Secure and GDPR-ready
Peiley is a Dutch startup, built on European infrastructure. Below we explain honestly what is already in place, what is in progress, and what is not (yet) available.
Where does your data live?
All Peiley data lives inside the EU on Google Cloud / Firebase. The database (Firestore) runs in region eur3, a European multi-region across the Netherlands and Belgium. Server logic (Cloud Functions) runs in europe-west1 (Belgium). Hosting (App Hosting) in europe-west4 (Netherlands). Data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
What we do to prevent hacks
Concrete measures — no vague marketing language.
Encrypted connections (HTTPS/TLS)
LiveAll traffic between your browser and Peiley runs over HTTPS. The Firebase platform enforces TLS 1.2+ and manages certificates.
Encryption at rest
LiveFirestore automatically encrypts all data on disk (AES-256). Backups and logs fall under the same policy.
Strict access rules (Firestore Rules)
LiveEvery read and write is server-side enforced. Owners see only their own surveys, contacts, and responses. Admin actions are gated separately.
Secrets in a Secret Manager
LiveAPI keys (Resend, Stripe) never live in code or the repo. They are injected from Google Secret Manager on every deploy.
Stripe webhook signature verification
LiveIncoming Stripe events are cryptographically verified with the signing secret. Replays and tampered events are rejected.
Validation on every backend endpoint
LiveAll Cloud Functions validate input with Zod schemas. Oversized fields, invalid enums, or type mismatches are rejected immediately.
Audit log for admin actions
LiveAdmin grants, plan changes, and cleanup runs are logged in Firestore so they remain auditable after the fact.
Security headers (CSP, HSTS, X-Frame-Options)
In progressFor extra hardening we are adding a middleware with Content-Security-Policy, HSTS, and clickjacking protection. Live by the end of this sprint.
Per-user rate limiting
In progressOn top of Firebase's default concurrency caps we are adding custom rate limits per endpoint (login, invitations, AI generation).
Two-factor authentication (MFA)
Not yet availableRight now login is email + password. MFA via authenticator app is on the roadmap, first for admins and business accounts.
Your rights under GDPR
You stay in control of your own data. Here's how.
Cookie banner with granular choices
LiveOn your first visit you choose for analytics and marketing cookies. Essential cookies (login, security) stay on. Change your mind any time at /privacy/cookies.
Right to access
LiveEmail privacy@peiley.net and you'll receive a full overview of your data within 30 days. A self-service export button is coming soon.
Right to be forgotten (self-service)
LiveDelete your account directly from /dashboard/account → Danger zone. A confirmation modal asks for your email and the word "DELETE". After that all your surveys, responses, contacts and email templates are removed immediately. Inactive free accounts are additionally auto-cleaned after 30 days.
Self-service data export (one click)
In progressA button in your account that downloads a ZIP with all your surveys, responses, and contacts. In progress — request an export via privacy@peiley.net in the meantime (delivered within 30 days).
Right to rectification
In progressProfile data (name, language, photo) you can change yourself. For other corrections please email us — full self-service is planned.
Sub-processors
Third parties Peiley relies on for parts of its service. All under a Data Processing Agreement (DPA).
| Party | Purpose | Location | DPA |
|---|---|---|---|
| Google Cloud / Firebase | Hosting, database, authentication, functions | EU (eur3 multi-region NL + BE; functions europe-west1; hosting europe-west4) | Link |
| Stripe | Subscriptions and payments | Ireland (EU) + US (SCCs) | Link |
| Resend | Transactional email (welcome, invitations, reminders) | US (SCCs) | Link |
| Pollinations.ai | AI images for public marketing pages (no customer data) | US | n/a |
| OpenAI / Anthropic (Bring-Your-Own-Key) | AI survey generation — you use your own API key | US (SCCs) | n/a |
For parties outside the EU, processing happens under the European Commission's Standard Contractual Clauses (SCCs).
How long do we keep what?
| Data type | Retention |
|---|---|
| Free account (inactive) | 30 days, then hard delete |
| Paid account | For the duration of the subscription + 90 days after cancellation |
| Surveys and responses | Until you delete them yourself (or close the account) |
| Email log (sent invitations) | Limited to what is needed for delivery and debugging |
| Stripe events (idempotency) | Indefinite — only event id and type, no card data |
| Server logs (Cloud Functions) | 30 days (Firebase default) |
What we explicitly do NOT do
- No selling of data to third parties. Period.
- No tracking pixels in transactional emails (welcome, invitations, reminders).
- No Facebook Pixel or LinkedIn Insight Tag — unless you actively turn on marketing cookies.
- No credit card data in our database. Stripe handles payments; we only receive plan status.
- No Peiley staff access to your survey responses, except on explicit support request.
Questions, DPA, or found a leak?
Email privacy@peiley.net for privacy questions or to request a DPA. For security issues (responsible disclosure) reach us at security@peiley.net — we usually respond within 24 hours.