Privacy Policy

DRAFT — pending legal review. Generated as a starting point based on Peephole's actual data practices as of 2026-05-03. Lawyer should review before publication.

Effective Date: May 4, 2026

Contact: peepholebusiness@gmail.com

1. Introduction

Peephole ("we," "us," or "our") operates the Peephole mobile application (the "Service"), which provides AI-powered opportunity intelligence for service economy professionals. This Privacy Policy describes how we collect, use, and share information about you when you use our Service, and the rights you have with respect to that information.

By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account and Authentication Information

When you create an account, we collect authentication credentials processed through Firebase Authentication. This includes your email address and, if you use social sign-in, basic profile information provided by your identity provider (name, email, profile photo URL). We do not store passwords directly — authentication is delegated to Firebase.

2.2 Profile Information You Provide

Once authenticated, you may provide information to build your service profile, including:

  • Your name and professional title
  • Business or practice area description
  • Service offerings and specializations
  • Geographic service areas
  • Years of experience and background information
  • Goals and target client types

This information is used to power AI-generated opportunity matching and is stored in our database (Supabase).

2.3 Usage and Interaction Data

We collect data about how you use the Service, including:

  • Features accessed and screens viewed
  • Opportunities saved to your pipeline
  • Search queries and filter selections
  • In-app actions (e.g., saving an opportunity, marking a pursuit active)
  • Session timing and frequency of use

This data is captured via PostHog, our product analytics platform, and is used to understand how the Service is being used and to improve it.

2.4 Error and Diagnostic Data

When the app encounters an error or unexpected condition, diagnostic information is automatically sent to Sentry, our error monitoring platform. This may include:

  • Device type and operating system version
  • App version
  • Stack traces and error messages
  • Breadcrumb events leading up to the error (recent in-app actions)

Sentry reports do not intentionally include the content of your opportunity feed or personal profile text, but breadcrumb data may incidentally reference screen names or action types.

2.5 Billing Information

Subscription billing is handled by Stripe. We do not store your full credit card number, expiration date, or CVV. We store only:

  • Your Stripe Customer ID (a reference token used to manage your subscription)
  • Your subscription status and current period end date

All payment processing occurs on Stripe's infrastructure. Stripe's privacy policy governs how Stripe handles your payment details.

2.6 Automatically Collected Technical Information

Standard technical information may be collected automatically when you use the Service:

  • IP address
  • Device identifiers
  • Mobile advertising identifiers (subject to your device privacy settings)
  • Network connection type

3. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Authenticate your account, display your personalized opportunity feed, and enable pipeline and workspace features.
  • Power AI Matching: Your profile information is submitted to our AI inference layer (Google Gemini) to generate relevance scores and personalized analysis for each opportunity. Profile data sent to Gemini is used solely for inference and is not used to train Google's models under our enterprise API agreement.
  • Billing and Account Management: Create and manage your subscription via Stripe, send billing-related emails, and process renewals and cancellations.
  • Product Improvement: Analyze aggregated usage patterns via PostHog to identify friction points, prioritize new features, and improve the overall user experience.
  • Error Resolution: Use Sentry diagnostic data to identify, reproduce, and fix bugs and stability issues.
  • Customer Support: Respond to inquiries and support requests you send to us.
  • Legal and Safety: Comply with applicable law, enforce our Terms of Service, and protect the rights and safety of Peephole and its users.

4. How We Share Your Information

We do not sell your personal information. We share information only with the following categories of service providers ("subprocessors") as necessary to operate the Service:

SubprocessorPurpose
SupabaseHosted PostgreSQL database; stores your profile, pipeline, and workspace data. Data is at-rest encrypted.
Firebase (Google)Authentication provider; manages your login credentials and session tokens.
Google Gemini (Google Cloud)AI inference; receives your profile fields to generate opportunity relevance scores. Used under enterprise API terms — data not used for model training.
StripePayment processing; manages subscriptions, invoices, and payment method storage. PCI DSS compliant.
SentryError monitoring; receives crash reports and diagnostic data to support app stability.
PostHogProduct analytics; receives anonymized usage event data to support product improvement.

We may also disclose information if required by law, subpoena, or other legal process, or if we reasonably believe disclosure is necessary to protect the rights, property, or safety of Peephole, our users, or the public.

If Peephole is acquired, merged, or undergoes a change of control, your information may be transferred to the successor entity, subject to a privacy policy no less protective than this one.

5. Data Retention

We retain your personal information for as long as your account is active. If you close your account, we will delete your profile data, pipeline data, workspace data, and associated records within 30 days of account closure.

Certain data may be retained beyond this window where required by law (e.g., billing records for tax compliance) or in anonymized/aggregated form that cannot reasonably be linked back to you.

Sentry and PostHog apply their own data retention policies to diagnostic and analytics data; please refer to their respective privacy policies for details.

6. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights with respect to your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your account and associated personal data. You may do this directly within the app via Settings → Account → Delete Account, or by contacting us at peepholebusiness@gmail.com. Deletion is processed within 30 days.
  • Portability: Request your data in a machine-readable format where technically feasible.
  • Objection / Restriction: In certain jurisdictions, you may have the right to object to or restrict certain types of processing.

To exercise any of these rights, contact us at peepholebusiness@gmail.com. We will respond within 30 days. We may need to verify your identity before processing a request.

7. Data Security

We implement reasonable technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption at rest and in transit, access controls, and regular security reviews.

No method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

8. International Data Transfers

Peephole is operated from the United States. If you are accessing the Service from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country.

By using the Service, you consent to this transfer. Where required by applicable law, we rely on appropriate safeguards (such as standard contractual clauses) for cross-border transfers.

9. Children's Privacy

The Service is not directed to children under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us at peepholebusiness@gmail.com and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this document and, where appropriate, notify you via in-app notification or email. Your continued use of the Service after any update constitutes acceptance of the revised policy.

11. Contact Us

For privacy-related questions, requests, or concerns, contact:

Peephole

Email: peepholebusiness@gmail.com

Questions? Contact us at peepholebusiness@gmail.com