Skip to main content

Privacy Policy

Privacy Policy — Peerakeet, Inc.

Version 2.1 Effective Date: April 5, 2026 Last Updated: April 5, 2026

This Privacy Policy (\"Policy\") describes how Peerakeet, Inc. (\"Peerakeet,\" \"we,\" \"us,\" or \"our\") collects, uses, discloses, and protects personal information when you use the adult version of the Peerakeet mobile application, web portal, website, and related platform services (collectively, the \"Service\").

This Policy applies to Peerakeet in its role as a technology platform and administrative service provider. It does not replace any Notice of Privacy Practices, 42 CFR Part 2 patient notice, telehealth informed consent, release of information, or other care-related authorization that may be provided to you by a healthcare provider, certified peer support specialist, treatment program, or organization using Peerakeet.

If you receive services through an organization, solo practice, certified peer support specialist, or other customer using Peerakeet, that customer may provide separate legal and privacy documents that govern the care relationship and any provider-specific uses or disclosures of your information. Those customer- or provider-issued documents may control over this Policy on care-relationship issues to the extent applicable.

By using the Service, you acknowledge this Policy. If you do not agree with this Policy, do not use the Service.

1. Peerakeet\'s Role

Peerakeet provides software, workflow, scheduling, messaging, documentation, reporting, and video-integration infrastructure for peer-support programs, solo peer practices, and other customers.

Peerakeet is not, by default, the treating provider, medical practice, or 42 CFR Part 2 program for customer-delivered services. When Peerakeet processes regulated information on behalf of a customer, Peerakeet may operate under contractual obligations such as a Business Associate Agreement (\"BAA\") under HIPAA and, where applicable, a Qualified Service Organization Agreement (\"QSOA\") under 42 CFR Part 2.

Peerakeet does not supervise, direct, or control the services delivered by any organization, provider, certified peer support specialist, or other user of the Service. Peerakeet does not evaluate the quality, appropriateness, or legality of services, interactions, or decisions made by users or customers and does not assume responsibility for the conduct of any individual or organization using the platform.

2. Information We Collect

We may collect the following categories of information.

2.1 Information You Provide

  • Account information: email address, password credentials, display name, date of birth, and account preferences.
  • Profile information: self-descriptions, life topics, interests, strengths, coping tools, boundaries, and other profile content you choose to add.
  • Health and wellness content: journal entries, check-ins, self-assessments, wellness-plan information, reflections, support preferences, and similar content you create in the Service.
  • Telehealth and scheduling information: booking details, availability, session preferences, and intake details such as legal name, phone number, mailing address, and state of residence if you use telehealth-related features.
  • Communications: messages, support requests, feedback, reports, and other communications sent through the Service.
  • Organization and enrollment information: information submitted when you join, are referred by, or are enrolled with an organization that uses Peerakeet.
  • Consent and acknowledgment records: timestamps and versions for platform documents and other acknowledgments collected through the Service.
  • Emergency contact information: names, phone numbers, and relationships for contacts you choose to provide.
  • Professional information: if you are a certified peer support specialist or staff user, information about credentials, qualifications, supervision, continuing education, and related records.
  • Billing information: subscription and billing identifiers from our payment processor. We do not store payment card numbers directly.

2.2 Information Collected Automatically

  • Usage data: features used, navigation activity, pages viewed, timestamps, and related product-interaction events.
  • Device information: device type, operating system, app version, device identifiers, push tokens, and settings.
  • Browser and device storage data: information stored locally through technologies such as local storage, session storage, and in-app storage to support sign-in state, preferences, onboarding drafts, invite flows, and similar platform functions.
  • Log data: IP address, access times, errors, diagnostics, and performance information.
  • Location information: general location derived from IP address and, if you use trip logging features, precise GPS data while trip logging is active.

2.3 Information From Third Parties

  • Authentication providers: basic profile information from services such as Google or Apple when you choose those sign-in methods.
  • Customers and care-delivery partners: information provided by organizations, certified peers, or telehealth vendors in connection with services facilitated through the Service.

3. How We Use Information

We use information for the following purposes:

  • To provide, operate, secure, and improve the Service.
  • To support scheduling, messaging, journaling, check-ins, reporting, and other platform functionality.
  • To personalize product experiences, including matching and recommendations where applicable.
  • To send service-related notifications, updates, security messages, and support communications.
  • To detect, prevent, and address safety issues, fraud, abuse, harmful content, and violations of our Terms or Community Guidelines.
  • To monitor performance, troubleshoot errors, conduct analytics, and improve the Service.
  • To maintain logs, audit trails, export functionality, deletion workflows, and compliance-related records.
  • To comply with law, enforce our agreements, respond to claims, and protect rights, property, safety, and security.
  • To support customer operations where Peerakeet is providing services on behalf of an organization, solo practice, or other customer.

Any matching, recommendation, or personalization features are designed to support user experience and are not intended to make or replace professional, clinical, or supervisory decisions. Organizations and users remain solely responsible for evaluating and determining appropriate relationships, services, and interactions.

Where Peerakeet processes regulated information on behalf of a customer, we apply role-based access controls, data-minimization practices, and contractual restrictions designed to limit access and use to authorized purposes.

4. How We Disclose Information

We do not sell personal information. We also do not allow third-party advertising networks to collect personal information through the Service for their own advertising purposes. We may disclose information in the following circumstances:

4.1 To Service Providers and Infrastructure Vendors

We may disclose information to vendors that provide services to Peerakeet, such as cloud hosting, authentication, storage, security, analytics, customer support, transactional email, video integration, and payment processing. These providers are contractually restricted to use information only to provide services to Peerakeet and not for their own independent purposes.

Examples may include:

  • Google Cloud Platform and Firebase for infrastructure and storage
  • Google Vertex AI for safety and moderation support
  • Zoom for video-session integration
  • Stripe for subscription and payment processing
  • Resend for transactional emails
  • Expo for push-notification delivery

Where required and applicable, Peerakeet enters into written data-protection terms, including BAAs for vendors handling protected health information.

4.2 To Customers and Authorized Workforce

If you use the Service through an organization, solo practice, certified peer support specialist, or other customer, Peerakeet may make your information available to that customer and its authorized workforce as needed to operate the services they deliver through the platform, subject to applicable law and contract.

For example, this may include:

  • enrollment status
  • scheduling information
  • session participation records
  • notes and assessments created within the customer\'s workflow
  • wellness-plan progress
  • risk flags or safety escalations

The customer or provider remains responsible for its own care-related notices, consents, authorizations, and legal disclosure obligations.

4.3 To Other Users at Your Direction

If you choose to message, match with, or otherwise interact with other users, information you share in those interactions may be visible to the people involved in that interaction, consistent with the Service\'s design and your actions.

4.4 For Safety, Legal, and Operational Reasons

We may disclose information:

  • to comply with law or legal process
  • to respond to emergencies or prevent imminent harm
  • to protect the rights, safety, security, or property of Peerakeet, our users, customers, or others
  • to investigate fraud, abuse, harassment, threats, or other misuse of the Service

If Peerakeet receives information that is subject to 42 CFR Part 2 on behalf of a customer, disclosures of that information are further limited by applicable law, contract, and the instructions of the customer or lawful holder.

When information subject to 42 CFR Part 2 is processed on behalf of a customer, Peerakeet relies on that customer or lawful holder to determine how such information is identified, segmented, and disclosed. Peerakeet does not independently verify that information has been properly classified or restricted under Part 2 and processes such data in accordance with contractual instructions and applicable law.

Any disclosure of Part 2 records made by Peerakeet on a customer's behalf will be accompanied by the redisclosure notice required by 42 CFR 2.32 where applicable and as directed by the customer.

4.5 To Professional Advisers, Auditors, and Insurers

We may disclose information to lawyers, accountants, auditors, insurers, financing sources, and similar professional advisers only where reasonably necessary for legal, compliance, audit, insurance, financing, or corporate-governance purposes, and subject to appropriate confidentiality obligations, role-based restrictions, and any additional legal or contractual limitations applicable to the information.

4.6 Business Transfers

If Peerakeet is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to applicable legal restrictions, confidentiality obligations, and any additional limits imposed by our role, customer contracts, HIPAA, 42 CFR Part 2, or other applicable law.

4.7 De-Identified and Aggregated Data

We may use and disclose aggregated, de-identified, or anonymized information that does not reasonably identify an individual for analytics, reporting, product improvement, security, research, or other lawful business purposes.

5. AI, Moderation, and Analytics

Peerakeet uses automated systems, including AI-supported tooling, for safety, moderation, onboarding assistance, content support, and related product operations.

These tools may be used to:

  • detect harmful or unsafe content
  • identify potential policy violations
  • support trust-and-safety review
  • improve platform quality and reliability

Some AI-supported safety, security, fraud-prevention, billing, and core operational processing is integral to the Service and may not be separately disabled. If the Service offers optional privacy settings for specific analytics or AI features, those settings will be described in-product and may depend on your account configuration, choices, and applicable law.

Peerakeet does not permit third-party AI vendors to use customer-regulated data or in-product user content submitted through the Service to train generally available models.

Where Peerakeet uses analytics, we design those analytics and reports to avoid unnecessary exposure of regulated information, including avoiding message bodies and unnecessary dynamic patient or client identifiers in analytics events. Peerakeet may continue to use strictly necessary internal identifiers and telemetry for service operations, security, billing, fraud prevention, and account integrity. When Peerakeet uses de-identified analytics, the data is intended to be stripped of direct identifiers and used in aggregate form.

Peerakeet does not monitor all activity, communications, or content within the Service and does not guarantee that harmful, unlawful, or non-compliant behavior will be detected or prevented. Any moderation, detection, flagging, or safety-related tooling is limited in scope, may not operate in real time, and may not identify all risks or issues. Responsibility for monitoring interactions, supervising users, and responding to safety or compliance concerns remains with the customer or organization providing services through the platform.

6. Customer-Delivered Services

If you receive services through a customer using Peerakeet, the following additional rules apply:

  • Your provider, program, organization, or solo practice may provide its own Notice of Privacy Practices, 42 CFR Part 2 patient notice, telehealth informed consent, release-of-information forms, or other legal documents.
  • Those customer- or provider-issued documents govern the care relationship and provider-specific uses and disclosures of your information.
  • Requests relating to provider-owned records, including certain HIPAA or 42 CFR Part 2 requests, should generally be directed to the customer or provider that delivered the service.
  • Peerakeet may assist that customer or provider in responding to such requests as required by contract or law.
  • Peerakeet acts as a technology platform supporting customer operations and does not create a provider-patient or peer-support relationship with users of the Service.

7. Security

Peerakeet uses administrative, technical, and physical safeguards designed to protect information from unauthorized access, use, disclosure, alteration, and destruction.

Examples include:

  • encryption in transit and at rest where appropriate
  • access controls and role-based permissions
  • logging and monitoring
  • segregation of operational records, security logs, and primary product data where appropriate
  • incident-response processes
  • workforce confidentiality obligations
  • vendor management and contractual controls
  • backup and recovery procedures

Peerakeet may make additional security information or audit materials available separately in appropriate circumstances. While we design our controls with recognized security principles in mind, no method of transmission or storage is completely secure.

If Peerakeet becomes aware of a security incident requiring notice, we will provide notice consistent with applicable law, contract, and our role in the underlying service.

Peerakeet is not an emergency service and does not provide crisis response, clinical intervention, or real-time safety monitoring. Users should contact appropriate emergency services or qualified professionals for urgent or crisis situations.

8. Data Retention

We retain information for as long as reasonably necessary to:

  • provide the Service
  • maintain account and platform operations
  • maintain audit trails, security records, and compliance documentation
  • comply with legal, regulatory, security, and contractual obligations
  • resolve disputes and enforce agreements
  • support legitimate safety and audit needs

When you delete your account or request deletion, we will delete, de-identify, or retain information according to the nature of the data, applicable law, customer instructions, and our contractual obligations. Some information may persist temporarily in backups or archives.

If records were created or maintained as part of services delivered by a customer or provider using Peerakeet, those records may also remain subject to the customer\'s retention obligations, legal duties, and instructions to Peerakeet.

9. Your Choices And Rights

9.1 Platform Requests

Depending on your relationship with Peerakeet, applicable law, and our role in the relevant data, you may request:

  • access to certain account information
  • correction of certain account or profile information
  • deletion of your platform account
  • a portable export of certain data
  • changes to notification or communications preferences
  • changes to analytics or AI-related in-app preferences where available
  • clarification about whether a request must be handled by Peerakeet or by a customer/provider

9.2 Customer or Provider Records

If you use Peerakeet through a customer or provider, requests about care-related records may need to be directed to that customer or provider, including requests concerning:

  • access to provider-owned records
  • amendments to provider-owned records
  • accounting of disclosures
  • restrictions on use or disclosure
  • complaints about provider privacy practices

Peerakeet may route or assist with those requests where appropriate, including as a technical facilitator for the customer or provider, but this Policy is not the customer\'s Notice of Privacy Practices and is not a 42 CFR Part 2 patient notice or consent form.

9.3 State Privacy Rights

Depending on where you live, you may have additional rights under state privacy laws. We may need to verify your identity and, where allowed by law, the authority of an authorized agent before processing certain requests.

9.4 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA"). To the extent that information we collect is subject to CCPA rather than preempted by HIPAA or other federal law, you may have the right to:

  • Know what personal information we collect, use, disclose, and sell or share, and the categories of sources and third parties involved.
  • Delete personal information we have collected from you, subject to certain exceptions.
  • Correct inaccurate personal information we maintain about you.
  • Opt out of the sale or sharing of personal information. Peerakeet does not sell your personal information and does not share personal information for cross-context behavioral advertising.
  • Limit use of sensitive personal information. We use sensitive personal information only as necessary to provide the Service and as permitted by law.
  • Non-discrimination. We will not discriminate against you for exercising any of your CCPA rights.

How to Submit a Request: You may submit a request by emailing privacy@peerakeet.com or by contacting us at the address in Section 13. We will verify your identity before processing your request and may request additional information to confirm that you are who you claim to be. An authorized agent may submit a request on your behalf with your written permission.

Response Timeline: We will acknowledge your request within 10 business days and provide a substantive response within 45 calendar days, which may be extended by an additional 45 days with notice.

HIPAA Preemption: To the extent personal information is protected health information governed by HIPAA, HIPAA requirements apply instead of CCPA. Similarly, information protected by 42 CFR Part 2 is subject to those federal regulations.

10. Children\'s Privacy

This version of the Policy is intended for adults. If Peerakeet offers a separate minor experience, separate documents may apply.

We do not knowingly collect personal information from children in a manner inconsistent with applicable law. If you believe information has been collected improperly, contact us and we will review the issue.

11. International Data Transfers

The Service is operated from the United States. If you access the Service from outside the United States, your information may be transferred to, stored in, and processed in the United States and other jurisdictions where our service providers operate, subject to applicable law.

12. Changes To This Policy

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or operations. If we make material changes, we will provide notice through the Service, by email, or by other reasonable means. The updated version will be effective as of the stated effective date.

13. Contact Us

If you have questions, concerns, or requests about this Policy or Peerakeet\'s privacy practices, contact:

General Inquiries Email: support@peerakeet.com

Privacy Email: privacy@peerakeet.com

Security Concerns Email: security@peerakeet.com

Mail: Peerakeet, Inc. 1 Point Street, Apt 701 Providence, RI 02903

If your question concerns records held by a provider, organization, or customer using Peerakeet, we may direct you to that customer or coordinate with them as appropriate.

14. Acknowledgment

BY USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS PRIVACY POLICY AND UNDERSTAND THE PRACTICES DESCRIBED IN IT.