Privacy Policy

Last updated: [26th May 2026]

This Privacy Policy explains how Peplabs LLC, a Limited Liability Company registered with the Sharjah Media City Free Zone Authority (Shams), Sharjah, UAE (licence number 2645882.01), trading as “pep.LAB” (“pep.LAB”, “we”, “us”, “our”), collects, uses, stores, and protects your personal data when you use our website (peplab.com) and services.

We are established in the UAE and are committed to handling your data in compliance with the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL) and its implementing regulations.

1. Who is responsible for your data

The data controller for all customers is Peplabs LLC (trading as pep.LAB), Sharjah Media City (Shams), Sharjah, UAE.

For any data protection enquiry, contact our data protection point of contact at hello@peplabdubai.com.

2. What data we collect

We collect the following categories of personal data:

Information you give us:

Identity data — name, date of birth (for age verification), title
Contact data — billing address, delivery address, email address, phone number
Account data — username, password (encrypted), order history
Transaction data — products purchased, payment confirmation (we do not store full card numbers)
Consultation data — if you book a consultation, the information you provide in the intake form (your stated goals, current medications, and any details you choose to share)
Communications data — emails, messages, and support enquiries you send us

Information we collect automatically:

Technical data — IP address, browser type and version, device information, time zone
Usage data — pages visited, products viewed, time spent, referral source
Cookie data — see our Cookies Notice

We do not intentionally collect special category data (such as health records) except where you voluntarily provide health-related context during a consultation intake. Where you do, you consent to us processing it for the purpose of that consultation only.

3. How we use your data and our legal basis

Purpose	Legal basis (UAE PDPL)
Process and fulfil your orders	Performance of a contract
Take payment and prevent fraud	Performance of a contract; legitimate interests
Verify you are 21 or older	Legal obligation; legitimate interests
Send order, dispatch, and delivery updates	Performance of a contract
Provide consultation services you book	Performance of a contract; consent (for any health context)
Respond to your enquiries	Legitimate interests
Send marketing emails (if you opt in)	Consent
Improve our website and services	Legitimate interests
Comply with legal, tax, and regulatory obligations	Legal obligation

You can withdraw consent for marketing at any time by clicking “unsubscribe” in any marketing email or contacting us.

4. Marketing

We will only send you marketing communications if you have opted in. Every marketing email includes an unsubscribe link. We never sell your data to third parties for their marketing.

5. Who we share your data with

We share your data only with parties who help us run our business, under strict data processing agreements:

Payment processors — to take payment securely (they receive transaction data, never stored by us in full)
Shipping and logistics partners — to deliver your order (name, address, phone)
Email and communications providers — to send transactional and (if opted in) marketing emails
Booking and scheduling tools — if you book a consultation
Hosting and IT providers — who store and maintain our website infrastructure
Professional advisers — lawyers, accountants, and auditors where necessary
Regulators and law enforcement — where required by law

We require all third parties to respect the security of your data and to process it only on our instructions. We do not allow them to use your data for their own purposes.

6. International transfers

We are established in the UAE and process your personal data in the UAE. Some of our service providers (such as hosting, email, or payment providers) may be located in other countries, meaning your data may be transferred outside the UAE. Where this happens, we take reasonable steps to ensure your data is protected by appropriate safeguards and is processed only in accordance with this policy and the UAE PDPL. You can contact us at any time for details of the safeguards that apply.

7. How long we keep your data

We keep your data only as long as necessary:

Order and transaction data — 7 years (to meet UAE tax and accounting obligations)
Account data — for as long as your account is active, then deleted or anonymised within 12 months of closure
Consultation data — retained for the period required for clinical record-keeping and then securely deleted
Marketing data — until you unsubscribe, then suppressed (kept minimally to honour your opt-out)
Website usage / cookie data — typically 26 months or less

8. Your rights

Under the UAE PDPL, you have the right to:

Access — request a copy of the personal data we hold about you
Rectification — ask us to correct inaccurate or incomplete data
Erasure — ask us to delete your data (subject to legal retention obligations)
Restriction — ask us to limit how we use your data
Portability — request your data in a portable format
Objection — object to processing based on legitimate interests, or to direct marketing
Withdraw consent — where processing is based on consent

To exercise any right, email hello@peplabdubai.com. We will respond within the period required by the UAE PDPL. We may need to verify your identity first.

If you are unhappy with how we handle your data, you have the right to complain to the UAE Data Office.

We’d appreciate the chance to address your concerns first, so please contact us before approaching the regulator.

9. How we protect your data

We use technical and organisational measures to protect your data, including:

Encryption of data in transit (SSL/TLS) and at rest where appropriate
Restricted access to personal data on a need-to-know basis
Secure, reputable hosting infrastructure
Regular review of our security practices

No system is perfectly secure, but we take reasonable steps to protect your data and to notify you and the relevant regulator of any breach where legally required.

10. Cookies

We use a minimal set of cookies. See our Cookies Notice for full details on what we use and how to manage your preferences.

11. Children

Our Services are not directed at anyone under 21. We do not knowingly collect data from anyone under that age. If you believe we have inadvertently collected such data, contact us and we will delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date reflects the latest version. Material changes will be notified by email or a notice on the Site.

13. Contact

Data protection contact: hello@peplabdubai.com
General enquiries: hello@peplabdubai.com
Registered address: Peplabs LLC, Sharjah Media City (Shams), P.O. Box 515000, Sharjah, UAE

Privacy Policy

1. Who is responsible for your data

2. What data we collect

3. How we use your data and our legal basis

4. Marketing

5. Who we share your data with

6. International transfers

7. How long we keep your data

8. Your rights

9. How we protect your data

10. Cookies

11. Children

12. Changes to this policy

13. Contact

Get Started

Targeted peptide protocols backed by science. Built for performance. Delivered with precision.

Protocols

Visit Us

WhatsApp Us

Email us

Visit Us

© 2026 Peplabs LLC. All rights reserved.

Terms of Service

Privacy Policy

Research-Use & Compliance Policy

For laboratory and research use only. Not for human or animal consumption. Not medicines. You must be 21+ to purchase. pep.LAB does not prescribe or give medical advice. © 2026 Peplabs LLC, Sharjah Media City (Shams), UAE.