CASAMINO

Legal

Privacy Policy

Effective: March 13, 2026

Version 1.0

Section 1

Introduction

Casamino (“we,” “us,” or “our”) operates casamino.com and associated mobile applications (collectively, the “Platform”). We are a private, invitation-only membership club offering independently verified research compounds, branded merchandise, and laboratory supplies to our members.

This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, and your rights regarding that information. It applies to all visitors, prospective members, active members, and former members who interact with our Platform, regardless of location.

Our core commitment: we do not sell, rent, lease, or otherwise share your personal information with third parties for their marketing purposes. We never have. We never will.

By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, please do not use the Platform.

Section 2

Who We Are

Casamino is operated by Casamino LLC, a Wyoming limited liability company. For the purposes of data protection laws, including the European Union General Data Protection Regulation (GDPR) and the United Kingdom GDPR, we are the data controller responsible for your personal information.

If you have questions about this policy or how we handle your data, contact our Privacy Officer:

Email: privacy@casamino.com

Section 3

Information We Collect

3.1 Information You Provide Directly

Account Registration

When you accept an invitation and create a Casamino account, we collect your full name, email address, and a password (which we store in hashed, irreversible form). If you choose to link a Telegram account for community access, we collect your Telegram user ID.

Membership and Billing

When you subscribe, we collect billing information necessary to process your membership fee. This may include your payment card number, expiration date, billing address, and bank account details for ACH payments. We do not store complete payment card numbers on our servers. Card data is tokenized and stored by our PCI DSS-compliant payment processors. We retain only a truncated reference (last four digits and card brand) for your records and our transaction history.

Orders and Fulfillment

When you place an order, we collect your shipping name, shipping address, phone number (optional, for carrier delivery notifications), and payment details for the transaction. Order history, including items purchased, order dates, pricing, and fulfillment status, is retained in your account.

Referral Activity

When you share invitations, we collect data about which invite codes and referral links you generate, when those codes are used, and the identity of referred members for attribution and reward purposes. Referral data is linked to your account.

Communications

When you contact us directly by email, through support channels, or through the community, we collect the content of your messages and any attachments you include.

Community Participation

If you participate in our members-only community (currently hosted on Telegram), your messages, posts, and interactions within that community may be visible to other members and to our moderation team.

3.2 Information Collected Automatically

Device and Usage Data

When you access the Platform, we automatically collect:

  • IP address, browser type and version, operating system
  • Device type and screen resolution
  • Referring URL, pages visited and features used
  • Timestamps of access and session duration

This data is collected through server logs and analytics tools.

Cookies and Similar Technologies

We use cookies and similar technologies for:

  • Authentication and session management
  • Remembering your preferences and settings
  • Understanding how members use the Platform
  • Preventing fraud and ensuring security

We do not use cookies for third-party advertising or behavioral tracking across other websites. See Section 11 for detailed information.

3.3 Information from Third Parties

Referral Source

When you arrive via a referral link or invitation code, we receive the identity of the referring member.

Payment Processors

Our payment processors may provide us with transaction confirmation data, fraud screening results, and partial payment identifiers necessary to reconcile transactions and manage billing.

Cryptocurrency Payments

If you pay with cryptocurrency, our payment integration records the wallet address associated with the transaction, the transaction hash on the relevant blockchain, and the converted fiat amount. Blockchain transactions are publicly visible by nature; we do not control or influence blockchain transparency.

Section 4

How We Use Your Information

We process your personal information only for the purposes described in this policy. Where required by law, we identify the legal basis for each use.

Section 5

How We Share Your Information

We do not sell your personal information. We do not rent it. We do not share it with third parties for their marketing or advertising purposes. This commitment applies to all categories of personal data we collect, without exception.

We share your personal information only in the following limited circumstances:

Fulfillment Partners

When you order research compounds, we transmit your shipping name, shipping address, and order details to our dropship fulfillment partner so they can ship your order directly to you. Our fulfillment partner receives only the information necessary to complete the shipment. They do not receive your email address, payment information, membership status, referral history, or any other account data. Our fulfillment agreement prohibits the partner from using your shipping information for any purpose other than order delivery.

Payment Processors

We share billing and transaction data with our payment processors to process subscription fees and product orders. Each processor receives only the data necessary for the specific transaction type they handle. Our payment processors are PCI DSS-compliant and contractually prohibited from using your data for purposes other than processing our transactions.

Infrastructure and Service Providers

We use third-party services for hosting, email delivery, analytics, and other operational functions. These providers process data on our behalf under contractual obligations that prohibit them from using your data for their own purposes.

Community Platform

If you link your Telegram account, your Telegram user ID is used to manage access to our private community group. Your messages and interactions within the community are visible to other members and moderators. Telegram operates under its own privacy policy.

Legal Requirements

We may disclose your information if required by law, subpoena, court order, or regulatory demand, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. We will make reasonable efforts to notify you of such disclosure unless prohibited by law.

Business Transfers

If Casamino is involved in a merger, acquisition, or sale of all or a portion of its assets, your personal information may be transferred as part of that transaction. We will notify you via email or prominent notice on the Platform before your information becomes subject to a different privacy policy.

Section 6

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this policy, comply with legal obligations, resolve disputes, and enforce our agreements.

When retention periods expire, we delete or irreversibly anonymize the data. Anonymized data, which cannot be linked back to any individual, may be retained indefinitely for business analytics.

Section 7

International Data Transfers

Casamino is based in the United States. If you access the Platform from outside the United States, your personal information will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

European Economic Area, United Kingdom, and Switzerland

For transfers of personal data from the EEA, UK, or Switzerland to the United States, we rely on the following safeguards:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, incorporated into our agreements with service providers that process EEA/UK personal data.
  • Adequacy decisions, where applicable, for transfers to jurisdictions recognized by the European Commission as providing adequate data protection.
  • Supplementary measures, including encryption in transit and at rest, access controls, and contractual restrictions on onward transfers.

Section 8

Your Rights

Depending on your location, you may have some or all of the following rights regarding your personal information. We honor these rights regardless of where you reside, to the extent they are practically and legally applicable.

Right of Access

You may request a copy of the personal information we hold about you. We will provide this in a commonly used, machine-readable format within 30 days of your verified request.

Right to Rectification

You may request that we correct inaccurate personal information or complete incomplete information. You can update most account information directly through your Dashboard.

Right to Erasure

You may request that we delete your personal information. We will comply unless we are required to retain it for legal, tax, or compliance obligations, or to resolve an ongoing dispute.

Right to Restrict Processing

You may request that we limit how we process your data in certain circumstances, such as while we verify the accuracy of your information following a rectification request.

Right to Data Portability

You may request that we provide your personal information in a structured, commonly used, machine-readable format, and transmit it to another controller where technically feasible.

Right to Object

You may object to our processing of your personal information where we rely on legitimate interest as the legal basis.

Right to Withdraw Consent

Where we process your data based on consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights.

To exercise any of these rights, email privacy@casamino.com with your request. We respond to all verified requests within 30 days.

Section 9

Jurisdiction-Specific Provisions

9.1 European Economic Area and United Kingdom (GDPR / UK GDPR)

  • Our legal bases for processing are detailed in Section 4.
  • You have the right to lodge a complaint with your local supervisory authority. A list of EEA supervisory authorities is available at edpb.europa.eu. For the UK, contact the Information Commissioner's Office (ico.org.uk).

9.2 California (CCPA / CPRA)

  • Categories of personal information collected: Identifiers, commercial information, internet activity, geolocation data, and financial information.
  • We do not sell your personal information. We do not share it for cross-context behavioral advertising.
  • You may exercise your rights to know, delete, and correct as described in Section 8.
  • We do not use sensitive personal information for purposes beyond those necessary to provide our services.

9.3 Canada (PIPEDA)

We process your personal information in accordance with the Personal Information Protection and Electronic Documents Act. You may contact us to access, correct, or withdraw consent for processing. We will respond within 30 days.

9.4 Australia (Privacy Act 1988)

We comply with the Australian Privacy Principles under the Privacy Act 1988. You may lodge a complaint with the Office of the Australian Information Commissioner (oaic.gov.au).

9.5 Brazil (LGPD)

You have rights under the Lei Geral de Protecao de Dados, including the right to access, correct, delete, and port your data. Contact privacy@casamino.com to exercise these rights.

Section 10

Data Security

We implement technical and organizational measures to protect your personal information, including:

  • Encryption of all data in transit using TLS 1.3.
  • Encryption of sensitive data at rest, including payment tokens and personal identifiers.
  • Hashed passwords using bcrypt with a minimum of 12 rounds.
  • Role-based access controls on a need-to-know basis.
  • Two-factor authentication for all administrative accounts.
  • Regular automated backups with point-in-time recovery.
  • Time-limited, signed URLs for document and media access.
  • Server-side enforcement of access controls for all gated content.

No method of electronic transmission or storage is completely secure. If we become aware of a security breach likely to result in a risk to your rights, we will notify you and any applicable regulatory authority within 72 hours.

Section 11

Cookie Policy

Cookies are small text files placed on your device when you visit our Platform. We use cookies strictly for operational purposes. We do not use cookies for advertising, behavioral profiling, or cross-site tracking.

You can control cookies through your browser settings. Disabling essential cookies will prevent you from logging in and using the Platform.

Section 12

Children's Privacy

Casamino is not directed to individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected information from a minor, we will delete that information immediately. Contact privacy@casamino.com if you believe a minor has provided us with personal information.

Section 13

Third-Party Links and Services

The Platform may contain links to third-party websites, including laboratory verification portals, blockchain explorers, and the Telegram platform. These third-party services operate under their own privacy policies, which we do not control.

Section 14

Automated Decision-Making

We use automated compliance review technology to screen content before it is published on the Platform. This system reviews text submitted by administrators and moderators for regulatory compliance. It does not process member personal data, make decisions about individual members, or profile members in any way.

Section 15

Do Not Track Signals

Some browsers transmit “Do Not Track” (DNT) signals. Because there is no industry-standard interpretation of DNT signals, we do not currently respond to them. However, we do not engage in cross-site tracking or sell your personal information, which aligns with the intent of DNT.

Section 16

Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email and post a prominent notice on the Platform at least 30 days before the changes take effect.

Section 17

Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy or our data practices:

Privacy Officer

Email: privacy@casamino.com

We aim to respond to all privacy-related inquiries within 30 days.