We believe your data is yours. We collect only what is necessary to operate Peakr, we never sell it, and we make it easy to delete it. This policy explains exactly what we collect and why.
Peakr is a personal performance dashboard operated by Peakr ("we", "us", "our"). For any privacy-related matters, contact us at nathankay.hernebay@gmail.com.
| Data | Why we collect it | Stored by |
|---|---|---|
| Email address | Account creation, login, and transactional emails (receipts, password resets) | Supabase |
| Password (hashed) | Authenticating your account — we never see your plaintext password | Supabase |
| Payment details | Processing your subscription — card details are never stored by us | Stripe |
| Subscription status | Verifying active access to the app | Supabase |
| App data (goals, habits, notes, health logs) | Powering your dashboard features and syncing across devices | Supabase |
| AI Mentor conversations | Generating personalised responses (not stored after the session) | Anthropic (transient) |
We do not use tracking cookies, advertising pixels, or third-party analytics beyond what is listed above.
Peakr relies on the following trusted third parties to operate:
Each provider has their own privacy policy. We recommend reviewing them if you have specific concerns:
We use your data solely to:
We do not use your data for advertising, profiling, or any purpose not listed above. We never sell your personal data to third parties.
All account, subscription, and app data (goals, notes, health logs) is stored on Supabase servers in the European Union, protected by row-level security so only your account can ever access your own data.
Stripe processes payment data on servers in the United States, subject to appropriate safeguards under GDPR (Standard Contractual Clauses).
We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law (e.g. financial records for tax purposes, which we retain for 7 years).
If you delete your account, all associated data is removed from our servers within 30 days.
If you are based in the UK or EU, you have the following rights:
To exercise any of these rights, email us at nathankay.hernebay@gmail.com. We will respond within 30 days.
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
Peakr does not use marketing or tracking cookies. We use only essential session tokens set by Supabase to keep you logged in. These are necessary for the service to function and cannot be disabled without affecting your ability to use the app.
Peakr is intended for users aged 16 and over. We do not knowingly collect personal data from children under 16. If you believe someone under 16 has created an account, please contact us and we will delete it immediately.
We take security seriously. All data in transit is encrypted using TLS. Passwords are hashed using bcrypt by Supabase and never stored in plaintext. Payment data is handled entirely by Stripe's PCI-DSS Level 1 compliant infrastructure — we never see or store your card details.
We may update this Privacy Policy from time to time. We will notify you by email at least 14 days before any material changes take effect. The "Last updated" date at the top of this page will always reflect the most recent version.
For any privacy-related questions or to exercise your rights, contact us at:
nathankay.hernebay@gmail.com
This policy is effective as of 14 June 2026 and applies to all users of Peakr.