US Precision Peptides Features Talk to the team
USPP
Talk to the team

For researchers

Built for the researcher
who actually verifies
the lot.

Slug-keyed COA viewer. Multi-rail checkout. Anti-enumeration order tracking. Passwordless account portal.

Shop the storefront See features

Storefront experience

Catalog with a signature vial-fill cart.

The storefront is a multi-page experience under a dark cinematic visual system. The homepage carries a category-filter pill row and an in-stock tile grid spanning fifteen in-stock and twelve special-order categories. Each tile expands into a reveal card with a spec strip, pricing, and an "Add to Vial" stepper.

A persistent nav cart icon carries a quantity badge and opens an overlay drawer with line items and quantity steppers. The signature vial-fill animation runs across four visual surfaces — nav icon, cart-line thumbnails, empty-state placeholder, and the reveal-card preview — so the same visual idiom carries the researcher through every cart interaction.

  • Products defined in products.json, merged at read-time with a catalog_price_overrides table so SKU pricing changes without a redeploy.
  • Per-SKU components (peptides, fills) and Molecular Weight / CAS references normalized from a canonical compound reference.
  • Tiered researcher pricing surfaces a "Your account price" caption on reveal cards for signed-in researchers.
  • Discount-code stacking up to five codes with live preview via /api/discount/validate; sixteen reject reasons surfaced inline.

Multi-rail checkout

Five payment rails. One canonical memo format.

Checkout re-derives price, tax, and discount totals from server data — client-supplied prices are never trusted. Every live rail surfaces a copyable canonical memo formatted USPP-YYYYMMDD-XXXXXX. Mobile users get a deep-link button (Venmo URI, BTCPay invoice, Solana Pay URI); desktop users get a new-window launch.

Rail Status How it works
Venmo Live End-to-end with an n8n Gmail watcher that parses Venmo payment emails and posts an HMAC-signed confirmation to the order endpoint. Five-second memo polling on the confirmation page; thirty-minute deadline.
Bitcoin / Lightning (BTCPay) Live on preview Self-hosted BTCPay Server on independent infrastructure with pruned bitcoind and a Sparrow wallet. Webhook signed; the webhook URL re-points at production at cutover.
Solana Pay (SOL / USDC) Ready QR generation, Phantom and Solflare deep links, and a blockchain-watcher cron. Gated by an environment flag pending the operator green-light.
Zelle (manual confirm) Ready Same manual-confirm UX as Venmo through an n8n watcher. Awaiting Broadway Bank integration spec.
Bankful card (HPP) Dormant Sandbox-validated; awaiting production credentials and a sanity test transaction.

Cart re-totals with a 6.75% Texas / Hays County rate when shipping to Texas. Tax is always re-derived server-side at order creation; the client value is advisory only.

COA library

An editorial verification page. A framed viewer per lot.

The /coa route is an editorial verification page, not a directory listing. It carries an ISO 17025:2017 lab-partner panel and four testing pillars — Purity & Identity, Endotoxins, Sterility, Heavy Metals — with method names and spec values laid out alongside a CSS-only lot-release ticker.

Each /coa/:slug permalink renders a framed PDF or image viewer (with an iOS Safari fallback) and a sticky "At a glance" sidebar carrying compound, SKU, fill, lot, released date, lab, purity percent, and pass / pending chips. The slug stays stable for the life of the lot so confirmation emails, order detail pages, and external references keep working.

  • Editorial framing: testing pillars come first, the file viewer is second.
  • Slug-keyed permalinks are the canonical reference — no ?id= query strings.
  • Filterable tile grid by compound, lot status, and release date.

Researcher account portal

A passwordless portal at /account/*.

The portal is implemented and unit-tested. It mounts behind a flag and activates with the site-access wall cutover. Six surfaces anchor the researcher experience.

Magic-link login

Passwordless email magic links with single-use 32-byte tokens. Tokens stored as SHA-256 hashes only; plaintext lives only in the link. Single-use enforced inside a transaction with row-level locking.

Order history

/account/orders lists every paid order with status, total, and a link to per-order detail. /account/orders/:id shows line items, fulfillment timeline, and a per-order PDF invoice download.

One-click reorder

POST /account/orders/:id/reorder re-adds the prior cart contents and routes the researcher straight back to checkout. Quantity clamps re-apply against current stock.

Saved addresses

/account/addresses exposes saved shipping addresses with default selection. Address changes do not retro-apply to prior orders — every order pins the address it was placed against.

Sessions with revoke

90-day default TTL (365 days with "remember me"), httpOnly cookies, refresh on activity. /account/me lists every active session with an individual or bulk revoke action.

Back-in-stock signup

Leave an email against an out-of-stock SKU; a claim link is emailed when the SKU returns with a 72-hour subscriber-priority window and a 72-hour hold once claimed. Day-7 and day-14 follow-up reminders fire automatically.

Anti-enumeration: login and register share a single endpoint that always inserts, emails, and audits — identity is branched only after token consume.

Self-service order tracking

Lookup by ID and email. Constant 404 on mismatch.

The /track route is a researcher-facing self-service surface: paste the order ID and the email the order was placed under, and the page returns the fulfillment timeline and shipping status. Researchers reach it through links in their order-confirmation and invoice emails.

The endpoint is rate-limited to 20 requests per 10 minutes per IP and returns a constant 404 on either a format failure or an email mismatch — an explicit anti-enumeration guard. There is no "did you mean" branch, no partial reveal, and no different status code for "wrong email" versus "no such order". An attacker cannot use the response to enumerate which order IDs exist.

For signed-in researchers, the same data is reachable from /account/orders without re-entering the email at all.

Privacy posture

Jurisdictional consent. GPC honored. An append-only audit.

Jurisdiction is detected server-side from the platform IP-geo header. Three modes are returned: GDPR (EU27, EEA, UK, Switzerland — full opt-in modal, analytics off by default), CCPA (eight US states including Texas — smaller "Opt out" notice with analytics on), and None (other regions). Missing-header defaults to the strictest mode so dev environments and edge failures are protected.

The Sec-GPC: 1 browser signal is always honored regardless of jurisdiction, forcing opt-out-of-sale-or-share and opt-out-of-targeted-ads to true and writing a GPC event to the audit log. Rejecting analytics purges GA, GA4, GAID, Clarity, MUID, and related cookies on the spot.

The /privacy-choices page is a standalone CCPA / CPRA opt-out surface with three toggles and a GPC pill. Every toggle change writes one append-only row to a privacy_audit_log table capturing field, previous value, new value, source, consent version, and a truncated user agent. The audit log carries no IP address — data minimization.

GDPREU27 · EEA · UK · CH
CCPA / CPRA8 US states, Texas included
GPC honoredSec-GPC: 1 enforced
Append-only auditprivacy_audit_log

Ready to verify the lot you'd buy?

The storefront is the first place to look. Every shipped lot has a slug-keyed COA page you can open before, during, or after purchase.

Shop the storefront Talk to the team
  1. Storefront experience
  2. Multi-rail checkout
  3. COA library
  4. Researcher account portal
  5. Self-service order tracking
  6. Privacy posture
Shop the storefront →