Peach

1. Introduction

This Privacy Policy describes how Peach ("we," "us," or "our") collects, uses, shares, and protects information when you use our platform and services ("Service"). This policy applies to all users of the Peach platform.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email, phone number, date of birth, profile photos
• Identity Verification: Government-issued ID, verification documents for KYC compliance
• Profile Content: Bio, photos, videos, service descriptions, rates
• Payment Information: Banking details, mobile money accounts (processed by third parties)
• Communications: Messages, support tickets, feedback
• Location Data: City, region (not precise location unless explicitly provided)

2.2 Information We Collect Automatically

• Usage Data: Pages visited, features used, time spent on platform
• Device Information: IP address, browser type, device identifiers, operating system
• Log Data: Access times, error logs, performance data
• Cookies and Similar Technologies: Preferences, authentication, analytics

2.3 Information from Third Parties

• Payment Processors: Transaction data, payment status
• Social Media: Public profile information if you choose to link accounts
• Identity Verification Services: Verification status, risk scores
• Analytics Providers: Usage patterns, demographic insights

3. How We Use Your Information

3.1 Core Service Functions

• Creating and maintaining user accounts
• Facilitating connections between creators and clients
• Processing payments and transactions
• Providing customer support
• Ensuring platform security and safety

3.2 Legal and Safety Purposes

• Verifying user age and identity
• Preventing fraud and abuse
• Complying with legal obligations
• Protecting user safety and platform integrity
• Investigating violations of Terms of Service

3.3 Platform Improvement

• Analyzing usage patterns to improve features
• Personalizing user experience
• Developing new services and features
• Conducting research and analytics

3.4 Communications

• Sending service-related notifications
• Marketing communications (with consent)
• Safety alerts and platform updates
• Customer support responses

4. Legal Bases for Processing (GDPR)

We process personal data based on:

• Contract: To provide services you've requested
• Legal Obligation: To comply with applicable laws
• Legitimate Interest: To improve services and ensure safety
• Consent: For marketing and optional features (can be withdrawn)

5. Information Sharing and Disclosure

We do not sell your personal data. We share data only as necessary for platform operations, as described below.

5.1 With Other Users

• Profile information you choose to make public
• Messages and content shared directly with other users
• Service listings and availability
• Reviews and ratings (where applicable)

5.2 With Service Providers

• Payment Processors: To handle transactions (M-Pesa, banks, etc.)
• Identity Verification: To verify user identities and comply with regulations
• Cloud Storage: To store and backup data securely
• Analytics Services: To understand platform usage (anonymized data)
• Customer Support Tools: To provide assistance

5.3 Legal Disclosures

• When required by law or legal process
• To protect our rights and interests
• To investigate potential violations
• In connection with business transfers or mergers
• To report illegal content or activities to authorities

6. International Data Transfers

Your data may be processed in countries outside your country of residence (for example, where our hosting, analytics, or payment providers operate). Where cross-border transfers occur, we apply appropriate safeguards including:

• Standard contractual clauses approved by relevant authorities
• Reputable providers with recognised security certifications and standards
• Encryption of data in transit and at rest
• Access controls limiting data access to authorized personnel

7. Data Security

7.1 Security Measures

• Encryption of data in transit and at rest
• Regular security audits and updates
• Access controls and employee training
• Incident response procedures
• Secure third-party integrations

7.2 Account Security

• Strong password requirements
• Optional two-factor authentication
• Login monitoring and alerts
• Session management

8. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy, including legal compliance and dispute resolution. Our typical retention approach is:

• Account data: Retained while your account is active and for up to 12 months after account deletion, unless required longer by law
• Identity verification documents: Retained only as long as needed for verification, then deleted within 90 days, unless required for legal reasons
• Transaction records: Retained for the period required by applicable tax and financial regulations (typically 5–7 years)
• Messages and communications: Retained while your account is active; deleted upon account deletion, subject to legal holds
• Usage and log data: Retained for up to 12 months for analytics and security purposes
• Marketing preferences: Retained until you withdraw consent or unsubscribe

9. Your Privacy Rights

9.1 Access and Control

• View and download your personal data
• Correct inaccurate information
• Delete your account and data (subject to legal requirements)
• Control privacy settings and data sharing preferences

9.2 GDPR Rights (EU Users)

• Right to access personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making

9.3 CCPA Rights (California Users)

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of sale of personal information
• Right to non-discrimination

10. Age Restrictions and Minors

Minor Data Protection

• Any data from minors discovered will be deleted immediately
• Parents/guardians should monitor minor's internet usage
• Report any suspected minor activity immediately

11. Cookies and Tracking

11.1 Types of Cookies

• Essential Cookies: Required for platform functionality
• Analytics Cookies: To understand usage patterns
• Preference Cookies: To remember user settings
• Marketing Cookies: For targeted advertising (with consent)

11.2 Cookie Management

• You can control cookies through browser settings
• Some features may not work if cookies are disabled
• Third-party cookies are governed by respective privacy policies

12. Links to Other Sites

The Service may contain links to third-party websites and services (including payment providers, social media platforms, and partner sites). We are not responsible for the privacy practices, content, or availability of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

13. Jurisdiction and Data Protection

13.1 Netherlands Data Protection

• Compliance with Netherlands GDPR implementation and applicable EU regulations
• Registration with Dutch Data Protection Authority (Autoriteit Persoonsgegevens) where required
• Local data protection rights as specified by Netherlands and EU law

13.2 International Operations

• Compliance with applicable local privacy laws in operational jurisdictions
• Specific rights may vary by jurisdiction
• Contact us for jurisdiction-specific information

14. Changes to This Privacy Policy

• We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or the Service
• The revised version will be posted on the Service with a new "Last Updated" date
• For material changes, we will notify you via email or a prominent notice on the platform
• Continued use of the Service after changes take effect constitutes acceptance of the revised Policy