Creator SystemsHow It WorksBlogAffiliatesCareersAboutContactShop All
Legal

Privacy Policy

Version: 1.0

Effective Date: April 26, 2026

Last Updated: April 26, 2026

1. Introduction

Peptly (“we,” “our,” or “us”) operates the website at peptly.com (the “Site”) and sells digital productivity templates and related products (the “Products”) through various third-party sales platforms (the “Sales Platforms”). This Privacy Policy explains how we collect, use, disclose, and protect information when you visit the Site, purchase or use our Products, subscribe to our communications, participate in the Peptly Affiliate Program, or otherwise interact with us.

Peptly is operated as a sole proprietorship based in Virginia, United States.

This Privacy Policy describes your rights under applicable data protection laws, including the General Data Protection Regulation (the “GDPR”), the California Consumer Privacy Act as amended by the California Privacy Rights Act (the “CCPA/CPRA”), and the Virginia Consumer Data Protection Act (the “VCDPA”).

By using the Site, purchasing Products, or otherwise interacting with Peptly, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Site or purchase our Products.

2. Information We Collect

2.1 Information You Provide Directly

  • Contact information: When you contact us or sign up for the free Creator Starter Kit, we collect your name and email address.
  • Newsletter sign-up information: When you subscribe to our marketing emails or request free resources (such as the Creator Starter Kit), we collect your email address.
  • Purchase information: When you purchase Products through third-party Sales Platforms, we receive limited transaction details, including your email address, country, and order reference. Payment processing is handled entirely by the Sales Platform; we do not directly collect or store your payment card information.
  • Communications: When you send us messages, feedback, or inquiries via email or social media, we collect the content of those communications and any information you choose to provide.
  • Affiliate Program information: If you apply to or participate in the Peptly Affiliate Program, we collect your name, email address, payment information, platform handles, and performance data as described in the Affiliate Terms and Conditions.

2.2 Information Collected Automatically

  • Log data: When you visit the Site, our servers automatically record information including your IP address, browser type, operating system, referring URLs, pages visited, and timestamps.
  • Analytics: We use analytics services (such as Google Analytics or similar tools) to collect aggregate or pseudonymous usage data about how visitors interact with the Site. This helps us understand traffic patterns and improve the user experience.
  • Cookies: We use cookies and similar tracking technologies as described in Section 6 of this Privacy Policy.
  • Affiliate tracking cookies and Attribution Links: If you arrive at a Sales Platform through an affiliate’s Attribution Link, tracking cookies or similar technologies may be set by the Sales Platform and/or affiliate tracking systems used by Peptly to attribute the sale to the referring affiliate.

2.3 Information from Third-Party Platforms

  • Social media platforms: When you interact with our content on platforms such as Instagram, TikTok, YouTube, or Lemon8, we may receive aggregate engagement statistics (such as likes, views, shares, and follower counts). We do not receive your personal account information from these platforms unless you voluntarily provide it.
  • Sales Platform data: We receive transaction details and affiliate attribution data from Sales Platforms when purchases are made through our storefronts or through affiliate Attribution Links.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, maintain, and improve the Site and our Products
  • To process and fulfill orders placed through Sales Platforms
  • To respond to your inquiries, feedback, and customer support requests
  • To send the free Creator Starter Kit and related follow-up emails to subscribers who opt in
  • To send marketing communications and newsletters to subscribers who have opted in, and to allow you to unsubscribe at any time
  • To administer the Peptly Affiliate Program, including tracking Attribution Links, calculating commissions, and processing affiliate payouts
  • To communicate with affiliates regarding program updates, commission reports, and operational matters
  • To analyze usage trends and improve the functionality and content of the Site
  • To detect, prevent, and address fraud, abuse, or security issues
  • To comply with legal obligations and enforce our terms and policies
  • To protect the rights, property, and safety of Peptly, our users, and the public

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data on the following legal bases under the GDPR:

  • Performance of a contract (Article 6(1)(b)): Processing necessary to fulfill our contractual obligations to you, such as delivering purchased Products, providing customer support, and administering the Affiliate Program.
  • Legitimate interests (Article 6(1)(f)): Processing necessary for our legitimate interests, such as analyzing Site usage, improving our Products and services, detecting fraud, and enforcing our terms. We balance these interests against your rights and freedoms.
  • Consent (Article 6(1)(a)): Processing based on your freely given consent, such as for marketing communications, newsletter sign-ups, free resource delivery (including the Creator Starter Kit), non-essential cookies, and affiliate tracking cookies where consent is required. You may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Legal obligation (Article 6(1)(c)): Processing necessary to comply with applicable laws, regulations, or legal processes, such as tax reporting and record-keeping requirements.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • Sales Platforms: We use third-party Sales Platforms to distribute and sell our Products. These platforms process your payment and transaction data under their own privacy policies. We receive only limited transaction details as described in Section 2.
  • Service providers: We may share information with trusted third-party service providers who assist us in operating the Site, conducting analytics, and delivering communications (such as email service providers). These providers are contractually obligated to use your information only for the purposes we specify and in accordance with this Privacy Policy.
  • Affiliate tracking: When you purchase a Product through an affiliate’s Attribution Link, limited transaction data (such as sale amount, product purchased, and order reference) may be shared with the referring affiliate’s Sales Platform account for commission calculation purposes. We do not share your name, email address, or personal contact information with affiliates.
  • Email marketing providers: If you sign up for the Creator Starter Kit or newsletter, your email address is processed by our third-party email service provider for delivery purposes.
  • Legal requirements: We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, enforce our terms, or ensure the safety of our users or the public.
  • Business transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

6. Cookies and Tracking Technologies

The Site uses cookies and similar tracking technologies to enhance your experience and collect usage information. Cookies are small text files stored on your device when you visit a website. We use the following categories of cookies:

Strictly Necessary

Required for the Site to function. Cannot be disabled. No consent required.

  • peptly_cookie_consent (Peptly) — stores your cookie consent preference. Duration: 365 days.
  • cf_clearance (Cloudflare) — Cloudflare security and anti-bot protection. Duration: session.
  • __stripe_mid, __stripe_sid (Stripe / Lemon Squeezy) — payment fraud prevention and session management, required to process purchases. Duration: session to 1 year.
  • laravel_session, ls_customer, cwr_s, cwr_u, XSRF-TOKEN (Lemon Squeezy) — server session, customer identification, and cross-site request forgery protection required for checkout to function. Duration: session.

Analytics (requires consent in EU)

  • _ga, _ga_D308E8J05V (Google Analytics) — collects pseudonymous data about how visitors interact with the Site. Used to understand traffic and improve user experience. Duration: up to 2 years.

Functional / Chat (requires consent in EU)

  • TawkConnectionTime, twk_uuid_* (tawk.to) — enable the live chat widget and maintain chat sessions. Duration: session to persistent.

Affiliate Attribution

  • Lemon Squeezy affiliate attribution — when you arrive via an affiliate’s referral link, Lemon Squeezy uses server-side tracking to attribute any resulting purchase to the referring affiliate. Based on our testing, this does not appear to set additional browser cookies beyond those listed above. This tracking is operated by Lemon Squeezy. See the Lemon Squeezy Privacy Policy for full details.

Email engagement (third-party)

  • Email tracking pixels — if you subscribe to the Creator Starter Kit or newsletter, our email provider may use tracking pixels to record open rates and link clicks for email optimisation.
CookieProviderCategoryDurationEU consent
peptly_cookie_consentPeptlyStrictly Necessary365 daysNo
cf_clearanceCloudflareStrictly NecessarySessionNo
__stripe_mid, __stripe_sidStripe / Lemon SqueezyStrictly NecessarySession–1 yearNo
laravel_session, ls_customer, cwr_s, cwr_u, XSRF-TOKENLemon SqueezyStrictly NecessarySessionNo
_ga, _ga_D308E8J05VGoogle AnalyticsAnalyticsUp to 2 yearsYes
TawkConnectionTime, twk_uuid_*tawk.toFunctional / ChatSession–persistentYes

For users in the European Union, a cookie consent banner is displayed before any non-essential cookies are set. You can also manage cookies through your browser settings. Disabling certain cookies may affect Site functionality.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Data CategoryRetention Period
Transaction records7 years from the date of purchase, as required by applicable tax and accounting laws
Customer support communications3 years from the date of the last communication
Analytics data26 months from the date of collection
Marketing and newsletter subscriber dataRetained until you unsubscribe or request deletion
Affiliate Program dataRetained for the duration of the affiliate relationship and for 3 years after termination, or as required by applicable tax and accounting laws

When personal information is no longer needed, we will securely delete or anonymize it in accordance with our data management practices.

8. Your Rights — European Union (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under the GDPR:

  • Right of access: You have the right to request a copy of the personal data we hold about you.
  • Right to rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
  • Right to erasure: You have the right to request that we delete your personal data, subject to certain legal exceptions.
  • Right to restriction of processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
  • Right to object: You have the right to object to the processing of your personal data based on our legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds.
  • Right to withdraw consent: Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Right to lodge a complaint: You have the right to lodge a complaint with your local data protection supervisory authority if you believe your rights have been violated.

To exercise any of these rights, please contact us at contact@peptly.com. We will respond to your request within 30 days. We may request additional information to verify your identity before fulfilling your request.

9. Your Rights — California Residents (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

  • Right to know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, the business or commercial purpose for collecting it, and the categories of third parties with whom we share it.
  • Right to delete: You have the right to request that we delete the personal information we have collected from you, subject to certain legal exceptions.
  • Right to correct: You have the right to request that we correct inaccurate personal information we maintain about you.
  • Right to opt out of sale or sharing: You have the right to opt out of the sale or sharing of your personal information. Peptly does not sell personal information as defined under the CCPA/CPRA.
  • Right to limit use of sensitive personal information: You have the right to limit the use and disclosure of your sensitive personal information. Peptly does not collect sensitive personal information as defined under the CCPA/CPRA.
  • Right to non-discrimination: We will not discriminate against you for exercising any of your privacy rights.

We do not sell personal information as defined under the CCPA/CPRA, nor do we share it for cross-context behavioral advertising.

To exercise your rights, please contact us at contact@peptly.com with the subject line “California Privacy Request.” We will respond within 45 days of receiving your verifiable request. We may request additional information to verify your identity.

10. Your Rights — Virginia Residents (VCDPA)

Under the Virginia Consumer Data Protection Act (VCDPA), Virginia residents have the following rights:

  • Right to access: You have the right to confirm whether we are processing your personal data and to access that data.
  • Right to correct: You have the right to correct inaccuracies in your personal data, taking into account the nature of the personal data and the purposes of processing.
  • Right to delete: You have the right to request deletion of personal data you have provided or that we have obtained about you.
  • Right to data portability: You have the right to obtain a copy of your personal data in a portable and, to the extent technically feasible, readily usable format.
  • Right to opt out: You have the right to opt out of the processing of your personal data for purposes of targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning you. Peptly does not sell personal data or engage in profiling that produces legal or similarly significant effects.

To exercise these rights, please contact us at contact@peptly.com with the subject line “Virginia Privacy Request.” We will respond within 45 days. If your appeal is denied, you may contact the Virginia Attorney General’s office.

11. Do Not Track

Peptly does not currently respond to “Do Not Track” browser signals. There is no universally accepted standard for how online services should respond to such signals. If a standard is established in the future, we will update this Policy accordingly.

12. International Data Transfers

Peptly operates from the United States and our Products are available to users worldwide. If you access the Site or purchase Products from outside the United States, your information may be transferred to, stored in, and processed in the United States or other countries where our service providers operate.

These countries may have data protection laws that differ from the laws of your country of residence. By using the Site or purchasing Products, you acknowledge and consent to the transfer of your information to the United States and other jurisdictions as described in this Privacy Policy.

For transfers of personal data from the European Economic Area (EEA), the United Kingdom, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other appropriate safeguards recognized under applicable law.

13. Local Law and Mandatory Rights

The Site and Products are available to users worldwide. Local laws in your jurisdiction may grant you additional rights or impose obligations on Peptly that cannot be waived by contract.

Nothing in this Privacy Policy is intended to limit or override any mandatory data protection rights you have under the laws of your country of residence.

If any provision of this Policy conflicts with mandatory local law, that provision shall be interpreted to comply with such law to the minimum extent necessary, and the remainder of this Policy shall remain in full force and effect.

14. Security

We implement commercially reasonable administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, use, alteration, and disclosure. These measures include encryption of data in transit, access controls, and regular review of our security practices.

However, no method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee its absolute security. You use the Site and provide information at your own risk.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected individuals and relevant supervisory authorities in accordance with applicable law.

15. Children’s Privacy

The Site and Products are not intended for individuals under the age of eighteen (18). We do not knowingly collect personal information from children under eighteen (18). If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at contact@peptly.com so that we can take appropriate action to delete such information.

If you are under eighteen (18) years of age, please do not use the Site, purchase Products, or provide any personal information to us.

16. Third-Party Links and Services

The Site and our Products may contain links to third-party websites and services, including but not limited to Sales Platforms, Notion, social media platforms (such as Instagram, TikTok, YouTube, and Lemon8), and other external resources. These third-party services are not operated by Peptly, and we are not responsible for their privacy practices, content, or security.

Sales Platforms used by Peptly for product distribution and affiliate tracking have their own privacy policies. We encourage you to review them before providing any personal information.

17. Affiliate Program Data

If you participate in the Peptly Affiliate Program, we collect and process your personal data as described in the Affiliate Terms and Conditions, including your name, email address, payment details, platform handles, referral activity, and commission data.

This data is used to administer the Affiliate Program, calculate and pay commissions, verify referral attribution, and comply with tax reporting obligations.

Affiliate data is processed on the legal bases described in Section 4 of this Privacy Policy, specifically performance of a contract and legal obligation.

Affiliates may exercise their data protection rights as described in Sections 8, 9, 10, and 13 of this Privacy Policy by contacting us at contact@peptly.com.

18. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will update the “Effective Date” at the top of this Privacy Policy.

For material changes, we will provide reasonable notice, such as by posting a prominent notice on the Site or sending an email to the address associated with your account or subscription. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Your continued use of the Site or purchase of Products after the effective date of any updated Privacy Policy constitutes your acceptance of the revised terms.

19. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Peptly

Email: contact@peptly.com

Website: peptly.com

We will respond to your inquiry within 30 days, or within any shorter period required by applicable law.

Peptly Privacy Policy v1.0 — 2026