process, fulfill, and ship your orders;
Communicate with you about orders, shipments, returns, replacements, and support requests;
Send the Aflu Research Brief and other communications you have opted into;
Verify age and research-use certifications and maintain records required by law or by our compliance program;
Detect, prevent, and investigate fraud, abuse, security incidents, and violations of our Terms;
Improve the Site and our products, conduct analytics, and develop new features;
Comply with applicable laws, respond to lawful requests, and enforce our agreements;
Send service-related notices (e.g., changes to these policies, security alerts).

We do not use your personal information to make decisions that produce legal or similarly significant effects about you through solely automated means.

4. Legal bases for processing (GDPR)

If you are in the European Economic Area, the United Kingdom, or another jurisdiction with similar laws, we rely on the following legal bases:

Performance of a contract — to process your orders and provide the Services you request;
Legitimate interests — to operate and improve the business, prevent fraud, secure the Site, and communicate about your orders;
Legal obligation — to retain records required by tax, consumer-protection, or other applicable law;
Consent — for marketing emails, certain cookies, and any other use where consent is required (which you may withdraw at any time).

5. How we share information

We share personal information only with the following categories of recipients:

Payment processors (e.g., Stripe) — to process payments and prevent fraud.
Shipping carriers (e.g., UPS, FedEx, USPS) — to deliver orders.
Third-party Suppliers and fulfillment partners — to manufacture, package, and ship physical products (see Terms of Service Section 5).
Email and communications providers — to send transactional and opt-in marketing emails.
Analytics & hosting providers — to operate the Site and understand aggregate usage.
Professional advisors — lawyers, accountants, and auditors, under confidentiality obligations.
Government and law enforcement — where required by law, valid legal process, or to protect rights, property, or safety.
Acquirers or successors — in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, subject to the protections described in this Policy.

We do not sell your personal information for monetary consideration. We do not share your personal information with third parties for their own independent marketing purposes.

6. Cookies & analytics

We use cookies, local storage, and similar technologies to remember your preferences, keep you logged into the Site (where applicable), record compliance-gate acceptance, and measure traffic. Cookie categories include:

Strictly necessary — required to operate the Site, including the compliance gate session.
Functional — remember your settings and preferences.
Analytics — help us understand how the Site is used in aggregate.

You can control cookies through your browser settings. Disabling certain cookies may affect Site functionality.

7. Data retention

We retain personal information for as long as needed to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. Order, billing, and tax records are typically retained for at least seven (7) years. Compliance-gate certifications are retained for at least three (3) years from the date of acceptance or as long as you maintain an active account. Marketing-list data is retained until you unsubscribe.

8. Data security

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, or destruction. These measures include TLS/HTTPS encryption in transit, encrypted storage where applicable, access controls, and vendor due-diligence. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. Your rights (GDPR & similar laws)

Depending on your location, you may have the right to:

Access the personal information we hold about you;
Rectify inaccurate or incomplete information;
Erase your personal information (subject to legal retention requirements);
Restrict or object to certain processing;
Portability — receive a machine-readable copy of certain information;
Withdraw consent where processing is based on consent;
Lodge a complaint with your local data-protection authority.

To exercise these rights, email team@aflu.com. We may need to verify your identity before fulfilling the request.

10. California rights (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended:

Right to know what personal information we collect, use, disclose, and the categories of recipients;
Right to delete personal information we have collected (subject to legal retention requirements);
Right to correct inaccurate personal information;
Right to opt out of sale or sharing — Aflu does not sell or share personal information for cross-context behavioral advertising, so there is nothing to opt out of;
Right to non-discrimination for exercising any of these rights.

To exercise any CCPA right, email team@aflu.com with "CCPA Request" in the subject line. We will respond within the time required by law.

11. Children's privacy

The Site and Services are not directed to anyone under 21 years of age. We do not knowingly collect personal information from anyone under 21. If we learn we have collected personal information from a person under 21, we will delete it. If you believe we may have collected such information, please contact us at team@aflu.com.

12. International users

The Site is operated from the United States. By using the Site, you understand that your personal information will be transferred to, stored in, and processed in the United States, which may have different data-protection laws than your country of residence. We currently ship only to addresses within the United States.

13. Third-party links

The Site may contain links to third-party websites or services not operated by Aflu. We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies.

14. Changes to this Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page indicates when this Policy was last revised. Material changes will be communicated in a reasonable manner (e.g., on-site notice or email). Your continued use of the Site after the effective date of an updated Policy constitutes acceptance of the updated Policy.

15. Contact

DB Marketing LLC 1226 W Green Spring Heights Drive S
Washington, UT 84780
United States

Privacy inquiries: team@aflu.com
General support: team@aflu.com