Privacy policy

Peiley is an online platform for surveys, polls and group scheduling. Peiley is operated from the Netherlands and runs entirely on European cloud infrastructure (Google Cloud, eur3 multi-region for the database, europe-west1 for server logic, europe-west4 for hosting).

For privacy questions you can contact privacy@peiley.net.

When you create an account

• Email address and password (stored by Firebase Auth — we don't have access to the password)
• Name and optional profile photo
• Preferred language
• Registration date and last-login timestamp

When you use Peiley

• The surveys you create (title, questions, settings)
• Responses from respondents to your surveys
• Contacts you upload or add (name, email, optional company name)
• Email templates and sent invitations
• Cookie preferences (essential / analytics / marketing)

When you pay

• Stripe customer id and subscription status (we don't store card details — those stay with Stripe)
• Date and amount of invoices

Technical data

• IP address and user-agent in server logs (30 days)
• Web vitals (load times, layout shift, etc.) — anonymised only
• Error reports for debugging

We process personal data exclusively for:

• Delivering the platform (contract performance, art. 6(1)(b) GDPR)
• Security, fraud prevention and service stability (legitimate interest, art. 6(1)(f) GDPR)
• Sending transactional emails (welcome, invitations, reminders, account warnings)
• Legal obligations such as tax retention for invoices
• With explicit consent: optional analytics and marketing cookies (art. 6(1)(a) GDPR)

We don't sell personal data to third parties. Not today, not ever.

For specific parts of our service we work with sub-processors. We have a data processing agreement in place with each of them.

• Google Cloud / Firebase — hosting, database, authentication, server functions (EU)
• Stripe — subscriptions and payments (EU + US under SCCs)
• Resend — sending transactional emails (US under SCCs)
• Pollinations.ai — only for public marketing images, no customer data

The full and up-to-date list is on the Security & GDPR page.

• Inactive free accounts: 30 days, then auto-deletion (after 2 warning emails)
• Paid accounts: for the duration of your subscription, plus 90 days after cancellation
• Surveys and responses: until you delete them yourself, or until you close your account
• Invoices: 7 years (legal retention)
• Server logs: 30 days
• Email log: limited to what is needed for delivery and debugging

Under GDPR you have several rights. You can exercise them by emailing privacy@peiley.net or (where possible) directly from your account.

• Right to access: an overview of what data we hold about you
• Right to rectification: have incorrect data corrected
• Right to be forgotten: have your account and all related data deleted
• Right to data portability: receive your data in a common format (JSON/CSV)
• Right to object to processing based on legitimate interest
• Right to withdraw cookie consent — via /privacy/cookies

We respond to a request within 30 days. You can also file complaints with the Dutch Data Protection Authority.

We encrypt all data both in transit (TLS 1.2+) and at rest (AES-256). Access to production data is limited and logged. The full list of technical and organisational measures is in our data processing agreement (request via dpa@peiley.net) and on the Security & GDPR page.

On your first visit we ask for consent for analytics and marketing cookies. Essential cookies (login, security) are always active — they are technically necessary and exempt from consent requirements.

You can change your choice any time via /privacy/cookies.

We may update this privacy policy. For significant changes we'll email you at your registered address and post the new version on this page at least 30 days in advance.