Privacy Policy

Steroids UK ("we", "us", "our") takes your privacy seriously. This Privacy Policy explains what information we collect when you use steroids-uk.com, how we use it, how we protect it, and what choices you have.

By using our website and placing orders, you consent to the practices described in this policy. If you do not agree, please do not use our services.

We use your personal information strictly for these purposes:

• Order processing: to fulfil and dispatch your orders from our UK warehouse
• Payment verification: to process and confirm bank transfer, Revolut, card or crypto payments
• Customer support: to respond to your inquiries via chat or email
• Account management: to maintain your account, order history and loyalty programme
• Transactional email: to send order confirmations, dispatch notifications and Royal Mail tracking updates
• Marketing: to send newsletters and promotional offers (only with your explicit opt-in)
• Fraud prevention: to detect and prevent unauthorised access, chargebacks and abuse
• Service improvement: to analyse anonymised usage patterns and improve our platform

We understand that discretion is paramount. We take several steps to protect your privacy:

• Card charges appear with neutral descriptors on your bank statement (a generic crypto reference) with no reference to the product category
• All packages ship in plain, unmarked Royal Mail parcels with no external labels indicating the contents
• Shipping labels show a neutral sender business name, not "Steroids UK"
• Inner tamper-evident packaging on injectables and peptides

We take the security of your data seriously and implement the following measures:

• Passwords are hashed using industry-standard Argon2id
• Sensitive personal data is encrypted at rest (AES-256)
• All data is transmitted over HTTPS with TLS 1.3
• Access to customer data is restricted to authorised staff with two-factor authentication required
• Regular security audits and CodeRabbit-driven static analysis on every code change
• Automated backups are encrypted and stored in geographically separated UK / EU data centres

We retain your personal information for as long as your account is active or as needed to provide services and resolve disputes.

We do not sell, trade, or rent your personal information to third parties. We share your data only with:

• Royal Mail / Parcelforce: your name and shipping address to fulfil deliveries
• Payment processors (Fiat-to-crypto Card Payment, Revolut, NOWPayments): transaction details required for payment authorisation
• Transactional email provider: your email address to deliver order updates and tracking
• Cloudflare (CDN & security): request metadata for DDoS protection and edge caching

All third-party service providers are contractually obligated to protect your data and to use it only for the specified purposes.

Our website uses essential cookies and session storage for:

• Authentication (keeping you logged in)
• Shopping cart persistence
• Device fingerprinting for fraud prevention
• Age-gate verification (so you do not see the 18+ popup on every page)
• CSRF token storage for checkout security

We do not use third-party advertising cookies or tracking pixels. All analytics are self-hosted and anonymised. We do not share browsing data with Meta, Google Ads or any external advertising platform.

If you subscribe to our newsletter or promotional emails, we collect your email address and subscription preferences. You can unsubscribe at any time by clicking the unsubscribe link in any marketing email or by contacting us directly.

We will never send marketing emails without your explicit opt-in consent (compliant with PECR — Privacy and Electronic Communications Regulations).

Our website is intended only for individuals aged 18 years or older. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected data from a minor, we will delete it promptly.

Our primary data hosting is within the UK and the European Economic Area (EEA). Some sub-processors (e.g. Cloudflare) operate globally; where this involves transfers outside the UK/EEA, we rely on the UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses (SCCs) to ensure your data receives equivalent protection.

We may update this Privacy Policy from time to time. Material changes will be announced via email and on this page with an updated revision date. We encourage you to review this policy periodically.