pep.deals

Privacy

pep.deals is a small comparison surface. We collect only what we need to run redirects, optional alerts, coupons in review, and hosting diagnostics. This is not a marketing dossier.

What we collect

  • Outbound clicks via /go/…: a salted hash derived from coarse IP routing info plus your browser's user-agent string, Vercel-supplied country code when present, optional UTM tags, and HTTP referrer. Stored with the vendor/product identifiers you clicked.
  • Price alerts only if you submit an email: address, peptide choice, confirmation token, and active flag in Postgres until you stop alerts (no marketing lists from this path today).
  • Coupon submissions: code, vendor hint, free-text note, moderation status, and a hashed submitter fingerprint field used for abuse control (not sold).
  • Administrators who sign into /admin authenticate through a dedicated sign-in provider; that vendor processes account data for those sessions only. Ordinary catalog browsing does not create an account with us.

Cookies & similar tech

First-party cookies from our host (Vercel/Next.js) may appear for routing or security. Outbound affiliate templates may set third-party cookies or persist sub-IDs on vendor domains; we do not control those. When spam challenges are enabled on the coupon form, Cloudflare may process the challenge token under its terms.

We do not load remarketing pixels, social pixels, or independent analytics SDKs in this repo snapshot. Only the behaviors described above run here.

Processors & recipients

  • Neon hosts Postgres (products, clicks, alerts, coupons).
  • Vercel hosts the app and edge middleware; standard platform logs apply.
  • Email delivery for price-alert messages runs through our transactional mail provider when outbound email is enabled for the project.
  • Affiliate networks / vendors receive click identifiers we attach to outbound URLs, not your pep.deals alert email or coupon notes.

Retention

Operational tables grow until we prune them manually; there is no automated global purge yet. Ask if you need deletion of a specific alert row or coupon submission tied to you.

Your choices

To export or delete personal data we hold (primarily alert emails and notes you voluntarily submitted), email [REPLACE: contact email]. We will verify reasonable requests where practical and comply with applicable mandatory timelines (e.g., GDPR/UK GDPR/CPA concepts), subject to lawful exceptions such as fraud-prevention logs.

Children

pep.deals is aimed at adults 21+. We do not knowingly collect personal information from anyone under that threshold.

EU/UK/California visitors: the disclosures above describe actual wiring today; we are not registering as a data broker and do not sell personal information for money.

Last updated 2026-05-16