Effective Date: September 2, 2025
Last Updated: September 2, 2025
Think Outside The Box Ventures, LLC ("Company," "we," "us," or "our") operates Peekaboo ("Service"). This Privacy Policy explains how we collect, use, and protect your personal data.
We comply with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Information We Collect
- Account Data: Name, email address, billing address, and payment details (processed via Stripe). Our database stores only your email address and subscription ID.
- Usage Data: Login/authentication data (via Clerk), session data (via Microsoft Clarity), and analytics such as device type, browser, IP address, geolocation, and interactions with the Service (via Google Analytics).
- Third-Party Data: Information obtained from OpenAI (ChatGPT), Google Gemini, Perplexity, and SimilarWeb, as well as data submitted by customers about their websites or brands.
- Customer Input Data: Any information you choose to submit. We do not intentionally collect personal data of your end-users; if you provide such data, you are responsible for ensuring appropriate rights and consents.
2. Cookies & Tracking
We use cookies and similar technologies to operate the Service, enable authentication, analyze performance, and improve functionality. You can control cookies through your browser settings.
3. How We Use Data
We use personal data to:
- Provide and operate the Service.
- Generate reports and analytics.
- Process payments and manage subscriptions.
- Improve and secure the Service.
- Communicate with you.
- Comply with legal obligations.
- Send marketing communications if you have opted in (you may withdraw consent at any time).
4. Legal Basis (GDPR)
For users in the EEA/UK, we process personal data based on:
- Performance of a contract (providing the Service).
- Legitimate interests (improving and securing the Service).
- Compliance with legal obligations.
- Consent, where required (e.g., for marketing).
5. Third-Party Service Providers
We use trusted third-party providers to operate the Service, including:
- Stripe – Payments
- Clerk – Authentication
- Vercel – Hosting
- Planetscale – Database
- Microsoft Clarity – Session analytics
- Google Analytics – Web analytics
- OpenAI (ChatGPT) – AI data processing
- Google Gemini – AI data processing
- Perplexity – AI data processing
- SimilarWeb – Data enrichment
6. International Transfers
If you are located in the EEA, UK, or Switzerland, your data may be transferred to the U.S. We rely on Standard Contractual Clauses (SCCs) and implement safeguards to protect your data.
7. Data Retention
We retain personal data as long as your account is active or as needed to provide the Service, and as required by law thereafter.
8. Your Rights
- GDPR: Right to access, correct, delete, restrict, port, and object.
- CCPA: Right to know, delete, and opt out of "sale" (we do not sell data).
- Requests: 📩 team@aipeekaboo.com
- We will respond within the required timeframe (generally 30 days).
9. Lawful Disclosure
We may disclose your information if required by law, legal process, or government request.
10. Security
We implement appropriate safeguards to protect your data. No system is completely secure.
11. Breach Notification
If a data breach occurs that affects your personal data, we will notify you and relevant authorities as required by law.
12. Children's Data
The Service is not directed to individuals under 18.
13. Aggregated & Anonymized Data
We may use anonymized or aggregated data for analytics, benchmarking, and product improvement. Such data does not identify individuals.
14. Data Processing Addendum (DPA)
Enterprise customers requiring a GDPR Data Processing Addendum (DPA) may request one by contacting us at team@aipeekaboo.com.
15. Changes
We may update this Privacy Policy from time to time.