Privacy Policy
Last Updated: 17 Nov 2025 • Version 2.0 (Previous: 1.0)
Quick Summary
This Privacy Policy applies to all Peek applications and platforms. The policy differs based on whether you use Peek as a free user or a Pro subscriber.
- For Free Users:No personal information collected, all data stays local, we do NOT collect website content, optional anonymous analytics (disabled by default), easy to opt-out anytime
- For Pro Users:Account information (email, name, profile picture from Google OAuth), optional cloud storage for syncing across devices, device identification for subscription limits (3 devices max), subscription data processed by LemonSqueezy, optional analytics
- Your Rights:Access your data, delete your data, export your data (Pro users), opt-out of analytics, delete your account (Pro users)
Introduction
Peek ("we," "our," or "us") provides design tools (including browser extensions, Figma plugins, and other applications) that help you extract design styles (colors, typography, gradients, and assets) from websites and design files. You can export these styles to various formats (CSS, SCSS, Tailwind, JSON, SVG) or copy them to your clipboard. This Privacy Policy explains how we collect, use, and protect your information across all Peek applications and platforms.
- Our Location:Peek is operated from Bangladesh. We comply with data protection laws applicable to our users, including GDPR (for EU users), CCPA (for California residents), and other relevant privacy laws
- What We Don't Do:We do not collect or store inspected website content, extracted CSS data on our servers (free users), your browsing history, data you enter into website forms, or passwords/login credentials
- Privacy by Design:Local-first architecture for free users, optional cloud sync for Pro users, encryption by default, minimal data collection, user control over all data, clear consent mechanisms with no pre-ticked boxes
Information We Collect
The information we collect depends on whether you use Peek as a free user or a Pro subscriber.
- Core Features (All Users):Application settings and preferences (stored locally), extracted styles (stored locally for free users, optional cloud for Pro), color picker selections (local), sample text snippets from typography (local, display purposes only)
- What We Do NOT Collect:Inspected website content, extracted CSS data on servers (free users), browsing history, full website content or page text, form data, passwords or login credentials, cookies from websites, personal information (unless Pro account)
- Free Users:Local storage only, no personal information, optional anonymous analytics (disabled by default)
- Pro Users:Account information (email, name, profile picture from Google OAuth), device identification codes (for subscription limits), cloud storage (optional, only if you save extractions), subscription and payment data (processed by LemonSqueezy)
How We Use Your Information
- Core Functionality:Operate and maintain our applications, remember your preferences and settings, provide extraction features
- Pro Account Features:Create and manage your account, provide Pro subscription features, sync data across devices (if cloud storage chosen), manage subscription billing and limits, enforce subscription terms
- Service Improvement:Fix bugs and technical issues, improve functionality and user experience, develop new features and applications, monitor performance and stability (analytics only)
- Legal Compliance:Comply with legal obligations (tax records, accounting), respond to legal requests, protect our rights and safety
Data Storage and Security
- Free Users:Local storage only (all data on your device), no servers maintained, no cloud storage (data never leaves your device)
- Pro Users:Local storage for settings, optional cloud storage for extractions (only if you choose to save), secure infrastructure hosted on Supabase (SOC 2 Type II certified), all data encrypted in transit (HTTPS) and at rest, Row Level Security (RLS) ensures only you can access your data
- Security Measures:All data transmitted via HTTPS/TLS encryption, database encrypted at rest with access controls, secure OAuth authentication (no passwords stored), only authorized personnel can access user data, regular security reviews and updates
- Data Breach Notification:We will notify affected users within 72 hours of discovery, notify relevant supervisory authorities as required by law, provide details about the breach and steps we're taking
Data Sharing and Disclosure
We do not sell, rent, or trade your personal information to anyone.
- Required Services (Pro Users):Supabase (authentication & database, hosted in Oceania region - Sydney, Australia), LemonSqueezy (payment processing, United States), Google OAuth (authentication, United States)
- Optional Services:Google Analytics 4 (analytics, only if enabled, United States). When analytics are enabled, the same events are also stored in our Supabase database
- Legal Requirements:We may disclose information if required by law or legal process, necessary to protect our rights or safety, necessary to protect your rights or safety, or required to comply with government requests. We will notify you of any such disclosure unless prohibited by law
Data Retention
- Free Users:Local data stored on your device until you delete it or uninstall, analytics (if enabled) retained up to 2 years then automatically deleted, all data deleted when you uninstall
- Pro Users - Account Data:Retained while account is active, deleted within 30 days of account deletion request, some data may be retained longer for legal obligations (e.g., tax records for 7 years)
- Pro Users - Extraction Data:Retained until you delete it or delete your account, automatically deleted when account is deleted, you can delete individual extractions anytime
- Pro Users - Analytics Data:Retained for 24 months from collection date (if enabled), after 12 months user IDs removed and data anonymized, after 24 months automatically deleted, deleted within 30 days upon analytics opt-out
- Payment Records:Retained for 7 years in accordance with standard accounting practices (cannot be deleted during retention period due to legal requirements)
Your Rights and Choices
All users have rights to control their data. Pro users have additional account management features.
- Universal Rights (All Users):Enable or disable analytics anytime in settings, view all data stored by Peek in settings, delete all application data by uninstalling, reset application to factory defaults anytime
- Pro User Rights:Access account information anytime, update profile information, change subscription settings, manage devices, view all saved extractions, delete individual extractions, export data in JSON format, delete entire account
- GDPR Rights (EEA Users):Right to access, rectification, erasure ("right to be forgotten"), restrict processing, data portability, object to processing, withdraw consent, lodge a complaint with data protection authority. Contact: [email protected] with subject "GDPR Data Request"
- CCPA Rights (California Residents):Right to know what personal information we collect, right to delete personal information, right to opt-out of sale (we don't sell data), right to non-discrimination. Contact: [email protected] with subject "CCPA Data Request"
- Response Time:30 days (GDPR), 45 days (CCPA), may extend with notice for complex requests
International Data Transfers
- Our Operations:Peek is operated from Bangladesh, we process and manage data from Bangladesh
- Primary Storage:Supabase database in Oceania region (Sydney, Australia) on AWS infrastructure, local device storage on your device
- Third-Party Services:LemonSqueezy (United States), Google Analytics 4 (United States, only if analytics enabled), Google OAuth (United States)
- Safeguards:Standard Contractual Clauses (SCCs) with third-party processors for EU users, adequate security measures, compliance with applicable data protection laws, encryption in transit and at rest
- EU Users Notice:Due to GDPR compliance complexity for international data transfers, Pro subscriptions are currently limited to users outside the European Economic Area. Free features remain available to all users globally
Children's Privacy
Peek is not intended for children under 16 years of age (in the European Economic Area) or 13 years of age (in other regions).
- We do not actively verify age for free users
- When creating a Pro account, you must confirm you meet the minimum age requirement
- We do not knowingly collect personal information from children. If you believe a child has provided personal information, please contact us immediately at [email protected] and we will delete the information
- If you are under the required age:Do not create a Pro account, do not provide any personal information, ask a parent or guardian for permission before using Peek
Changes to This Privacy Policy
We may update this privacy policy to reflect new features, changes in data collection practices, legal or regulatory requirements, or improvements to our services.
- How We Notify You:Updated policy posted at https://trypeek.app/privacy/, "Last Updated" date changed, notification in application (for significant changes), email notification for material changes (Pro users with email on file)
- Your Continued Use:Continued use of Peek after changes constitutes acceptance of the updated policy. If you disagree with changes, you can disable analytics, delete your account (Pro users), or uninstall the application
- Version History:Version 2.0 (Effective: Version 0.9.0.0) - Added Pro features, OAuth authentication, cloud storage, device identification, comprehensive GDPR/CCPA compliance. Version 1.0 (Previous) - Free user policy only. Previous versions available upon request at [email protected]
Contact Us
- For Privacy Inquiries:Email [email protected] with subject "Privacy Inquiry"
- For Data Protection Inquiries (GDPR):Email [email protected] with subject "GDPR Inquiry"
- For California Privacy Rights (CCPA):Email [email protected] with subject "CCPA Inquiry"
- Response Time:We aim to respond within 30 days (GDPR) or 45 days (CCPA). Complex requests may take longer, but we'll notify you
- Website:https://trypeek.app | Privacy Policy: https://trypeek.app/privacy/
California Privacy Rights (CCPA)
This section supplements our Privacy Policy with additional information for California residents under the California Consumer Privacy Act (CCPA).
- Categories of Personal Information:For free users - none. For Pro users - identifiers (email, name, user ID), commercial information (subscription status, purchase history), internet activity (usage analytics if enabled, extraction data)
- We Do Not Sell Your Personal Information:We do not sell, rent, or trade your personal information. We share information only with service providers (Supabase, LemonSqueezy, Google Analytics 4) as necessary to provide services, and as required by law
- Your California Privacy Rights:Right to know, right to delete, right to opt-out of sale (we don't sell data), right to non-discrimination. See Section 6.4 "CCPA Rights" above for details
- To Exercise Your Rights:Email [email protected] with subject "California Privacy Rights"
Additional Information for Other Jurisdictions
- Australia (Privacy Act 1988):We comply with Australian Privacy Principles (APPs), you have rights to access and correct your personal information
- Canada (PIPEDA):We comply with Personal Information Protection and Electronic Documents Act (PIPEDA), you have rights to access, correct, and delete your personal information
- United Kingdom (UK GDPR):We comply with UK GDPR (post-Brexit data protection law), your rights are similar to EU GDPR
- Nevada Privacy Rights:We do not sell your personal information within the meaning of Chapter 603A of the Nevada Revised Statutes. If you are a Nevada resident and would like to submit a request, contact us at [email protected] with subject "Nevada Privacy Rights Request"
- Contact:[email protected] for privacy inquiries in any jurisdiction
Automated Decision-Making and Profiling
We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects on you.
- What This Means:We do not make decisions about you solely by automated means (without human involvement), we do not create profiles that significantly affect your access to services or pricing, all decisions about your account, subscription, or service access involve human review
- If This Changes:If we ever implement automated decision-making or profiling with significant effects, we will update this privacy policy, provide clear information about the logic involved, explain the significance and consequences, and give you the right to object and request human review
External Links
Peek may contain links to external websites (such as third-party privacy policies, documentation, or support resources). We are not responsible for the privacy practices of these external sites.
- When you click on external links, please review their privacy policies separately, as they may have different data collection and usage practices
Legal Basis for Processing (GDPR)
For users in the European Economic Area, we process your personal information based on:
- Contract - Necessary to provide Pro subscription services you've purchased
- Consent - For optional analytics (you explicitly enable it)
- Legitimate Interest - Device identification to prevent fraud and subscription abuse
- Legal Obligation - Retaining payment records for tax/accounting compliance
Data Controller Information
Peek is the data controller for your personal information. We operate from Bangladesh and comply with applicable data protection laws for all our users.
- Controller:Peek, operated from Bangladesh
- Data Protection Contact:[email protected] for privacy and data protection inquiries
- EU Representative:Not currently appointed. As our EU user base grows, we will appoint an EU representative if required under GDPR Article 27. EU users may contact us directly at [email protected]
- Supervisory Authority (EU):EU users have the right to lodge complaints with their local data protection authority. Find your authority at: https://edpb.europa.eu/about-edpb/board/members_en
Glossary
- Personal Information / Personal Data:Information that identifies you, such as name, email, or user ID
- OAuth:A secure way to sign in using your existing Google account without creating a new password
- Device Identification Code:A unique code created from your device's technical characteristics (screen size, timezone, etc.) - not biometric data
- Analytics:Optional usage statistics to help us improve our applications
- Cloud Storage:Online storage that syncs your data across devices (Pro feature, optional)
- RLS (Row Level Security):Database security that ensures only you can access your own data
← Back to Privacy Policy (Summary)
Previous version: Privacy Policy v1.0