Skip to main content

Privacy Policy

Privacy Policy — Peerakeet, Inc.

Version 2.2 Effective Date: May 14, 2026 Last Updated: May 14, 2026

This Privacy Policy ("Policy") describes how Peerakeet, Inc. ("Peerakeet," "we," "us," or "our") collects, uses, discloses, and protects personal information when you use the adult version of the Peerakeet mobile application, web portal, website, and related platform services (collectively, the "Service").

This Policy applies to Peerakeet in its role as a technology platform and administrative service provider. It does not replace any Notice of Privacy Practices, 42 CFR Part 2 patient notice, FERPA notice, student consent, telehealth informed consent, release of information, or other care-related, education-related, or program-specific authorization that may be provided to you by a healthcare provider, certified peer support specialist, recovery program, educational institution, treatment program, or organization using Peerakeet.

If you receive services through an organization, solo practice, school, recovery program, certified peer support specialist, provider, or other customer using Peerakeet, that customer may provide separate legal and privacy documents that govern the underlying service relationship and any customer-specific uses or disclosures of your information. Those customer-issued documents may control over this Policy on care, education, recovery-program, or provider-specific issues to the extent applicable.

By using the Service, you acknowledge this Policy. If you do not agree with this Policy, do not use the Service.

1. Peerakeet's Role

Peerakeet provides software, workflow, scheduling, messaging, documentation, reporting, and video-integration infrastructure for recovery programs, peer-support programs, education programs, provider organizations, solo practices, and other customers.

Peerakeet is not, by default, the treating provider, medical practice, educational institution, school official, recovery community organization, lawful holder, or 42 CFR Part 2 program for customer-delivered services. When Peerakeet processes regulated information on behalf of a customer, Peerakeet may operate under contractual obligations such as a Business Associate Agreement ("BAA") under HIPAA, a Qualified Service Organization Agreement ("QSOA") under 42 CFR Part 2, a FERPA addendum, or a similar regulated-data agreement.

Peerakeet does not supervise, direct, or control the services delivered by any organization, provider, certified peer support specialist, or other user of the Service. Peerakeet does not evaluate the quality, appropriateness, or legality of services, interactions, or decisions made by users or customers and does not assume responsibility for the conduct of any individual or organization using the platform.

2. Information We Collect

We may collect the following categories of information.

2.1 Information You Provide

  • Account information: email address, password credentials, display name, date of birth, and account preferences.
  • Profile information: self-descriptions, life topics, interests, strengths, coping tools, boundaries, and other profile content you choose to add.
  • Health and wellness content: journal entries, check-ins, self-assessments, wellness-plan information, reflections, support preferences, and similar content you create in the Service.
  • Telehealth and scheduling information: booking details, availability, session preferences, and intake details such as legal name, phone number, mailing address, and state of residence if you use telehealth-related features.
  • Communications: messages, support requests, feedback, reports, and other communications sent through the Service.
  • Organization and enrollment information: information submitted when you join, are referred by, or are enrolled with an organization that uses Peerakeet.
  • Consent and acknowledgment records: timestamps and versions for platform documents and other acknowledgments collected through the Service.
  • Emergency contact information: names, phone numbers, and relationships for contacts you choose to provide.
  • Professional information: if you are a certified peer support specialist or staff user, information about credentials, qualifications, supervision, continuing education, and related records.
  • Billing information: subscription and billing identifiers from our payment processor. We do not store payment card numbers directly.

2.2 Information Collected Automatically

  • Usage data: features used, navigation activity, pages viewed, timestamps, and related product-interaction events.
  • Device information: device type, operating system, app version, device identifiers, push tokens, and settings.
  • Browser and device storage data: information stored locally through technologies such as local storage, session storage, and in-app storage to support sign-in state, preferences, onboarding drafts, invite flows, and similar platform functions.
  • Log data: IP address, access times, errors, diagnostics, and performance information.
  • Location information: general location derived from IP address and, if you use trip logging features, precise GPS data while trip logging is active.

2.3 Information From Third Parties

  • Authentication providers: basic profile information from services such as Google or Apple when you choose those sign-in methods.
  • Customers and service-delivery partners: information provided by organizations, schools, recovery programs, certified peers, providers, or vendors in connection with services facilitated through the Service.

3. How We Use Information

We use information for the following purposes:

  • To provide, operate, secure, and improve the Service.
  • To support scheduling, messaging, journaling, check-ins, reporting, and other platform functionality.
  • To personalize product experiences, including matching and recommendations where applicable.
  • To send service-related notifications, updates, security messages, and support communications.
  • To detect, prevent, and address safety issues, fraud, abuse, harmful content, and violations of our Terms or Community Guidelines.
  • To monitor performance, troubleshoot errors, conduct analytics, and improve the Service.
  • To maintain logs, audit trails, export functionality, deletion workflows, and compliance-related records.
  • To comply with law, enforce our agreements, respond to claims, and protect rights, property, safety, and security.
  • To support customer operations where Peerakeet is providing services on behalf of an organization, solo practice, or other customer.

Any matching, recommendation, or personalization features are designed to support user experience and are not intended to make or replace professional, clinical, or supervisory decisions. Organizations and users remain solely responsible for evaluating and determining appropriate relationships, services, and interactions.

Where Peerakeet processes regulated information on behalf of a customer, we apply role-based access controls, data-minimization practices, and contractual restrictions designed to limit access and use to authorized purposes.

4. How We Disclose Information

We do not sell personal information. We also do not allow third-party advertising networks to collect personal information through the Service for their own advertising purposes. We may disclose information in the following circumstances:

4.1 To Service Providers and Infrastructure Vendors

We may disclose information to vendors that provide services to Peerakeet, such as cloud hosting, authentication, storage, security, analytics, customer support, transactional email, video integration, and payment processing. These providers are contractually restricted to use information only to provide services to Peerakeet and not for their own independent purposes.

Examples may include:

  • Google Cloud Platform and Firebase for infrastructure and storage
  • Google Vertex AI for safety, moderation, summarization, AI-assisted support tooling, and related product operations
  • Zoom for video-session integration
  • Stripe for subscription and payment processing
  • Resend for transactional emails
  • Expo for push-notification delivery

Where required and applicable, Peerakeet enters into written data-protection terms, including BAAs for vendors handling protected health information.

4.2 To Customers and Authorized Workforce

If you use the Service through an organization, school, recovery program, solo practice, certified peer support specialist, provider, or other customer, Peerakeet may make your information available to that customer and its authorized workforce as needed to operate the services they deliver through the platform, subject to applicable law and contract.

For example, this may include:

  • enrollment status
  • scheduling information
  • session participation records
  • notes, assessments, records, or other documentation created within the customer's workflow
  • wellness-plan progress
  • risk flags or safety escalations

The customer, institution, program, or provider remains responsible for its own notices, consents, authorizations, and legal disclosure obligations.

4.3 To Other Users at Your Direction

If you choose to message, match with, or otherwise interact with other users, information you share in those interactions may be visible to the people involved in that interaction, consistent with the Service's design and your actions.

4.4 For Safety, Legal, and Operational Reasons

We may disclose information:

  • to comply with law or legal process, where permitted by applicable law, contract, and our role
  • to respond to emergencies or prevent imminent harm, where permitted by applicable law, contract, and our role
  • to protect the rights, safety, security, or property of Peerakeet, our users, customers, or others
  • to investigate fraud, abuse, harassment, threats, or other misuse of the Service

If Peerakeet receives information that is subject to FERPA, HIPAA, 42 CFR Part 2, or another regulated-data framework on behalf of a customer, disclosures of that information are further limited by applicable law, contract, and the instructions of the customer, institution, covered entity, business associate, Part 2 program, lawful holder, or other responsible party.

When regulated information is processed on behalf of a customer, Peerakeet relies on that customer or lawful holder to determine how such information is identified, classified, segmented, and disclosed. Peerakeet does not independently verify that information has been properly classified or restricted under FERPA, HIPAA, Part 2, or similar laws and processes such data in accordance with contractual instructions and applicable law.

Any disclosure of Part 2 records made by Peerakeet on a customer's behalf will be accompanied by the redisclosure notice required by 42 CFR 2.32 where applicable and as directed by the customer.

4.5 To Professional Advisers, Auditors, and Insurers

We may disclose information to lawyers, accountants, auditors, insurers, financing sources, and similar professional advisers only where reasonably necessary for legal, compliance, audit, insurance, financing, or corporate-governance purposes, and subject to appropriate confidentiality obligations, role-based restrictions, and any additional legal or contractual limitations applicable to the information.

4.6 Business Transfers

If Peerakeet is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to applicable legal restrictions, confidentiality obligations, and any additional limits imposed by our role, customer contracts, HIPAA, 42 CFR Part 2, or other applicable law.

4.7 De-Identified and Aggregated Data

We may use and disclose aggregated, de-identified, or anonymized information that does not reasonably identify an individual for analytics, reporting, product improvement, security, research, or other lawful business purposes.

4.8 Research and Program Evaluation

Customers, schools, recovery programs, providers, and other organizations may use Peerakeet to support their own research, institutional research, program evaluation, quality improvement, reporting, or studies where they are permitted to do so. Research exports and research datasets are de-identified, aggregated, limited, or otherwise minimized where feasible. When we process or provide identifiable information for a customer's research or evaluation purpose, we do so under the customer's instructions, applicable agreements, and applicable law.

Peerakeet may also conduct its own research, evaluation, analytics, and product-improvement work using aggregated, de-identified, or anonymized information that does not reasonably identify you. Peerakeet does not use identifiable customer-regulated information for Peerakeet-sponsored research unless the use is permitted by applicable law, covered by the required customer agreement, and supported by any required individual authorization, consent, waiver, or approval.

5. AI, Moderation, and Analytics

Peerakeet uses automated systems, including AI-supported tooling, as integral components of the Service. AI helps human moderators, assists authorized customer users with documentation drafts and recall of prior interactions, generates summaries of session and message history for authorized customer users who support you, and supports operational tasks such as content safety review, onboarding assistance, and product reliability.

These tools may be used to:

  • detect harmful or unsafe content
  • identify potential policy violations
  • support trust-and-safety review
  • summarize prior sessions, notes, and interactions for authorized customer users who are working with you
  • assist authorized customer users with drafting documentation that the responsible human user reviews and finalizes
  • improve platform quality and reliability

AI processing is performed under contractual obligations that protect your information and is part of the Service when you receive support through Peerakeet. Peerakeet may disable AI support tooling for a participant record when required for operational, legal, security, or customer-contract reasons.

AI never replaces the human user, provider, peer support specialist, supervisor, or program staff member responsible for serving you. AI does not produce clinical risk scores, diagnoses, or treatment decisions. Any AI-generated suggestion that becomes part of a formal record is reviewed and finalized by a responsible human user before it is recorded. The customer and its authorized users remain responsible for the content of records they create.

Peerakeet does not permit third-party AI vendors to use customer-regulated data or in-product user content submitted through the Service to train generally available models.

Where Peerakeet uses analytics, we design those analytics and reports to avoid unnecessary exposure of regulated information, including avoiding message bodies and unnecessary dynamic patient or client identifiers in analytics events. Peerakeet may continue to use strictly necessary internal identifiers and telemetry for service operations, security, billing, fraud prevention, and account integrity. When Peerakeet uses de-identified analytics, the data is intended to be stripped of direct identifiers and used in aggregate form.

Peerakeet does not monitor all activity, communications, or content within the Service and does not guarantee that harmful, unlawful, or non-compliant behavior will be detected or prevented. Any moderation, detection, flagging, or safety-related tooling is limited in scope, may not operate in real time, and may not identify all risks or issues. Responsibility for monitoring interactions, supervising users, and responding to safety or compliance concerns remains with the customer or organization providing services through the platform.

6. Customer-Delivered Services

If you receive services through a customer using Peerakeet, the following additional rules apply:

  • Your provider, program, organization, school, or solo practice may provide its own Notice of Privacy Practices, FERPA notices, 42 CFR Part 2 patient notices, telehealth informed consent, release-of-information forms, student or participant consents, or other legal documents.
  • Those customer-issued documents govern the underlying service relationship and customer-specific uses and disclosures of your information.
  • Requests relating to customer-controlled records, including certain FERPA, HIPAA, or 42 CFR Part 2 requests, should generally be directed to the customer, institution, program, or provider that delivered the service.
  • Peerakeet may assist that customer or provider in responding to such requests as required by contract or law.
  • Peerakeet acts as a technology platform supporting customer operations and does not by itself create a provider-patient, student-school, counselor-client, or peer-support relationship with users of the Service.

7. Security

Peerakeet uses administrative, technical, and physical safeguards designed to protect information from unauthorized access, use, disclosure, alteration, and destruction.

Examples include:

  • encryption in transit and at rest where appropriate
  • access controls and role-based permissions
  • logging and monitoring
  • segregation of operational records, security logs, and primary product data where appropriate
  • incident-response processes
  • workforce confidentiality obligations
  • vendor management and contractual controls
  • backup and recovery procedures

Peerakeet may make additional security information or audit materials available separately in appropriate circumstances. While we design our controls with recognized security principles in mind, no method of transmission or storage is completely secure.

If Peerakeet becomes aware of a security incident requiring notice, we will provide notice consistent with applicable law, contract, and our role in the underlying service.

Peerakeet is not an emergency service and does not provide crisis response, clinical intervention, or real-time safety monitoring. Users should contact appropriate emergency services or qualified professionals for urgent or crisis situations.

8. Data Retention

We retain information for as long as reasonably necessary to:

  • provide the Service
  • maintain account and platform operations
  • maintain audit trails, security records, and compliance documentation
  • comply with legal, regulatory, security, and contractual obligations
  • resolve disputes and enforce agreements
  • support legitimate safety and audit needs

When you delete your account or request deletion, we will delete, de-identify, or retain information according to the nature of the data, applicable law, customer instructions, and our contractual obligations. Some information may persist temporarily in backups or archives.

If records were created or maintained as part of services delivered by a customer or provider using Peerakeet, those records may also remain subject to the customer's retention obligations, legal duties, and instructions to Peerakeet.

9. Your Choices And Rights

9.1 Platform Requests

Depending on your relationship with Peerakeet, applicable law, and our role in the relevant data, you may request:

  • access to certain account information
  • correction of certain account or profile information
  • deletion of your platform account
  • a portable export of certain data
  • changes to notification or communications preferences
  • changes to analytics-related in-app preferences where available
  • clarification about whether a request must be handled by Peerakeet or by a customer/provider

9.2 Customer or Provider Records

If you use Peerakeet through a customer or provider, requests about care-related records may need to be directed to that customer or provider, including requests concerning:

  • access to customer-controlled or provider-owned records
  • amendments to customer-controlled or provider-owned records
  • accounting of disclosures
  • restrictions on use or disclosure
  • complaints about customer, provider, institution, or program privacy practices

Peerakeet may route or assist with those requests where appropriate, including as a technical facilitator for the customer or provider, but this Policy is not the customer's Notice of Privacy Practices, FERPA notice, 42 CFR Part 2 patient notice, student consent, or authorization form.

9.3 State Privacy Rights

Depending on where you live, you may have additional rights under state privacy laws. We may need to verify your identity and, where allowed by law, the authority of an authorized agent before processing certain requests.

9.4 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA"). To the extent that information we collect is subject to CCPA rather than preempted by HIPAA or other federal law, you may have the right to:

  • Know what personal information we collect, use, disclose, and sell or share, and the categories of sources and third parties involved.
  • Delete personal information we have collected from you, subject to certain exceptions.
  • Correct inaccurate personal information we maintain about you.
  • Opt out of the sale or sharing of personal information. Peerakeet does not sell your personal information and does not share personal information for cross-context behavioral advertising.
  • Limit use of sensitive personal information. We use sensitive personal information only as necessary to provide the Service and as permitted by law.
  • Non-discrimination. We will not discriminate against you for exercising any of your CCPA rights.

How to Submit a Request: You may submit a request by emailing privacy@peerakeet.com or by contacting us at the address in Section 13. We will verify your identity before processing your request and may request additional information to confirm that you are who you claim to be. An authorized agent may submit a request on your behalf with your written permission.

Response Timeline: We will acknowledge your request within 10 business days and provide a substantive response within 45 calendar days, which may be extended by an additional 45 days with notice.

Federally Regulated Information: To the extent personal information is protected health information governed by HIPAA, an education record governed by FERPA, or substance use disorder information protected by 42 CFR Part 2, those federal requirements and the responsible customer's instructions may affect how a request is handled.

10. Children's Privacy

This version of the Policy is intended for adults. If Peerakeet offers a separate minor experience, separate documents may apply.

We do not knowingly collect personal information from children in a manner inconsistent with applicable law. If you believe information has been collected improperly, contact us and we will review the issue.

11. International Data Transfers

The Service is operated from the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States, subject to applicable law. Customer-regulated data may be subject to additional data-residency commitments in the applicable customer agreement.

12. Changes To This Policy

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or operations. If we make material changes, we will provide notice through the Service, by email, or by other reasonable means. The updated version will be effective as of the stated effective date.

13. Contact Us

If you have questions, concerns, or requests about this Policy or Peerakeet's privacy practices, contact:

General Inquiries Email: support@peerakeet.com

Privacy Email: privacy@peerakeet.com

Security Concerns Email: security@peerakeet.com

Mail: Peerakeet, Inc. 1 Point Street, Apt 701 Providence, RI 02903

If your question concerns records held by a provider, organization, or customer using Peerakeet, we may direct you to that customer or coordinate with them as appropriate.

14. Acknowledgment

BY USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS PRIVACY POLICY AND UNDERSTAND THE PRACTICES DESCRIBED IN IT.