Privacy Policy

Your privacy is important to us. Learn how we collect, use, and protect your personal information.

Effective Date: 9 August 2025
Last Updated: 28 October 2025

1. Introduction

Peak Me Up ("we," "us," or "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, share, and protect your information when you use our cognitive health assessment and supplement recommendation platform.

Our Commitment: We believe in transparency about our data practices and your right to control your personal information. This policy applies to all users of our website, services, and platform.

2. Information We Collect

Personal Information You Provide

  • Account Information: Name, email address, date of birth, location (country/region)
  • Assessment Data: Responses to cognitive health questionnaires and assessments
  • Profile Information: Health goals, supplement preferences, dietary restrictions
  • Communication Data: Messages, support requests, feedback, and survey responses
  • Payment Information: Processed securely through third-party payment processors (we do not store payment details)

Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent, click patterns
  • Device Information: Browser type, operating system, IP address, device identifiers
  • Performance Data: App crashes, response times, error logs
  • Location Data: General location based on IP address (not precise geolocation)

Assessment-Specific Data

  • Cognitive Scores: Results from memory, focus, stress, and sleep assessments
  • Progress Tracking: Historical assessment results and trends over time
  • Personalization Data: Factors influencing supplement recommendations
  • Response Patterns: Timing and completion rates for assessments

3. How We Use Your Information

Primary Uses

  • Generate tailored supplement suggestions based on assessment results
  • Monitor cognitive health trends and improvement over time
  • Enhance assessment accuracy and user experience
  • Send assessment reminders, results, and relevant health information

Secondary Uses

  • Understand user patterns to improve our algorithms (anonymized data)
  • Respond to inquiries and troubleshoot issues
  • Meet regulatory requirements and protect user safety
  • Send relevant content and product updates (with consent)

4. Legal Basis for Processing (GDPR - UK/EU Users)

We process your personal data based on:

  • Consent: For marketing communications and optional features
  • Contract Performance: To provide our assessment and recommendation services
  • Legitimate Interests: To improve our platform and ensure security
  • Legal Obligations: To comply with healthcare and consumer protection laws
  • Vital Interests: To protect user health and safety when necessary

5. Information Sharing and Disclosure

We Share Information With:

Service Providers:

  • Cloud hosting providers (secure data storage)
  • Analytics services (anonymized usage data)
  • Microsoft Clarity (session recordings and heatmaps, with user consent)
  • Reddit Pixel (conversion tracking and advertising analytics, with user consent)
  • Customer support platforms
  • Email service providers
  • Payment processors

Third-Party Retailers:

  • Anonymous referral data when you click product links
  • No personal information is shared with retailers
  • We may receive commission notifications (not linked to your identity)

We Do NOT Share:

  • Individual assessment results with third parties
  • Personal information with supplement companies
  • Data for advertising purposes
  • Information with employers or insurers

6. Data Security and Protection

Technical Safeguards

  • Encryption: All data transmitted using SSL/TLS encryption
  • Secure Storage: Industry-standard database encryption
  • Access Controls: Limited employee access with authentication
  • Regular Audits: Security assessments and vulnerability testing

Organizational Safeguards

  • Privacy Training: Staff education on data protection
  • Data Minimization: Collect only necessary information
  • Retention Policies: Automatic deletion of old data
  • Incident Response: Procedures for data breach notification

7. Your Privacy Rights

All Users

  • Access: Request copies of your personal information
  • Correction: Update inaccurate or incomplete data
  • Deletion: Request removal of your data (with some exceptions)
  • Portability: Download your data in a portable format
  • Opt-Out: Unsubscribe from marketing communications

UK/EU Users (GDPR Rights)

  • Right to Object: Opt-out of certain data processing
  • Restriction: Limit how we use your data
  • Withdrawal: Remove consent for voluntary processing
  • Complaint: File complaints with data protection authorities

California Users (CCPA Rights)

  • Right to Know: Detailed information about data collection
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Prevent sale of personal information
  • Non-Discrimination: Equal service regardless of privacy choices

8. Cookies and Tracking Technologies

Essential Cookies

  • Authentication and security
  • User preferences and settings
  • Platform functionality
  • Assessment progress saving

Analytics Cookies (Require Consent)

  • Usage patterns and popular features
  • Performance monitoring
  • Error tracking and debugging
  • A/B testing for improvements
  • Microsoft Clarity: Session recordings and heatmaps to understand user behavior
  • Reddit Pixel: Conversion tracking and advertising analytics

Note: Analytics cookies only load after you provide explicit consent via our cookie banner.

Cookie Control

  • Browser settings to disable cookies
  • Granular cookie preferences in your account
  • Third-party opt-out tools
  • Mobile app tracking preferences

9. Data Retention

Account Data

  • Active Accounts: Retained while account is active
  • Inactive Accounts: Deleted after 3 years of inactivity
  • Closed Accounts: Most data deleted within 30 days

Assessment Data

  • Recent Results: Retained for personalization and progress tracking
  • Historical Data: Aggregated and anonymized for research after 2 years
  • Research Data: Anonymized data may be retained longer for scientific purposes

10. Children's Privacy

  • Age Restrictions: Our service is designed for adults 18+
  • No Intentional Collection: We don't knowingly collect data from minors
  • Parental Notification: Parents should contact us if a minor has created an account
  • Immediate Deletion: We delete any data from users under 18

11. Marketing and Communications

Types of Communications

  • Transactional: Account updates, assessment results, security notifications
  • Educational: Health tips, research updates, platform news
  • Marketing: Product recommendations, special offers, surveys
  • Reminders: Assessment scheduling and completion notifications

Communication Preferences

  • Opt-In Required: Marketing communications require explicit consent
  • Granular Controls: Choose specific types of communications
  • Easy Unsubscribe: One-click unsubscribe in all emails
  • Preference Center: Manage all communication settings in your account

12. Policy Updates

Change Notification

  • Email Alerts: Significant changes communicated via email
  • In-App Notices: Important updates highlighted in platform
  • Effective Date: New policies take effect 30 days after notification
  • Continued Use: Using the service constitutes acceptance of updates

Contact Information and Complaints

Privacy Contact

  • Email: hello@peakmeup.ai
  • Response Time: We respond to privacy inquiries within 30 days

Data Protection Officers

  • UK/EU Users: hello@peakmeup.ai
  • Complaint Process: Internal review before regulatory complaints
  • Regulatory Bodies: UK ICO, relevant EU data protection authorities

Your Trust Matters: We're committed to earning and maintaining your trust through responsible data practices. This policy reflects our dedication to protecting your privacy while providing valuable cognitive health insights.