UPTIDE
HomeProductsFDA ApprovedSuppliesCalculatorContactResearch ↗
Legal

Privacy
Policy

Last updated: 1 January 2025

Who we are

Uptide is a Dutch-registered company supplying pharmaceutical-grade research compounds to qualified researchers. This Privacy Policy explains how we collect, use, and protect personal data in connection with your use of our website and services.

For privacy-related enquiries, contact us at privacy@uptide.eu.

Data we collect

We collect only the personal data necessary to operate our service:

  • Contact data: name, email address, telephone number
  • Delivery data: shipping address and billing address
  • Order data: products ordered, transaction amounts, order history
  • Payment data: payment confirmation references (we do not store card numbers or bank details)
  • Technical data: IP address, browser type, pages visited, session duration
  • Account data: hashed password, saved addresses (if you create an account)

Why we use your data

We process personal data for the following purposes:

Fulfilling your orderContract performance
Sending order confirmations and invoicesContract performance
Processing paymentsContract performance
Providing customer supportLegitimate interests
Fraud prevention and securityLegitimate interests
Compliance with legal obligationsLegal requirement

Cookies and local storage

We use minimal, functional cookies and browser local storage for:

  • Shopping cart persistence across pages and sessions
  • Authentication session tokens (if logged in)
  • Language and display preferences

We do not use advertising cookies or third-party tracking pixels. We may introduce analytics in the future, at which point this policy will be updated and consent obtained where required.

Third-party service providers

We share data with trusted third parties only where necessary to operate our service:

  • Payment processors (Mollie) — to process payments securely
  • Shipping carriers — to deliver your order
  • Email delivery (Resend) — to send transactional emails
  • Database hosting (Railway) — to store order and account data

All service providers are contractually bound to handle your data in accordance with GDPR requirements. We do not sell personal data to any third party.

Data retention

We retain personal data only as long as necessary for the purpose it was collected, or as required by law:

  • Order and invoice records: 7 years (Dutch tax law requirement)
  • Account data: until account deletion or 3 years of inactivity
  • Technical/log data: up to 90 days

Your rights

Under GDPR, you have the following rights regarding your personal data:

Right of accessRequest a copy of the personal data we hold about you.
Right to rectificationAsk us to correct inaccurate or incomplete data.
Right to erasureRequest deletion of your data, subject to legal retention requirements.
Right to portabilityReceive your data in a structured, machine-readable format.
Right to objectObject to processing based on legitimate interests.

To exercise any of these rights, email privacy@uptide.eu. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. All data is transmitted over encrypted HTTPS connections.

No method of transmission over the internet is completely secure. While we take every reasonable precaution, we cannot guarantee absolute security.

Updates to this policy

We may update this Privacy Policy from time to time. The current version is always available at this URL with the date of last update. For material changes, we will notify account holders by email.

Privacy questions?

privacy@uptide.eu