Privacy Policy.

Last updated: April 2026

1. Overview

New-U Peptides ("we," "us," or "our"), a brand operated by Hilxera Distribution Services LLC, operates the website new-u.io. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, place an order, or interact with our services. By using our website you consent to the practices described herein.

2. Information We Collect

Information You Provide Directly

We collect personal information that you voluntarily provide when you:

• Place an order for research-grade peptide compounds
• Create an account or register for order tracking
• Subscribe to our newsletter or email communications
• Contact us via email, contact form, or other channels
• Apply for or participate in our affiliate programme
• Submit a referral through our refer-a-friend programme

This information may include your name, email address, shipping and billing address, telephone number, payment details, and any research-related enquiries you submit.

Information Collected Automatically

When you visit our website, we automatically collect certain technical data, including:

• Browser type, version, and device information
• IP address and approximate geographic location
• Pages visited, time spent on each page, and navigation paths
• Referral source and search terms used to reach our site
• Operating system and screen resolution

Information from Third Parties

We may receive limited information from third-party services we integrate with, including payment processors confirming transaction status and affiliate networks providing referral data.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Order fulfilment: Processing, packaging, dispatching, and tracking your peptide orders
• Communications: Sending order confirmations, shipping updates, delivery notifications, and payment receipts
• Customer support: Responding to enquiries, resolving issues, and providing post-sale assistance
• Marketing: Sending promotional emails, product announcements, and newsletters (only with your explicit consent; you may opt out at any time)
• Compliance: Verifying that purchases are made for legitimate research purposes in accordance with applicable regulations
• Fraud prevention: Detecting and preventing fraudulent transactions, chargebacks, and unauthorised account access
• Site improvement: Analysing usage patterns to improve website performance, user experience, and product offerings
• Legal obligations: Complying with applicable laws, regulations, and lawful requests from authorities

4. Payment Processing & Financial Data

We accept payments via card (processed through Stripe) and cryptocurrency (processed through third-party crypto payment providers). All payment transactions are handled by PCI DSS-compliant third-party processors.

• We do not store complete credit or debit card numbers on our servers.
• Cryptocurrency transactions are processed via secure third-party gateways. We store only the transaction reference and payment status, not your wallet private keys.
• Payment data is transmitted over encrypted connections (TLS 1.2+) at all times.

5. Data Security

We take the security of your personal information seriously and implement multiple layers of protection:

• Encryption in transit: All data transmitted between your browser and our servers is protected by SSL/TLS encryption.
• Encryption at rest: Sensitive personally identifiable information (PII) is encrypted using AWS Key Management Service (KMS) envelope encryption before being stored in our database.
• Secure infrastructure: Our application and database are hosted on AWS with access restricted by IAM policies and network security groups.
• Access controls: Access to customer data is restricted to authorised personnel on a need-to-know basis.
• Rate limiting: API endpoints are rate-limited to prevent abuse and brute-force attacks.

While we implement industry-standard security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the highest practical standard.

6. Cookies & Tracking Technologies

Our website uses cookies and similar technologies for the following purposes:

• Essential cookies: Required for core site functionality including shopping cart persistence, session management, and checkout processing. These cannot be disabled without breaking site functionality.
• Preference cookies: Store your preferences such as selected currency and display settings.
• Analytics cookies: Help us understand how visitors interact with our website so we can improve the user experience.
• Affiliate tracking: Used to attribute referrals to our affiliate partners for commission purposes.

You can manage or disable cookies through your browser settings. Disabling essential cookies may prevent you from completing purchases or using certain site features.

7. Third-Party Services

We share limited data with the following categories of third-party service providers, each of whom is contractually obligated to handle your information securely and only for the purposes we specify:

• Email delivery: MailerSend — for sending transactional emails (order confirmations, shipping updates) and marketing communications
• Payment processing: Stripe (card payments) and cryptocurrency payment gateways — for secure payment handling
• Cloud infrastructure: Amazon Web Services (AWS) — for hosting, database, and encryption services
• Shipping & fulfilment: Postal and courier services — for order delivery (we share only the information necessary for shipping)

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

8. Research Verification

As a supplier of research-grade peptide compounds, we may collect and retain information to verify that customers are purchasing products for legitimate scientific research. By placing an order you confirm that:

• You are at least 18 years of age
• You are a qualified researcher or purchasing on behalf of a research institution
• Products will be used solely for lawful in-vitro research and laboratory purposes
• You are in compliance with all applicable local, national, and international regulations

Verification data may be retained as part of our compliance records.

9. International Data Transfers

We ship to customers in the EU, USA, and UK, and your data may be processed and stored in any of these regions. Our servers and infrastructure are hosted in the United States via AWS.

For customers in the European Economic Area (EEA) or United Kingdom, data transfers to the US are conducted in accordance with applicable data protection frameworks. By using our services, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection standards.

10. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes outlined in this policy:

• Order records: Retained for a minimum of 7 years for legal, tax, and compliance purposes
• Customer accounts: Retained for the duration of your account plus 2 years after the last activity
• Email subscribers: Retained until you unsubscribe or request deletion
• Affiliate data: Retained for the duration of the affiliate relationship plus 3 years
• Analytics data: Aggregated and anonymised data may be retained indefinitely for statistical purposes

You may request deletion of your personal data at any time, subject to our legal retention obligations.

11. Your Rights

All Customers

Regardless of your location, you have the right to:

• Request access to the personal data we hold about you
• Request correction of inaccurate or incomplete data
• Request deletion of your personal data (subject to legal retention requirements)
• Opt out of marketing communications at any time
• Withdraw consent for data processing where consent is the legal basis

EU & UK Customers (GDPR / UK GDPR)

In addition to the rights above, if you are located in the EEA or UK, you also have the right to:

• Request restriction of processing of your personal data
• Request data portability — receive your data in a structured, commonly used, machine-readable format
• Object to processing based on legitimate interests
• Lodge a complaint with your local data protection supervisory authority

To exercise any of these rights, contact us at hello@new-u.io. We will respond to all requests within 30 days.

12. Children's Privacy

Our website and services are not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a person under 18, we will take immediate steps to delete that information.

13. Contact Us

For privacy concerns, data access requests, or questions about this policy, contact us at:

New-U Peptides (operated by Hilxera Distribution Services LLC)
Email: hello@new-u.io
Website: new-u.io

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you via email or a prominent notice on our website. We encourage you to review this policy periodically.