{P}eelOpsBETA

Privacy Policy

Effective: December 5, 2025 | Updated: December 5, 2025

1. Introduction

{P}eelOps ("we," "us," or "our") is a security operations platform that enables businesses to query and monitor their security and IT infrastructure from a unified interface. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

By using {P}eelOps, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (if provided)
  • Password (hashed and salted, never stored in plain text)
  • OAuth tokens when you sign in with Google or GitHub (we do not store your OAuth provider passwords)

2.2 Third-Party Integration Credentials

To connect to your security and IT platforms (such as AWS, CrowdStrike, Okta, Cloudflare), you provide API credentials. These credentials are:

  • Encrypted at rest using AES-256-GCM encryption
  • Used only to execute commands you request
  • Never shared with third parties
  • Deletable at any time through your account settings

2.3 Usage Data

We automatically collect certain information when you use our service:

  • Command execution history (commands run, parameters used, results)
  • Scheduled command (tracker) configurations
  • User preferences (theme, view settings)
  • Favorite commands

2.4 Session and Authentication Data

  • Session tokens and authentication state
  • Login timestamps and session duration
  • IP addresses (for security and rate limiting)

2.5 AI Feature Data

If you use our AI analysis features:

  • You provide your own OpenAI API key (stored encrypted)
  • Prompts and selected data are sent directly to OpenAI using your API key
  • We track AI message counts for usage limits but do not store the content of AI interactions

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our service
  • Execute commands against your connected platforms
  • Run scheduled commands and send notifications
  • Authenticate your identity and manage your account
  • Process your requests and respond to inquiries
  • Send transactional emails (verification, password reset, notifications)
  • Monitor and analyze usage patterns to improve our service
  • Detect, prevent, and address technical issues and security threats
  • Enforce our Terms of Service and comply with legal obligations

4. Data Retention

We retain your data for the following periods:

  • Command execution history: 7 to 90 days depending on your subscription tier
  • Account information: Until you delete your account
  • Integration credentials: Until you disconnect the integration or delete your account
  • Notifications: 30 days
  • Session data: Until session expires or you log out

You can request deletion of your account and associated data at any time by contacting us.

5. Third-Party Services

We use the following third-party services to operate our platform:

5.1 Infrastructure

  • Neon: PostgreSQL database hosting (data stored encrypted at rest)
  • Vercel: Application hosting and deployment

5.2 Communications

  • Resend: Transactional email delivery (verification, notifications, alerts)

5.3 Authentication Providers

  • Google: OAuth sign-in (if you choose to sign in with Google)
  • GitHub: OAuth sign-in (if you choose to sign in with GitHub)

5.4 AI Services

  • OpenAI: AI analysis features use OpenAI's API with your own API key

Each third-party service has its own privacy policy. We recommend reviewing their policies to understand how they handle your data.

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption at rest: All sensitive data including API credentials are encrypted using AES-256-GCM
  • Encryption in transit: All data transmitted over HTTPS/TLS
  • Password hashing: Passwords are hashed using secure algorithms (scrypt)
  • Session security: HTTP-only, secure cookies with CSRF protection
  • Rate limiting: Protection against brute force and abuse
  • Account lockout: Automatic lockout after failed login attempts

While we strive to use commercially acceptable means to protect your data, no method of transmission over the Internet or electronic storage is 100% secure.

7. Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate personal data
  • Deletion: Request deletion of your personal data and account
  • Export: Export your command execution history in various formats
  • Withdraw consent: Disconnect integrations and stop data collection at any time
  • Object: Object to processing of your personal data in certain circumstances

To exercise any of these rights, please contact us at privacy@peelops.com.

8. Cookies and Tracking

We use cookies solely for authentication and essential functionality:

  • Session cookies: Required for authentication and maintaining your login state
  • Preference cookies: Remember your theme and display preferences

We do not use third-party tracking cookies, advertising cookies, or analytics services that track you across websites.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. Our service providers (database, hosting, email) may process data in various locations. When we transfer data internationally, we ensure appropriate safeguards are in place in accordance with applicable data protection laws.

10. Children's Privacy

{P}eelOps is a business-to-business (B2B) service not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For significant changes, we may also send you an email notification.

Your continued use of our service after any changes indicates your acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions about this Privacy Policy, your personal data, or wish to exercise any of your rights, please contact us:

Email: privacy@peelops.com

Subject line: Privacy Inquiry

We will respond to your request within 30 days.

13. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of Israel, without regard to its conflict of law provisions.