Legal

Privacy Policy

Effective date: May 10, 2026  ·  Last updated: May 10, 2026

Plain English summary: Peakly collects only what it needs to run the app and process your subscription. We do not sell your data. We do not show ads. We do not use your data to target you or profile you for third parties. Your goals and personal information are yours.

🚫
No Ads. Ever.
We don't run ads inside Peakly and never will. Your attention is yours.
🔒
We Don't Sell Your Data
We never sell, rent, or trade your personal information to any third party.
🎯
No Targeting
We don't profile you or share your data for behavioral advertising.
🗑️
Delete Anytime
You can delete your account and data at any time, no questions asked.
Table of Contents
  1. Who We Are
  2. Data We Collect
  3. How We Use Your Data
  4. What We Will Never Do With Your Data
  5. When We Share Data
  6. Third-Party Providers
  7. Cookies and Local Storage
  8. Data Retention
  9. Security
  10. Your Rights and Choices
  11. Children's Privacy
  12. International Users
  13. Changes to This Policy
  14. Contact Us

1. Who We Are

Peakly ("Peakly," "we," "us," or "our") operates the Peakly application and website (the "Service"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Service.

This Policy applies to all users of the Service, including visitors to our website and subscribers. By using the Service, you consent to the practices described in this Policy.

2. Data We Collect

We collect only what is necessary to provide and improve the Service.

Information You Provide Directly

DataWhy We Collect It
First and last nameTo personalize your experience in the app
Email addressAccount creation, login, and service communications
Password (hashed)Account authentication — we never store plain-text passwords
Goals, tasks, habits, notes, schedulesCore app functionality — to display and sync your data across sessions
Meal plans, routines, vehicle info, chore listsSecond Brain features — stored to provide the Service to you
Subscription and billing informationTo process payments (handled by Stripe; we do not see full card details)

Information Collected Automatically

DataWhy We Collect It
Authentication tokens and session dataTo keep you securely logged in
Browser type and operating system (general)To troubleshoot technical issues
Timestamps of app activityFor security auditing and to detect unauthorized access

Information from Third-Party Sign-In

If you sign in using Google OAuth, we receive your name and email address from Google. We do not receive your Google password or any other Google account data beyond what is needed to authenticate you.

What We Do NOT Collect

  • We do not collect data about your behavior across other websites or apps
  • We do not purchase or import data about you from data brokers or other third parties
  • We do not use tracking pixels, cross-site cookies, or fingerprinting techniques
  • We do not collect sensitive personal data such as race, religion, health information, or political views

3. How We Use Your Data

We use the data we collect for the following purposes only:

  • Providing the Service: Storing and displaying your goals, tasks, habits, schedules, and other app content across sessions and devices
  • Account management: Creating and managing your account, authenticating your identity, and enabling account recovery
  • Payment processing: Facilitating subscription billing and renewals through Stripe
  • Service communications: Sending transactional emails such as account verification, password reset, and subscription receipts — these are not marketing emails
  • Security and fraud prevention: Detecting and responding to unauthorized access, abuse, or other harmful activity
  • Service improvement: Identifying and fixing bugs and improving the reliability and performance of the Service, using aggregated and anonymized usage patterns only
  • Legal compliance: Meeting our obligations under applicable laws and regulations

We do not use your personal data for any other purpose without your explicit consent.

4. What We Will Never Do With Your Data

These are firm commitments, not just policies. If we ever change our minds, we will give you advance notice and the ability to delete your account before any change takes effect.

  • We will never sell your personal data to any company, broker, advertiser, or other third party
  • We will never rent or license your personal data for marketing or advertising purposes
  • We will never use your data to show you advertisements inside or outside of the Service
  • We will never build a behavioral profile of you for the purpose of targeted advertising
  • We will never share your goals, notes, tasks, or other personal content with anyone except as necessary to provide the Service to you
  • We will never use your data for political targeting or share it with political organizations

5. When We Share Data

We share your personal information only in the following limited circumstances:

With Service Providers

We share data with third-party companies that help us operate the Service (listed in Section 6). These providers are contractually restricted to using your data only to perform services for us and may not use it for their own purposes.

For Legal Reasons

We may disclose your information if required to do so by law or in good-faith belief that such action is necessary to:

  • Comply with a legal obligation, court order, or valid government request
  • Protect and defend our legal rights or property
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of users of the Service or the public

Where possible and permitted by law, we will notify you before complying with such a request.

Business Transfers

If Peakly is involved in a merger, acquisition, or sale of all or a portion of its assets, your data may be transferred as part of that transaction. We will notify you via email or a prominent notice on the Service before your data is transferred and becomes subject to a different privacy policy. You will have the right to delete your account before any transfer takes effect.

With Your Consent

We may share your information for any other purpose with your explicit prior consent.

6. Third-Party Providers

The following third-party providers receive some of your data as necessary to operate the Service. We share only the minimum data required for each provider to perform their function.

ProviderPurposeData Shared
Supabase Database, authentication, and cloud infrastructure All app data you create (goals, tasks, etc.), email, name, hashed password
Stripe Payment processing Email, payment card details (processed directly by Stripe; we see only the last 4 digits and expiry)
Google Optional sign-in via Google OAuth Name and email only (if you choose Google sign-in)
Netlify Web hosting and content delivery Standard web request logs (IP address, browser type, page accessed)

Each of these providers has their own privacy policy. We encourage you to review them. We select providers based on their data security and privacy practices.

7. Cookies and Local Storage

We use a minimal set of browser-based storage mechanisms to operate the Service:

  • Authentication tokens (session storage / local storage): Used to keep you logged in across page reloads. These are not used for tracking.
  • Preference storage: We may store small amounts of app preferences (such as view settings) in your browser's local storage.

We do not use third-party advertising cookies, tracking pixels, or cross-site cookies of any kind.

You can clear your browser's local storage and cookies at any time through your browser settings. Doing so will log you out of the Service.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service.

  • Active accounts: We retain your data as long as your account exists so you can access the Service.
  • After cancellation: If you cancel your subscription, your account and data remain available until the end of your paid period. After that, your account becomes inactive but data is retained for 90 days to allow re-activation.
  • After account deletion: When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain certain records by law (for example, payment records for tax compliance, which are typically kept for 7 years).
  • Aggregated/anonymized data: We may retain anonymized, non-identifiable aggregate data (such as feature usage counts) indefinitely for product improvement purposes.

9. Security

We take the security of your personal data seriously and implement industry-standard safeguards, including:

  • Encryption of data in transit using TLS (HTTPS)
  • Encryption of data at rest via our infrastructure provider (Supabase)
  • Passwords are hashed and salted — we cannot read your password
  • Access to production data is restricted to authorized personnel only
  • Payments are handled entirely by Stripe and are subject to PCI-DSS compliance

However, no security measure is perfect. We cannot guarantee the absolute security of your data. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

You are responsible for keeping your account credentials secure. Do not share your password with anyone.

10. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal data. We honor these rights for all users regardless of jurisdiction:

  • Access: You may request a copy of the personal data we hold about you.
  • Correction: You may update or correct inaccurate information through your account settings or by contacting us.
  • Deletion: You may request deletion of your account and personal data. See Section 8 for retention details.
  • Portability: You may request an export of your data in a machine-readable format.
  • Objection / Restriction: You may object to certain processing of your data or request that we restrict processing while a complaint is under investigation.
  • Withdraw consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at support@peakly.app. We will respond within 30 days. We will not discriminate against you for exercising any of these rights.

California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA). We do not sell personal information as defined under the CCPA. You have the right to know what personal information we collect, to delete it, and to opt out of any sale (we do not sell data). To submit a request, contact us at support@peakly.app.

EEA, UK, and Swiss Users (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) or equivalent law. Our legal basis for processing your data is primarily:

  • Contract performance — processing necessary to provide the Service you have subscribed to
  • Legitimate interests — security, fraud prevention, and service improvement
  • Legal obligation — compliance with applicable law

You also have the right to lodge a complaint with your local data protection authority.

11. Younger Users and Children's Privacy

Peakly is designed to be a helpful tool for users of all ages — including high schoolers managing college goals, sports, activities, and friendships, as well as parents who use the app alongside their older children. We welcome these users.

Minimum Age: 13

Users must be at least 13 years old to create an account. We do not knowingly collect personal information from children under the age of 13. If you believe a child under 13 has created an account or provided us personal information, please contact us at support@peakly.app and we will delete that information promptly.

Users Ages 13–17 (Minors)

Users between the ages of 13 and 17 are welcome to use Peakly with the knowledge and consent of a parent or legal guardian. We encourage parents to use Peakly together with their teenagers as a shared goal-setting and life-management tool.

We collect the same minimum data from Minor users as we do from adult users (name, email, app content). We do not collect additional data from Minors, we do not target Minors with advertising, and we do not sell any data relating to Minor users.

Parental Controls

Parents or guardians may contact us at support@peakly.app to request access to, correction of, or deletion of their minor child's account and data. We will verify the request and respond within 30 days.

12. International Users

Peakly is operated from the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

By using the Service, you consent to this transfer. We take steps to ensure that appropriate safeguards are in place to protect your data in accordance with this Policy.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by:

  • Posting a prominent notice within the Service, or
  • Sending an email to the address associated with your account

We will always indicate the effective date of the most recent version at the top of this page. Your continued use of the Service after the effective date of any updated Policy constitutes your acceptance of the changes.

We will never retroactively apply changes that reduce your privacy protections without providing you an opportunity to delete your account first.

14. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or our data practices, please contact us:

  • Email: support@peakly.app
  • Response time: We aim to respond within 5 business days.

For questions about billing or your subscription, please include your account email so we can assist you efficiently.

This Privacy Policy was last updated on May 10, 2026.

Terms of Service  ·  Sign up  ·  Home