What we collect, why, who sees it, and how to get it deleted.
Effective: May 2, 2026 · Last updated: June 6, 2026
Plain-language summary. We collect what's needed to ship your order, follow up on it, and run the business. We don't sell your data. We use a small number of vendors (payment processors, email, hosting) — they only see what they need to do their job. If you use the Companion app and turn on cloud sync, we only ever use that tracking data as anonymized, aggregated insight — never to profile or identify you. You can ask us to delete your data anytime by emailing us.
"goodtides" is a brand operated by Goodtides, LLC, a New York limited liability company. Privacy questions: hello@goodtides.shop.
| Category | Examples | When we collect it |
|---|---|---|
| Identity | Name, email, phone, date of birth | At checkout (required to ship and verify 21+) |
| Shipping | Mailing address | At checkout |
| Order history | What you bought, how much, when, status | When you place an order |
| Payment metadata | Payment method (Stripe card or Venmo), transaction ID, last 4 of card if applicable | At checkout — full card numbers are never stored on our servers |
| Communications | Emails you send us, customer service exchanges | When you contact us |
| Site usage | Pages visited, browser type, approximate location (city-level) | Automatically when you browse — used to fix bugs and improve the site |
| Disclaimer acceptances | Which checkboxes you accepted at checkout, when | At checkout — kept for legal audit purposes |
| Companion app data | If you use the Companion app (app.goodtides.shop): the protocols, doses, vials, supplies on hand and optional weight you enter to track your own regimen | When you enter it in the app — kept on your device, and backed up to our servers only if you turn on cloud sync |
We do not collect medical information through goodtides.shop. When peptides go live and you complete a physician evaluation through our telehealth partner, that information is collected directly by them under HIPAA — not by goodtides.shop. See their privacy policy for details when you start that flow. (The optional Companion app does let you record your own regimen — see "The Companion app" just below.)
The optional Companion app (app.goodtides.shop) lets you track your own regimen — your protocols, doses, the vials and supplies you have on hand, and (only if you choose) your weight. By default this stays on your device. If you turn on cloud sync, a copy is saved to our servers (stored encrypted, like the rest of our data) so you can back it up and use it across your devices.
Because synced data sits on our servers, we can access it — but for Companion app data we only ever use it as aggregated, de-identified insight to run and improve the product and to plan our inventory (for example: how commonly a peptide is used, typical doses, or how much bacteriostatic water people add when mixing). We do not build advertising profiles from it, we do not sell it, and we never publish or share anything that identifies you. If we add features that act on your individual data — such as reminding you when you're about to run low so you can reorder — those are opt-in, and you can turn them off. You can export or delete your synced data anytime from within the app, or by emailing us.
We share data only with vendors who help us run the business. They only see what they need to do their job:
We will share data with law enforcement only when legally required (subpoena, court order). We will never sell your data to third parties or share it for marketing purposes outside goodtides.
If we send you marketing emails (product launches, sales, new drops), we'll only do so because you bought from us or signed up for our list. Every marketing email has an unsubscribe link. Transactional emails (order confirmations, shipping) cannot be unsubscribed from while you have an active order — that's how we communicate with you.
We use only essential cookies for cart functionality and admin login. We do not use Google Analytics, Facebook Pixel, or any third-party tracking that builds advertising profiles. If we add privacy-respecting analytics later (e.g. Plausible, Fathom), we'll update this section.
You can:
California residents have additional rights under CCPA. New York residents have rights under SHIELD. EU residents (if any) have rights under GDPR. Email us and we'll handle it under whichever framework applies to you.
goodtides.shop is intended exclusively for adults 21 and older. We do not knowingly collect data from anyone under 21. If you believe a minor has submitted information to us, email hello@goodtides.shop and we will delete it immediately.
We use industry-standard security: HTTPS for all site traffic, encrypted database storage at our hosting provider, signed magic-link tokens for customer order lookup. We do not store full credit card numbers on our servers — payment processors handle that. Despite this, no system is 100% secure; if there's ever a breach affecting your data we'll notify you within 72 hours of discovery as required by NY SHIELD.
Order data is retained for 7 years for tax and legal purposes. Marketing email lists are retained until you unsubscribe. Site usage logs are retained for 90 days. Anything else is deleted on request or when no longer needed for the original purpose.
goodtides operates from the United States. If you're outside the US, your data is transferred to and processed in the US. By using the site you consent to that transfer.
If we make material changes to how we handle your data, we'll email you and update the "Effective" date. Continued use of the site after changes means you accept the new policy.
Privacy questions or requests: hello@goodtides.shop. We aim to respond within 5 business days.