Privacy Policy

Where this applies

Peon may be served from a marketing origin (for example peon.online) and a separate application origin for signed-in product use (for example app.peon.online). The same policy applies unless we tell you otherwise on a specific page. Deep links and redirects may send you between origins; authentication and billing are designed to work across them as described below.

Data controller

The data controller for Peon is the operator of the Peon service. For privacy requests or questions about this policy, contact contact@peon.online.

When you visit

Peon is hosted on Vercel. When you load pages, Vercel processes technical data needed to deliver the site and secure its platform, such as IP address, request metadata, and approximate location derived for operational and abuse-prevention purposes. See Vercel's privacy policy.

Legal basis (UK/EU): legitimate interests in operating and securing the service, and (where applicable) performance of a contract when you use Peon as a customer.

Cookies and similar storage

We use cookies, local storage, and similar technologies as described here and in linked vendor policies.

Essential and functional

Cookies required for security, load balancing, and core functionality (including sign-in session cookies from our authentication provider) are used based on legitimate interest and/or performance of a contract. See Vercel's cookie information and Clerk's privacy policy for session-related processing.

Analytics (optional)

Vercel Web Analytics may load only after you choose Accept all cookies on our banner. It helps us understand aggregated usage (for example page views) without selling your data. See Vercel Web Analytics privacy. If you choose Necessary only, we do not load this analytics script.

Consent storage

Your cookie choice is stored in browser localStorage under the key cookie-consent ( values necessary or all). Theme or UI preferences may also use localStorage and are not used for advertising.

Withdrawing consent

Clear the cookie-consent entry (or all site data) for this origin in your browser. The banner will show again on your next visit.

Authentication

Sign-in and account security are provided by Clerk. Clerk processes identifiers such as email address, authentication events, and session tokens as described in Clerk's privacy policy. Legal basis: performance of a contract and legitimate interests in securing accounts.

Account, company, and product data

When you use the dashboard and related features, we process account and workflow data you provide or generate — for example company identifiers, document metadata, and operational records needed to deliver the service. Application data is stored in our database (Neon Postgres) and may include file references stored with Vercel Blob where you upload or generate files. Legal basis: performance of a contract; compliance with legal obligations where applicable.

AI features (Ask, Chat, and similar)

Features that use AI send relevant prompts and context to model providers (for example Anthropic and, where used for embeddings or tooling, OpenAI) to generate responses. Do not submit special-category or highly sensitive personal data unless the product explicitly supports it and you choose to do so. Processing is governed by the providers' policies: Anthropic, OpenAI. Legal basis: performance of a contract and, where applicable, consent for optional processing clearly described in-product.

Payments

Payments are processed by Stripe. We do not store full payment card numbers on our servers. Stripe processes payment data in line with its policies — see Stripe's privacy policy. Legal basis: performance of a contract and compliance with financial rules.

Key processors

We use subprocessors to run Peon, including for example:

• Vercel — hosting, optional Web Analytics (when you accept cookies), Blob storage
• Clerk — authentication and user management
• Neon — database (see Neon privacy)
• Stripe — payments
• AI providers (e.g. Anthropic, OpenAI) — AI features

Blob storage details: Vercel Blob.

International transfers

Data may be processed in the United Kingdom, the European Economic Area, the United States, and other countries where our providers operate. We rely on appropriate safeguards (such as standard contractual clauses or adequacy decisions) as described in our vendors' documentation.

Retention

We retain personal data only as long as needed for the purposes above, including to provide the service, meet legal obligations, resolve disputes, and enforce agreements. Retention periods vary: for example authentication data follows Clerk's practices; payment records follow Stripe and legal requirements; product data follows operational and backup cycles. You may request deletion where applicable law allows.

Children

Peon is not directed at children under 16 (or 13 where applicable in the United States). We do not knowingly collect personal data from children for marketing purposes.

Your rights

Depending on your location, you may have rights to access, rectify, erase, restrict, or port your personal data, and to object to certain processing. In the UK and EU/EEA, you may also lodge a complaint with a supervisory authority (for example the ICO in the UK). To exercise rights, contact contact@peon.online. We may need to verify your identity before fulfilling requests.

Security

We implement appropriate technical and organisational measures appropriate to the risk, including use of reputable providers and access controls. No method of transmission over the Internet is completely secure.

Automated decision-making

We do not use solely automated decisions that produce legal or similarly significant effects on you without human review where required by law.

Changes

We may update this policy from time to time. The "Last updated" date will change when we do. Material changes may be communicated by email or in-product notice where appropriate.

Contact

Privacy questions and requests: contact@peon.online.