Privacy Policy

Effective: 2026-05-04

1. Controller

The controller for personal data processed through PeekPass is the operator identified in the legal disclosure at the end of this page. Contact: support@peekpass.app.

2. Personal data we collect

• Email address.
• Password (stored only as a bcrypt hash).
• Display name and optional avatar.
• Date of birth.
• Country (from identity verification or approximated from IP).
• IP address and user-agent at signup (used to detect coordinated abuse and bulk-signup attempts; not shown on your profile or to other users).
• For users who complete identity verification: the verification outcome and an opaque vendor reference. Government-ID images are held by the verification vendor and are not stored on our servers.
• For payment activity: the transaction identifier and amount from the payment processor. We do not store card numbers or full payment-method details.
• For payouts: an opaque reference to the recipient's payout account at the payout provider.
• Use of the platform: PeekPoints spent, content unlocked, levels earned, login timestamps.
• Uploaded content (creators): stored encrypted at rest. Decryption keys are held by PeekPass and used as needed to operate the platform, to comply with lawful requests, and for moderation.

3. Purposes and legal bases

• To operate accounts and deliver the service — performance of the contract with you (GDPR Art. 6(1)(b)).
• To meet legal obligations, including identity verification for payouts, mandatory reporting of unlawful content, accounting retention, and tax — legal obligation (GDPR Art. 6(1)(c)).
• To prevent fraud, abuse, and security incidents — legitimate interest (GDPR Art. 6(1)(f)).
• For optional communications you opt in to — consent (GDPR Art. 6(1)(a)). You can withdraw consent at any time.

4. Recipients (processors and co-processors)

• Neon, Inc. — managed PostgreSQL hosting in the EU (Frankfurt). Account data, transactions, and platform state.
• RackNerd LLC — application hosting in the United States. Encrypted content storage on disk.
• Stripe, Inc. / Stripe Payments Europe Ltd. — payment processing, payout disbursement, and identity verification. Receives payment-method details from your browser directly and shares only opaque references with us.
• Resend, Inc. — transactional email delivery. Receives recipient email addresses and message content.

Transfers to processors located outside Switzerland or the EEA take place under Standard Contractual Clauses or equivalent transfer mechanisms recognised under the FADP and the GDPR. Switzerland and the EEA are on each other's adequacy lists.

5. Mandatory reporting

Uploaded content is checked against known-bad-content hash databases. Confirmed matches involving child sexual abuse material are reported to the Swiss Federal Office of Police and, where applicable, to the United States National Center for Missing and Exploited Children, including the uploading account's identity information. Beyond mandatory reporting, we cooperate with valid legal process from competent authorities. We do not otherwise share user data with third parties.

6. Retention

• Account data — for the lifetime of the account.
• After account deletion — up to 30 days for recovery, then redacted.
• Financial records and accounting documents — 10 years after the end of the relevant financial year (Swiss Code of Obligations Art. 958f).
• Identity-verification status — 5 years after account closure (anti-money-laundering compliance).
• Moderation logs and any retained CSAM-related evidence — 10 years.
• Anti-abuse signals (IP, user-agent) for inactive accounts — 2 years.

7. Your rights

You can request access to, correction of, deletion of, restriction of processing of, or export of your personal data. You can object to processing based on legitimate interests, and you can withdraw any consent you have given. Most of these requests are self-service in your account settings. For anything else, email support@peekpass.app; we respond within 30 days.

You can also lodge a complaint with the Swiss Federal Data Protection and Information Commissioner or, if you are in the EU, with your national data-protection authority.

8. Cookies

We use only strictly necessary cookies: a session cookie to keep you signed in, and a one-time consent acknowledgment. We do not use analytics, advertising, or third-party tracking cookies.

9. Children

PeekPass is not for anyone under 18. If you believe an account belongs to a minor, email support@peekpass.app. We will investigate and, if confirmed, close the account.

10. Changes

Material changes to this policy are announced by email and noted at the top of this page.

11. Legal disclosure (Impressum)

Operator information under Article 3 paragraph 1 letter s of the Swiss Federal Act against Unfair Competition (UWG):

<<FULL LEGAL NAME>>
<<STREET, NUMBER>>
<<POSTAL CODE, CITY>>
Switzerland

Email: support@peekpass.app