Privacy Policy

Welcome to Peggy (“Peggy,” “we,” “us,” or “our”). Peggy is an AI-powered brand building chatbot platform designed to help users develop, refine, and execute brand strategies through conversational AI interactions.

This Privacy Policy describes how Peggy Inc. collects, uses, discloses, retains, and protects your personal information when you access or use our services, including our website, chatbot interface, and any related applications or tools (collectively, the “Services”). By using the Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

Important Note: This Privacy Policy should be read in conjunction with our Terms of Service. If there is any conflict between this Privacy Policy and the Terms of Service, this Privacy Policy shall govern with respect to privacy-related matters.

We collect information in several ways, depending on how you interact with our Services. As our platform evolves, the categories of data we collect may expand. We will update this Privacy Policy accordingly and notify you of any material changes.

We use the information we collect for the following purposes:

Peggy is powered by artificial intelligence. This section addresses how your data interacts with our AI systems specifically.

We do not sell your personal information. We may share your data in the following circumstances:

• Service Providers: We engage trusted third-party vendors who perform services on our behalf, including cloud hosting, analytics, payment processing, email delivery, and customer support. These providers are contractually bound to use your data only as directed by us.
• AI Sub-Processors: As described in Section 4.3, certain data may be shared with third-party AI providers under strict contractual limitations.
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of all or substantially all of our assets, your data may be transferred to the acquiring entity. We will notify you before your data becomes subject to a different privacy policy.
• Legal Obligations: We may disclose your data where required by law, regulation, legal process, or governmental request, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• With Your Consent: We may share your data with third parties when you have given us explicit consent to do so.

We retain your personal information for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specific retention periods are as follows:

Depending on your jurisdiction, you may have the following rights regarding your personal information:

To exercise any of these rights, please contact us at privacy@peggy.ai or use the controls available in your account settings. We will respond to verified requests within 30 days (or such shorter period as required by applicable law).

We use cookies and similar technologies (such as web beacons, pixel tags, and local storage) to: maintain your session and authentication state; remember your preferences; analyze usage patterns and improve our Services; and deliver and measure the effectiveness of marketing communications (with your consent).

You may manage your cookie preferences through your browser settings or through our cookie consent mechanism. Please note that disabling certain cookies may impair the functionality of the Services.

We implement commercially reasonable administrative, technical, and physical safeguards to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These measures include but are not limited to:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
• Role-based access controls with least-privilege principles.
• Regular vulnerability assessments and penetration testing.
• Employee security training and confidentiality obligations.
• Incident response plans with breach notification procedures.
• SOC 2 Type II compliance (or equivalent) for key infrastructure providers.

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

Peggy operates globally. Your data may be transferred to and processed in countries other than your country of residence, including the United States. Where such transfers occur, we rely on: Standard Contractual Clauses (SCCs) approved by the European Commission; adequacy decisions where applicable; your explicit consent where required; and other lawful transfer mechanisms under applicable data protection laws.

Peggy is not intended for use by individuals under the age of 16 (or the minimum age required by applicable law in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without appropriate parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with their data, please contact us at privacy@peggy.ai.

If you are a California resident, you are entitled to additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). Specifically, you have the right to: know the categories and specific pieces of personal information we have collected; know the categories of sources from which we collect personal information; know the business or commercial purpose for collecting personal information; know the categories of third parties with whom we share personal information; request deletion of your personal information; opt out of the sale or sharing of personal information (we do not sell your data); and limit the use of sensitive personal information.

To submit a CCPA request, please contact us at privacy@peggy.ai.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the following additional provisions apply. Our legal bases for processing your personal data include: performance of our contract with you (to provide the Services); your consent (for marketing communications and optional AI training use); our legitimate interests (for security, analytics, and service improvement, balanced against your rights); and compliance with legal obligations.

You have the right to lodge a complaint with your local supervisory authority if you believe our processing violates applicable data protection law.

Our Services may contain links to third-party websites, services, or integrations not operated by us. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party service you access through Peggy.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make material changes, we will:

• Post the updated policy on our website with a revised “Last Updated” date.
• Notify you via email or in-app notification at least 30 days before the changes take effect.
• Where required by law, obtain your consent before applying the updated policy to your data.

Your continued use of the Services after the effective date of any update constitutes your acceptance of the revised Privacy Policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: