Last Updated: Jan 21, 2026
Controller & Contact: This Privacy Policy is issued by Peec AI GmbH (“Peec AI”, “Provider”, “we” or “us”), Triftstraße 43a, 13353 Berlin, Germany. For any privacy questions, you can reach us at support@peec.ai. We value your privacy and strive to use data only as needed to provide and improve our services in a privacy-friendly way and in compliance with the EU General Data Protection Regulation (“GDPR”).
Scope: This policy explains how we process personal data in different scenarios: when you visit our website, sign up or onboard, use our product, receive communications from us, schedule meetings, make payments, or when your data is used in our internal operations. We describe what data is used, for what purpose, on what legal basis (under Article 6 GDPR), who our service providers (“processors”) are (Article 28 GDPR), any international transfers (Articles 44 ff. GDPR), and your rights (Articles 12–22 GDPR).
(1) When You Visit Our Website
In brief: We use our website to inform you about Peec AI, and we employ certain analytics and marketing tools to understand how the site is used and to reach interested users. We minimize personal data in this process. Our site is hosted by Framer (Framer B.V., NL). We also use cookies and similar technologies for analytics and advertising only with your consent.
Purpose: To load the website for you and ensure its security and performance. With your permission, we also collect analytics data (e.g. page views, clicks) to understand site usage and improve content.
Data & Cookies: When you visit, we (or our analytics tools) may collect information such as your IP address, browser type/version, device identifiers, and referring site. Our essential cookies are only used to make the site function (e.g. load balancing, security) and do not require consent. For analytics/ads, we use cookies or similar identifiers only if you opt-in via our cookie consent banner. You can always adjust your cookie preferences or use browser settings/add-ons to block nonessential cookies. Declining analytics cookies will not affect the basic use of our site.
Legal Basis: The processing of basic connection data to deliver the website is based on our legitimate interest (Art. 6(1)(f) GDPR) in providing a secure and functional website you requested. Ensuring IT security is also our legitimate interest. However, for any analytics or advertising cookies, we rely on your consent (Art. 6(1)(a) GDPR) obtained via the cookie banner.
Processors: We use Framer (Framer B.V., NL) to host our website, which processes site visits and provides aggregated analytics. For analytics, we use Google Analytics 4 (by Google Ireland Ltd.) to understand how visitors use our site. Google Analytics operates with pseudonymization: your IP address is truncated within the EU, and only pseudonymized data is sent to Google’s servers. We have configured Google Analytics to avoid collecting personally identifying information. We also use Google Tag Manager (“GTM”; Google Ireland) to manage website tracking scripts – GTM itself does not collect personal data, it just loads other tools and works as a control centre. Additionally, we utilize Microsoft Clarity on our site to analyze, with your consent, how users interact with the website and, where applicable, the web interface of Peec AI. For marketing and conversion tracking, we use Google Ads (Google Ireland/Google LLC) which, if you consent, may set cookies (like a Google Ads tag) to measure ad performance and enable re-marketing. Google may collect device identifiers and browsing data through these tags. We also use, with your consent, PostHog, a product analytics platform, to understand how users interact with the Peec AI application. Via PostHog we process your e-mail address (after login), your location, browser info and session data. Our PostHog instance is located in the USA. All these providers act as our data processors under GDPR, meaning they only process personal data on our behalf.
Some processors may send at least some of your data to third countries (see section 7 “Third-Country Transfer” below).
(2) When You Sign Up or Onboard as a User or Partner
In brief: When you register for a Peec AI account or sign up for any waitlist or other affiliate program application (e.g. our Agency & Creator Partner Program), we collect the information we need to create and manage your user account. This typically includes your email address and an organization or team name. We use Firebase (a Google Cloud service) for authentication and database storage of your account details. We keep your registration data secure and only use it to provide our services to you.
Purpose: To create your user account, authenticate you, set up your workspace in our application; and to manage our waitlist.
Data Collected: For registration, you typically need to provide an email address (which we verify via a login link or email confirmation) and your name and/or organization name. We generate an internal user ID for your account. During signup and login, we also receive technical data like your IP address and device/browser info, which is used to deliver the login verification and secure your account (e.g. logging IPs to detect suspicious login attempts).
Legal Basis: The primary legal ground is contract (Art. 6(1)(b) GDPR) – we need this data to provide you the service you are requesting (account creation and access to the platform).
Processors: We use Firebase Auth (provided by Google Ireland Ltd.) to handle our user authentication and login process. This means your email (and login credentials) are processed by Google’s Firebase service to create a secure login (e.g. via magic link email). Firebase may also process your IP address at login for security. Your account data (like email, name, organization and any other profile info you provide) is stored in Google Cloud Firestore (a database service by Google). We also use DocuSign (by DocuSign, Inc.) to process contracts that may include names. Some processors may send at least some of your data to third countries (see section 7 “Third-Country Transfer” below).
Storage: If you successfully create an account, we will retain your registration data for as long as you are an active user of our service. If you decide not to complete registration or you’re on a waitlist without eventually activating an account, we may delete your provided data after a reasonable period (for example, we might remove inactive waitlist entries that never converted into accounts). Even after account deletion, we may retain certain data for a short time in backups or logs and as required to comply with legal obligations.
(3) When You Use Our Product (Authenticated Users)
In brief: Once you have an account and use the Peec AI application, we process your data to deliver the service’s functionality, to monitor and improve the product, and to support you as a user. This includes storing the data you enter into the product, tracking usage analytics, and enabling support communications.
Purpose: The main purposes of processing during product usage are: (A) Providing core features of our service to you; (B) Product analytics and improvement, i.e. understanding how the features are used, which helps us fix issues and enhance the user experience; (C) Customer support; and (D) Security and maintenance.
Data Collected: When you use the app, we process any information you actively provide or generate. This can include the content you work with on our platform (e.g. queries, project names, results, metrics), which will be stored so you can access it and we can perform the service. We also collect usage data – e.g. actions you take in the app, feature usage frequency, error logs – to understand performance. These usage analytics are mostly tied to a user ID or are aggregated; we avoid using your name or contact in analytics. For in-app support chat, if you engage with the support messenger, we will collect the messages you send and any contact info you provide through that channel.
Legal Basis: When you use the app, the majority of processing is necessary for performing our contract with you (Art. 6(1)(b) GDPR) – we can’t provide the service without processing your data input and usage actions. Analytics and improvement of the service may be considered part of our contract (to the extent they are integral to maintaining and improving the service you expect), and/or our legitimate interest (Art. 6(1)(f) GDPR) in ensuring the product’s functionality, security, and usability.
Processors: We rely on several trusted service providers to operate our product backend and analytics:
Google Cloud Platform (GCP) – We host our application backend and databases on Google Cloud (through Google Ireland Ltd.). All your core data (account data, content you input, results generated, etc.) is stored and processed on Google’s servers.
PostHog (Cloud EU) – We use PostHog, a product analytics platform, to collect in-app usage statistics. Our PostHog instance is in the EU (hosted by PostHog’s EU Cloud service) to avoid unnecessary data transfers. Importantly, PostHog is designed as a privacy-friendly analytics tool: it does not require personal data like names or emails for product analytics. We primarily record events like “user clicked X button” or “feature Y used” along with an anonymous user ID or your account ID. This helps us improve features without invasive tracking.
Intercom (Messenger) – We use Intercom (by Intercom R&D Unlimited, Ireland) to provide in-app customer support chat. When you use the support messenger, Intercom will process your messages and contact info on our behalf.
Sentry – We use Sentry (by Functional Software, Inc.) in order to monitor bugs and performances by our system and to analyse and improve it. In the process, log data such as IP addresses, user IDs and time stamps may be processed by Sentry.
All these processors act on our behalf. We have signed Data Processing Agreements with each, requiring them to keep your data confidential and secure. They will not use your data for their own purposes. Some processors may send at least some of your data to third countries (see section 7 “Third-Country Transfer” below).
Storage: Data that you create or upload in the product (your content) will remain stored until you delete it or request deletion of your account. You are in control of much of your data – you can often delete or export it from the product interface. If you delete something, we will remove it from our live database, though it might remain for a short period in backups before being fully purged.
(4) When You Receive Communications (Emails & Newsletters) or Contact Us / Schedule Meetings
In brief: If you subscribe to our newsletter or marketing emails, we will send you updates about our products or promotions only with your consent, and you can unsubscribe at any time. If you are a user, we will send you essential emails (like account alerts, product changes) as part of providing our service, and possibly occasional product updates or tips (you can opt out of non-essential communications). If you contact us via email or schedule a call, we will use the information you provide to respond to you.
Purpose: To provide you with the information and services you requested.
Data Collected:
Newsletter sign-up: we collect your email address (and possibly your name if provided) when you subscribe. We also record the fact that you gave consent (e.g. timestamp, source of signup) as required by law.
Marketing emails: if you are an existing customer, we might use your email to send product updates or relevant offers. We keep this limited and within what is allowed by law, and we always provide an opt-out.
Transactional emails: for users, we send emails for things like welcome messages, security alerts (if we detect new login), usage summaries, or payment receipts. These may include your name, email, and information about the relevant transaction or activity (for example, an invoice email will contain your name/company and purchase details).
Customer communications: if you respond to an email from us or write to our support, we will collect whatever info you include (e.g. your email address, the content of your message, and any signature block info like phone or title).
Scheduling meetings: when you book a meeting through our scheduling link (we use Cal.com and Default), you will typically provide your name, email, and choose a time slot. You might also answer a few questions (for example, “What would you like to discuss?”). We collect this information to prepare for and hold the meeting. We may also auto-generate or write summaries of those meetings.
CRM data: we may input your contact information into our HubSpot CRM system if you have shown interest in Peec AI (for instance, if you subscribed to our newsletter, requested a demo, or if you are a customer for record-keeping). This typically includes your name, email, company, and the context (e.g. “requested demo on date X”). HubSpot might also log our interactions (emails, notes from calls) to help us manage the relationship.
Email engagement: If we send you emails via our email platform, we might collect analytics on that – for example, whether you opened the email or clicked a link, so we can measure engagement. This is done via tiny tracking pixels or unique links in the emails. You can disable image loading in your email client to avoid pixel tracking if you wish. We mainly use this info to see if our communications are useful.
Legal Basis: For newsletters and marketing emails as well as scheduling demos, we rely on your consent (Art. 6(1)(a) GDPR). For transactional/service emails (like account or billing emails) as well as inquiries/support communications and customer relations management, the legal basis is our contractual obligation (Art. 6(1)(b)). For contact enrichment we rely on our legitimate interest (Art. 6(1)(f)) to have accurate and complete contact information to better serve and communicate with our customers and prospects.
Processors: We use specialized tools to handle our communications efficiently:
Loops (loops.so) – We use Loops as our email platform to send both marketing newsletters and important product emails. Loops is a service built for SaaS companies to send transactional and marketing emails from one interface. When you subscribe or when we need to send any email at scale, your email address and the email content go through Loops. Loops will also process engagement info (opens/clicks) for us.
HubSpot – We manage our contact and relationship data in HubSpot, a CRM tool. If you are a lead or customer, your contact details and notes about our interactions are stored in HubSpot. This helps ensure you get proper follow-up and that we have context in our communications with you. Only our team can see this data; HubSpot as a provider just hosts it for us.
Clay – We also use Clay (by Clay Labs Inc.) to supplement our data and to fill gaps in our business-related data sets such as the position you hold in your company.
Apollo – We further use Apollo (by Apollo, Inc.) for some forms of contact enrichment.
Cal.com – For scheduling demos, we use Cal.com’s hosted scheduling service. When you book a time, the details you input are processed by Cal.com on our behalf. Cal.com will send confirmation emails and calendar invites containing the info you provided. It also keeps track of our meeting slots and your responses.
Default – Also for scheduling demos, we use Default (by Tomo HQ, Inc.). When you book a time, the details you input are processed by Default on our behalf. Default will send confirmation emails and calendar invites containing the info you provided. It also keeps track of our meeting slots and your responses.
Email & Internal – If you email us directly, your email is handled by our email provider (Google Workspace – see section (6)) and possibly piped into our internal support system (Intercom Messenger, see section 3).
All these services are bound by strict data processing agreements. We have ensured that they do not use your info except as we direct. Loops and Cal.com are relatively new services; each has stated compliance with GDPR and we chose them for their privacy-focused approach. Some processors may send at least some of your data to third countries (see section 7 “Third-Country Transfer” below).
Storage: We keep your contact information for as long as you are subscribed or as long as needed to fulfill the purpose. For newsletters, we will retain your email on our mailing list until you unsubscribe. For user transactional emails, those are tied to your account; we keep them as part of your account history (for example, your billing emails are part of your transaction record). If you delete your account or cease being a customer, we will eventually purge or anonymize communication history, except for anything we need to retain by law (e.g. invoice emails might be kept with financial records). Communications you send us (support emails) are generally retained for a reasonable time to ensure we have context for any follow-up. Meeting schedules and related info are kept until the meeting is concluded and any follow-up actions are done.
(5) When You Make a Payment (Paying Customers)
In brief: If you choose a paid plan we will process the necessary billing and payment information. We do not process or store your credit card details ourselves – instead, we use Stripe as our secure payment processor. We handle all billing information confidentially and in compliance with financial regulations.
Purpose: To charge you for the service and manage billing. We also maintain transaction histories to comply with accounting and tax requirements.
Data Collected: When you subscribe to a paid plan or make a purchase, you will provide payment information such as your credit card number, expiration date, CVC code, and billing name and address. We might also collect your VAT ID or other tax-related info if applicable (for example, for EU business customers, to handle VAT correctly). All sensitive payment details (card numbers, etc.) are collected directly by Stripe via secure forms – we and our website do not see or log your full card number or CVC. Stripe will provide us with a payment token or ID, the card brand (e.g. Visa), card expiration, and possibly a truncated form of the card (like last four digits) – we can use that to identify your payment in our records and for your convenience (e.g. “Visa ending in 1234”). We also store the billing name and address you provide, as this appears on invoices and helps for verification (and for our tax records). For recurring subscriptions, Stripe may store your payment method for reuse, and handle all that on their side – we simply reference your customer ID in Stripe’s system to charge subsequent renewal fees.
Legal Basis: Processing your payment is necessary for performance of the contract (Art. 6(1)(b) GDPR) – if you want our paid services, we have to process payment details. The retention of billing records is also based on legal obligation (Art. 6(1)(c) GDPR), as financial laws require us to keep transaction records (invoices, payment confirmations) for a certain period (for example, German tax law typically requires retention for 10 years).
Processors: We use Stripe Payments as our payment processor. For customers in the European region, the transaction is handled by Stripe Payments Europe Ltd. (Stripe’s European entity based in Ireland) in partnership with Stripe, Inc. (USA) for infrastructure. Aside from Stripe, we may use Stripe’s related services for things like billing management (invoices, subscription management). For instance, Stripe may send you receipt emails on our behalf, or we might use their automated tax calculation. Insofar as data may be transmitted to Stripe’s servers in the United States see section 7 “Third-Country Transfers” below.
Storage: We do not store full payment card numbers on our systems. Stripe stores that data and we can only see a token or reference. We do store billing contact information and details of each transaction (amount, date, invoice ID, etc.). Financial records (invoices, payment confirmations) will be retained for at least the minimum period required by law. In Germany, this is generally 10 years for tax-relevant documents.
(6) When We Use Personal Data in Internal Operations
In brief: We also process personal data internally within our company for administrative purposes. This isn’t a separate “service” you use, but rather covers things like internal communications and document storage that might include your data. For example, if our team discusses helping you, or if we keep a copy of a contract or an NDA you signed with us, those could contain your personal information. We primarily use Google Workspace (by Google Cloud) for our email and document management. We also use personal data to process job applications.
Purpose: The purposes of internal processing are administrative and operational: communicating within the team about service delivery, maintaining records, collaborating on documents, and ensuring we can effectively run the business. Further purposes are processing and administration of job applications, communication with candidates, coordination of interviews, evaluation of candidates, and documentation of recruitment decisions.
Data Collected: This category can include any personal data that might come up in our internal communications or files. Typical examples:
Emails and chat logs: If you correspond with us, the content of those communications (which include your email address, name, and whatever you wrote) will be stored in our email system (Gmail).
Online meetings: When we hold internal meetings online, personal data may be mentioned or put in a chat box.
Documents and spreadsheets: We may have spreadsheets or docs that list customer accounts, sales leads, etc. Those may contain names, emails, company names, and statuses (e.g. “Onboarded on Jan 5”, “Awaiting feedback”). We also generate documents like contracts or data processing agreements that have contact names and signatures.
Recruitment information: Identification data (e.g. name, contact details), application documents (CV, cover letter, certificates), professional background and qualifications, interview notes and evaluation data, communication metadata.
Internal notes: If you have a support issue, our team might write an internal note about it. Those notes could live in project management tools or Google Docs.
Legal Basis: Our internal handling of personal data is either necessary for performance of the contract (Art. 6(1)(b) GDPR) or is based on legitimate interests (Art. 6(1)(f) GDPR).
Processors (Internal Tools):
Google Workspace (Google Ireland Limited) – We use Google’s suite for business email (Gmail), calendar, file storage (Drive), meetings (Google Meet), etc. Consequently, any personal data contained in emails to/from us, or in documents we create, is processed by Google as our cloud service provider. Google Workspace is a secure enterprise service and Google acts as a data processor, not using our content for any advertising or unrelated purposes. Insofar as data may be transmitted to Google’s servers in the United States see section 7 “Third-Country Transfers” below.
Microsoft Sharepoint – We use Microsoft Sharepoint for document management and as a collaboration platform for storing, organizing, and sharing files within Peec AI and, where applicable, with external business partners or customers (e.g. contracts, project documentation, internal policies). At times, various types of your personal data may be included.
Ashby – We use Ashby, a cloud-based applicant tracking system (ATS) by Ashby, Inc., to manage and administer our recruitment processes.
Slack – We also use Slack for our internal communications and personal data may therefore be processed in Slack chats if necessary.
Storage: Personal data in internal systems is kept only as long as needed for the purpose. Important emails we might keep indefinitely (for legal reasons or historical record) in an archive, but general inquiries might be deleted after a couple of years if not needed. Documents with customer info are updated as needed; outdated lists or notes are deleted when no longer relevant. Documents like contracts will be kept for the duration of their validity and then as long as legal statutes require (again, often up to 10 years for contracts under commercial law). If you apply for a job with us and are not selected, we will retain your application data for up to 6 months after the conclusion of the hiring process. This retention allows us to address any follow-up queries or legal obligations (e.g., under German employment laws). After this period, we will delete your application data, unless you explicitly consent to us holding it longer for future opportunities.
(7) Third-Country Transfers
As noted, using services by Google, Stripe, cal.com, HubSpot, Loops, Docusign, Apollo, Clay Labs and others may involve transfer of parts of your data to the United States (e.g., Google LLC in the US for support or backup), the United Kingdom or other third countries. All of these processors are either certified under the EU-US Data Privacy Framework or we have Standard Contractual Clauses in place. This means your data is protected by standard contractual safeguards approved by the European Commission. We only transfer data outside the EU where necessary and with appropriate protection.
(8) Your Rights as a Data Subject
It’s simple: Just send us an email at support@peec.ai if you have any privacy-related request, and we’ll take care of it! We are committed to respecting your rights under the GDPR.
You have the right to access, to rectify, to erasure, to object, to restrict processing, to data portability, to withdraw your consent and to launch a complaint with your local data protection authority. Our lead supervisory authority is the Berlin Commissioner for Data Protection and Freedom of Information (“Berliner Beauftragte für Datenschutz und Informationsfreiheit”).
We will not charge you for exercising these rights (except in exceptional cases of manifestly unfounded or excessive requests, where the GDPR allows a reasonable fee or refusal – but we have never had to do that). We will respond to your requests as soon as possible, and at the latest within one month as required by law. If we need more time (for complex requests) we will let you know.
(9) Further Information
Data Security: We use appropriate technical and organizational measures to protect your personal data. This includes encryption in transit (HTTPS on our website and app) and encryption at rest for stored data, secure credential management, regular software updates, and restricting access to personal data to personnel who need it. We also periodically review our security practices to align with industry standards.
Other Recipients: We do not share your data with anyone outside our company except for our processors and if we are legally obliged to do so.
Processors and Agreements: Wherever we rely on other companies to process personal data on our behalf (our processors), we have legally binding agreements in place with them to ensure they protect your data. This includes all the services mentioned above. They cannot use your data for anything outside the instructions we’ve given in those agreements.
Automated Decisions: We do not use any personal data for automated decision-making, including profiling, that would have legal or significant effects on you (as defined in Article 22 GDPR).
Children’s Data: Our services are not directed to children under the age of 16. We do not knowingly collect personal data from children. If you are under 16, please do not use our services or provide any personal data. If we learn that we have inadvertently obtained personal information from a child, we will delete it.
Changes to this Policy: We may update this Privacy Policy from time to time to reflect changes in our services or legal requirements. If we make significant changes, we will notify you either by email or by prominently posting a notice (for example, via our app or website). The “Last Updated” date at the top will always indicate the latest revision. We encourage you to review this policy periodically. Continuing to use our services after a change means you accept the revised policy.
Contact Us: If you have any questions or concerns about this Privacy Policy or about how Peec AI handles your data, please contact us at support@peec.ai. We’re here to help and we take your privacy seriously.
Thank you for reading our Privacy Policy. Your trust is important to us, and we are committed to protecting your personal data while providing you with a great service.