Privacy Policy

Peakflow collects account information required to authenticate users, operate workspace access, and secure the platform. This can include name, email address, workspace membership data, login activity, and configuration settings created inside the product.

When a workspace connects Meta Ads, Peakflow also processes advertising and business data that the authorized user chooses to grant. This can include ad account identifiers, campaign, ad set, ad, and insight data, sync logs, and integration status metadata. Peakflow does not request or store more data than is needed to operate the connected workflows and reporting surfaces exposed inside the application.

Peakflow uses collected information to authenticate users, bootstrap workspace access, connect integrations, sync authorized advertising data, generate operational dashboards, monitor sync health, and surface alerts or insights inside the product.

We may also use operational logs and telemetry to diagnose failures, secure the platform, improve performance, and prevent misuse. Peakflow does not sell user data or customer advertising data to third parties.

Peakflow processes only the advertising data that an authorized user explicitly connects through supported platform integrations. For Meta Ads, this means the platform acts on the permissions granted through OAuth and reads only the business and advertising data made available by that authorization.

Workspace owners remain responsible for ensuring they have the right to connect, process, and manage the advertising assets, business accounts, and campaign data they authorize inside Peakflow.

Peakflow stores application data in Supabase-hosted infrastructure and runs application services on Vercel. Access tokens are encrypted before storage, workspace data is scoped by tenant controls, and server-side operations are restricted to authenticated application flows and privileged service functions.

No internet-facing system can guarantee absolute security. Peakflow applies reasonable technical and organizational safeguards to protect information against unauthorized access, disclosure, alteration, and loss.

Peakflow retains workspace, sync, and operational records for as long as they are needed to operate the service, support troubleshooting, satisfy legal obligations, and preserve an accurate operational history for the connected workspace.

If an integration is disconnected, previously synced records may remain in the workspace until they are deleted through administrative action or a retention policy implemented for that deployment.

Workspace owners can disconnect integrations, update workspace data, or request deletion of data that is no longer needed for service operation. Individual users may also request access corrections through the support or administrative channel provided for the relevant Peakflow deployment.

If you need a data deletion or privacy-related request handled, use the support or administrative contact associated with the Peakflow deployment you are accessing.

Peakflow may update this Privacy Policy as the product, integrations, and legal requirements evolve. When material changes are made, the updated version will be posted at this URL with a revised effective date.